Unknown header detected while attempting to read CredScan Tsv output

JoostVoskuil commented 1 year ago

We receive an error when the Sarif report is being build in the pipeline task.

` Detected 1 issue(s) in C:\a\10\s\src\Func.Importer\settings.json NumberOfAsset : 14 NumberOfAssetScanned : 10 NumberOfAssetBytes : 12,939 NumberOfAssetBytesScanned : 4,670 NumberOfScanResult: 1 NumberOfRankedResult : 1 NumberOfCredentialRecord: 1 NumberOfSuppressedRecord: 0 NumberOfScanError: 0

Scan completed in 6.67 seconds
Tool run time: 6.7779605 seconds
------------------------------------------------------------------------------
Credential Scanner completed with exit code 4
------------------------------------------------------------------------------

Process: Convert: Converting any raw tool logs to Sarif format ... Found 1 logs for tool credscan.

[error]CredScanTsvUnknownHeaderException: Unknown header detected while attempting to read CredScan Tsv output.

[error]Actual Header: TimeofDiscovery Source Searcher Description Line IsSuppressed HashKey SuppressJustification MatchingScore Severity

[error]File Path: C:\a\10\s.gdn.r\credscan\001\credscan-matches.tsv

[error]MSDO CLI exited with an error exit code: 1

`

JiandongJiang commented 1 year ago

This is a bug in MSDO. We have created a tracking item for fixing it. Thanks for reporting.

JoostVoskuil commented 1 year ago

Hi, any news on this @JiandongJiang ?

JiandongJiang commented 1 year ago

This should have been fixed in Microsoft.Security.DevOps.Cli v0.171.1 NuGet package. You can try a rerun which is supposed to get that version automatically, and then let us know how it goes. Thanks.

JoostVoskuil commented 1 year ago

Great! Can confirm this is solved. Thank you

JoostVoskuil commented 1 year ago

This issue seems to be back in version v0.174.2, can somebody confirm?

microsoft / security-devops-azdevops