security-devops-action icon indicating copy to clipboard operation
security-devops-action copied to clipboard

Published 20 hours ago verified publisher icon microsoft

BinSkim failed. Verify the target(s) to be scanned.

Open mhborg-timextender opened this issue 1 year ago • 2 comments

We have a project that I recently tried adding the following YAML to the build pipeline:

  - task: UseDotNet@2
    displayName: 'Use dotnet'
    condition: eq(variables['Build.SourceBranchName'], '18321-add-vulnerability-scan')
    inputs:
      version: 3.1.x
  - task: UseDotNet@2
    displayName: 'Use dotnet'
    condition: eq(variables['Build.SourceBranchName'], '18321-add-vulnerability-scan')
    inputs:
      version: 6.0.x
  - task: MicrosoftSecurityDevOps@1
    displayName: 'Microsoft Security DevOps'
    condition: eq(variables['Build.SourceBranchName'], '18321-add-vulnerability-scan')
    inputs:
      tools: 'BinSkim,CredScan,ESlint'

But BinSkim fails with the following:

    D:\a\_msdo\packages\nuget\Microsoft.CodeAnalysis.BinSkim.1.9.5\tools\netcoreapp3.1\win-x64\BinSkim.exe analyze --config default --hashes --statistics --sarif-output-version OneZeroZero --output D:\a\1\s\.gdn\.r\binskim\001\binskim.sarif @D:\a\1\s\.gdn\.r\binskim\001\.gdntoolinput
    Analyzing...
    D:\a\1\s\UserPortalAPI\bin\Release\netcoreapp3.1\runtimes\win-arm64\native\sni.dll : error ERR997.ExceptionLoadingPdb : 'sni.dll' was not evaluated because its PDB could not be loaded (E_PDB_NOT_FOUND).
    D:\a\1\s\UserPortalAPI\bin\Release\netcoreapp3.1\runtimes\win-x64\native\sni.dll : error ERR997.ExceptionLoadingPdb : 'sni.dll' was not evaluated because its PDB could not be loaded (E_PDB_NOT_FOUND).
    D:\a\1\s\UserPortalAPI\bin\Release\netcoreapp3.1\runtimes\win-x86\native\sni.dll : error ERR997.ExceptionLoadingPdb : 'sni.dll' was not evaluated because its PDB could not be loaded (E_PDB_NOT_FOUND).
    
    Done. 125 files scanned.
    
    One or more rules was disabled for an analysis target, as it was determined not to be applicable to it (this is a common condition). Pass --verbose on the command-line for more information.
    
    Analysis did not complete due to one or more unrecoverable execution conditions.
    Unexpected fatal runtime condition(s) observed: ExceptionLoadingPdb
    
    Tool run time: 3.1682485 seconds
    ------------------------------------------------------------------------------
    BinSkim completed with exit code 1
##[error]Error running binskim job: 1 of 1
##[error]GuardianErrorExitCodeException: binskim completed with an Error exit code: 1. BinSkim failed. Verify the target(s) to be scanned. BinSkim targets must be a specific filename, or a pattern with a wildcard like *.dll, dir\*.dll, or dir\*
    ------------------------------------------------------------------------------

Although it doesn't fail the entire build pipeline, I am still curious why it fails.

mhborg-timextender avatar Feb 27 '23 10:02 mhborg-timextender

Where you able to get an answer of this error? I am having the same problem, but don't find anything in the docs.

jmarti326 avatar Aug 09 '23 20:08 jmarti326

Where you able to get an answer of this error? I am having the same problem, but don't find anything in the docs.

No, currently have binskim disabled in our pipelines.

mhborg-timextender avatar Aug 14 '23 06:08 mhborg-timextender