Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community

Defender for Cloud DevOps, Currently in Preview, Appears to be Broken Again

Copper Contributor

Adding the Task in our CI pipelines (previously working on default settings), now results in various errors, starting with Binskim fails (see below):


BinSkim completed with exit code 1
##[error]Error running binskim job: 1 of 1
##[error]GuardianErrorExitCodeException: binskim completed with an Error exit code: 1. BinSkim failed. Verify the target(s) to be scanned. BinSkim targets must be a specific filename, or a pattern with a wildcard like *.dll, dir\*.dll, or dir\*
To be clear: we haven't changed anything, and this is NOT a failure due to some issue with the code being scanned. This appears to have been introduced by whatever changes have been made to the underlying Nuget package by Microsoft dev team, since it was working a week ago.
We're trying to use this in a non-production environment to find out if its a suitable product to use as our primary SAST/DAST tool. Atm we can't do anything with it.
Please advise. Thanks.
6 Replies
Does anyone at least know where the relevant product preview feedback team can be found??

@tombarker Is the BinSkim error failing the entire task? FYI., We're releasing an update soon that would prevent one tool failing from failing the entire task.


It's Odd that it was working and now not working without any changes on your side. I know the Guardian team is rolling out some updates this week so hopefully that didn't break anything.

If you're still experiencing this issue, I'd recommend create a support ticket to log this behavior. I also want to highlight, this is not related to Defender for DevOps client/ADO extension, so with the help of the support ticket you'd create, we can reroute it appropriately to the Guardian team to look into.

Hi Safeena, thanks for replying.

Yes the entire Task fails as a result of the Binskim failure.

Which product do I raise the support ticket against pls?

The way that the DevOps Task works involves almost no configuration on our part at the moment. The Task is added to the build pipeline, and it runs the various default scans. It was working, then it wasn't. The default Task downloads the Nuget package which extracts all the tools and runs them with a pre-configured set of options that are presumably just built into the Task itself. Either way, it's broken.

It would be much more helpful is there was a living doc somewhere that the Preview dev team kept updated so that we could keep track of things, and potentially even add our own configuration(s); if and when that becomes possible.
so..... it's 7 weeks down the line and nothing has changed pffffff
No change our side. The problem still exists and I've heard nothing on here obv.

We've actually switched to SonarQube because of the lack of response from MS.