search

microsoft / security-devops-azdevops

Microsoft Security DevOps extension for Azure DevOps.
MIT License
68 stars 19 forks source link

trivy output does not match trivy@1 - Azure DevOps Pipeline #99

Open MilesCameron-DMs opened 8 months ago

MilesCameron-DMs commented 8 months ago

Agent: Ubuntu latest, using Azure DevOps pipelines.

I have been running trivy side by side and found the results in MicrosoftSecurityDevOps@1 to be less than the output results running in trivy@1

The lack of working examples for MicrosoftSecurityDevOps@1 probably doesn't help - it takes me some time to figure out how to use the task and i cant get gdnconfig files to work.

I originally started with this config:

- job: microsoft_security_devops
        continueOnError: false
        steps:
        - task: MicrosoftSecurityDevOps@1
          displayName: 'Microsoft Security DevOps'
          inputs:
            command: 'run' 
            tools: terrascan, trivy

I then created a gdnconfig file and tried to use the

config: '$(System.DefaultWorkingDirectory)/workflows/templates/*.gdnconfig'

I tried loads of variances of the path but every single time it adds a postfix '-linux' to the file name. So the path would turn into:

config: '$(System.DefaultWorkingDirectory)/workflows/templates/*-linux.gdnconfig'

Anyway, the output for the results showed 0 for the MicrosoftSecurityDevOps@1 task and 5 (2 critical, 1 high, and 2 medium) using the trivy@1 task.

I have no confidence in what it showing me and the lack of decent examples and clear documentation is compounding the issue.

Any help appreciated - especially if anyone has got a working example of using trivy, with a gdnconfig file on a Linux agent. 😄

Isaacwade commented 5 months ago

Facing this same issue as well. The *.gdnconfig file is not found and it adds the -linux to it. I get this error:

##[error]ConfigurationPathNotFoundException: A configuration file could not be found for: **/*-linux.gdnconfig. This is often due to attempting to use a tool on a platform where it is not yet supported.
##[error]MSDO CLI exited with an error exit code: 1

I have also tried adding the -linux to the file name, but get another error

Saulopv commented 3 months ago

Yeah the lack of documentation and examples are mind-boggling.. I get the same issue.

HEG2RNG commented 1 week ago

Any updates? I get the same error trying to use a .gdnconfig file for Checkov