cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Defender for Cloud DevOps, Currently in Preview, Appears to be Broken Again

tomdbarker
Copper Contributor

‎Nov 25 2022 04:37 AM - edited ‎Nov 25 2022 07:16 AM

‎Nov 25 2022 04:37 AM - edited ‎Nov 25 2022 07:16 AM

Defender for Cloud DevOps, Currently in Preview, Appears to be Broken Again

Adding the Task in our CI pipelines (previously working on default settings), now results in various errors, starting with Binskim fails (see below):

 

BinSkim completed with exit code 1
##[error]Error running binskim job: 1 of 1
##[error]GuardianErrorExitCodeException: binskim completed with an Error exit code: 1. BinSkim failed. Verify the target(s) to be scanned. BinSkim targets must be a specific filename, or a pattern with a wildcard like *.dll, dir\*.dll, or dir\*
 
To be clear: we haven't changed anything, and this is NOT a failure due to some issue with the code being scanned. This appears to have been introduced by whatever changes have been made to the underlying Nuget package by Microsoft dev team, since it was working a week ago.
 
We're trying to use this in a non-production environment to find out if its a suitable product to use as our primary SAST/DAST tool. Atm we can't do anything with it.
 
Please advise. Thanks.
2,571 Views
0 Likes
6 Replies
Reply
6 Replies
tomdbarker

‎Dec 01 2022 03:40 AM

‎Dec 01 2022 03:40 AM

Re: Defender for Cloud DevOps, Currently in Preview, Appears to be Broken Again

Does anyone at least know where the relevant product preview feedback team can be found??
0 Likes
Reply
Safeena Begum Lepakshi

‎Dec 02 2022 06:53 AM - edited ‎Dec 02 2022 06:54 AM

‎Dec 02 2022 06:53 AM - edited ‎Dec 02 2022 06:54 AM

Re: Defender for Cloud DevOps, Currently in Preview, Appears to be Broken Again

@tombarker Is the BinSkim error failing the entire task? FYI., We're releasing an update soon that would prevent one tool failing from failing the entire task.

 

It's Odd that it was working and now not working without any changes on your side. I know the Guardian team is rolling out some updates this week so hopefully that didn't break anything.


If you're still experiencing this issue, I'd recommend create a support ticket to log this behavior. I also want to highlight, this is not related to Defender for DevOps client/ADO extension, so with the help of the support ticket you'd create, we can reroute it appropriately to the Guardian team to look into.

0 Likes
Reply
tomdbarker

‎Dec 02 2022 10:17 AM

‎Dec 02 2022 10:17 AM

Re: Defender for Cloud DevOps, Currently in Preview, Appears to be Broken Again

Hi Safeena, thanks for replying.

Yes the entire Task fails as a result of the Binskim failure.

Which product do I raise the support ticket against pls?

The way that the DevOps Task works involves almost no configuration on our part at the moment. The Task is added to the build pipeline, and it runs the various default scans. It was working, then it wasn't. The default Task downloads the Nuget package which extracts all the tools and runs them with a pre-configured set of options that are presumably just built into the Task itself. Either way, it's broken.

It would be much more helpful is there was a living doc somewhere that the Preview dev team kept updated so that we could keep track of things, and potentially even add our own configuration(s); if and when that becomes possible.
0 Likes
Reply
tomdbarker

‎Jan 23 2023 05:45 AM

‎Jan 23 2023 05:45 AM

Re: Defender for Cloud DevOps, Currently in Preview, Appears to be Broken Again

so..... it's 7 weeks down the line and nothing has changed pffffff
0 Likes
Reply
tomdbarker

‎Mar 01 2023 02:47 AM

‎Mar 01 2023 02:47 AM

Re: Defender for Cloud DevOps, Currently in Preview, Appears to be Broken Again

No change our side. The problem still exists and I've heard nothing on here obv.

We've actually switched to SonarQube because of the lack of response from MS.
0 Likes
Reply