Build not failing even if there are some bugs detected

microsoft / security-devops-azdevops

Microsoft Security DevOps extension for Azure DevOps.

MIT License

60 stars 16 forks source link

Build not failing even if there are some bugs detected #58

Closed raswinraaj closed 11 months ago

raswinraaj commented 1 year ago

I have the task setup for credscan, the tool has detected that there is a High Severity bug and the Scans tab shows it as bugs. However it is not failing the build. Is there anything that I have to add to make the build fail ?

- task: MicrosoftSecurityDevOps@1
  displayName: 'Scan for Secrets in the repo'
  inputs:
    categories: 'secrets'

Similar case for terrascan as well

- task: MicrosoftSecurityDevOps@1
  displayName: 'Microsoft Security DevOps scan'
  inputs:
    categories: 'Iac'

raswinraaj commented 1 year ago

@JiandongJiang Any update on this will be helpful

JiandongJiang commented 1 year ago

@raswinraaj , FYI, @chrisnielsen-MS in our team is looking at this one.

JiandongJiang commented 1 year ago

@raswinraaj , by default, MicrosoftSecurityDevOps@1 will not break your build. If you want the detections to break your build, you will need to add "break: true" as an input to the task.

chrisnielsen-MS commented 1 year ago

@raswinraaj have you had a chance to try the break:true input @JiandongJiang suggested? That is the correct usage for making this task fail the build when it detects issues.

chrisnielsen-MS commented 11 months ago

I am going to close this issue as we have had no response for a few weeks. If this is still an issue, feel free to re-open or create a new issue, thanks!