Microsoft security DevOps task is breaking when we use 3rd party modules/private repositories.

[VenkateshJayachandra]

Configured microsoft security DevOps task but it is breaking when we use 3rd party modules/private repositories.

Below is the Yaml i was using.

          - task: MicrosoftSecurityDevOps@1
            displayName: 'Microsoft Security DevOps'
            inputs:
              categories: 'IaC'
              publish: true
              artifactName: CodeAnalysisLogs

Tried with a private repository and it is breaking with the below error. Is there a way to skip for 3rd party modules?

module "lz_vending" {
  source  = "Azure/lz-vending/azurerm"
  version = "3.1.0"
}

Error

Error running terrascan job: 1 of 1Microsoft Security DevOps |   |  
-- | -- | --
  | GuardianErrorExitCodeException: terrascan completed with an Error exit code: 2. Unexpected exit code. Please check https://docs.accurics.com/projects/accurics-terrascan/en/latest/ for more information.Microsoft Security DevOps |   |  
  | Error running tool 1 of 2: terrascanMicrosoft Security DevOps |   |  
  | Error running terrascan job: 1 of 1Microsoft Security DevOps |   |  
  | GuardianErrorExitCodeException: terrascan completed with an Error exit code: 2. Unexpected exit code. Please check https://docs.accurics.com/projects/accurics-terrascan/en/latest/ for more information.Microsoft Security DevOps |   |  
  | BreakException: Guardian detected one or more breaking results.

Is there a way to fix or skip this?

Any help is appreciated.

[will477]

We had not anticipated containers (Docker files) being scanned, but the exit code 2 seems to indicate that it is happening. I have created a bug to fix this issue and accept exit code 2 without throwing an exception. This should resolve the issue. The terrascan findings will then be reported.