Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

{ADO} Pin version 2.1.17 for cred scan #21230

Merged
merged 1 commit into from
Feb 9, 2022
Merged

{ADO} Pin version 2.1.17 for cred scan #21230

merged 1 commit into from
Feb 9, 2022

Conversation

zhoxing-ms
Copy link
Contributor

@zhoxing-ms zhoxing-ms commented Feb 9, 2022
edited
Loading

Because package Microsoft.Security.CredScan in task Run Credential Scanner was upgraded from version 2.1.17 to the new version 2.2.7.8, a large number of issues were scanned, resulting in CI blocking pipeline link

Therefore, pin the version of Microsoft.Security.CredScan to the last successfully version 2.1.17 to avoid blocking CI

@zhoxing-ms zhoxing-ms changed the title Update azure-pipelines.yml for Azure Pipelines {ADO} Pin version 2.1.17 for cred scan Feb 9, 2022
@zhoxing-ms
Copy link
Contributor Author

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 2 pipeline(s).

@yonzhan
Copy link
Collaborator

yonzhan commented Feb 9, 2022

ADO

@yonzhan yonzhan added this to the Feb 2022 (2022-03-01) milestone Feb 9, 2022
jiasli
jiasli reviewed Feb 9, 2022
View reviewed changes
azure-pipelines.yml
@@ -53,6 +53,7 @@ jobs:
inputs:
toolMajorVersion: V2
suppressionsFile: './scripts/ci/credscan/CredScanSuppressions.json'
toolVersionV2: '2.1.17'
Copy link
Member

@jiasli jiasli Feb 9, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

toolVersionV2 doc: https://www.1eswiki.com/wiki/CredScan_Azure_DevOps_Build_Task

CredScan doc: https://aka.ms/CredScan (https://strikecommunity.azurewebsites.net/articles/4114/credential-scanner-overview.html)

@zhoxing-ms zhoxing-ms mentioned this pull request Feb 9, 2022
Merged
3 tasks
@jiasli
Copy link
Member

jiasli commented Feb 9, 2022

Also, as an FYI:

https://docs.microsoft.com/en-us/azure/security/develop/security-code-analysis-overview

Effective July 1, 2022, the Microsoft Security Code Analysis (MSCA) extension will be retired. Existing MSCA customers will retain their access to MSCA through July 1, 2022. Please refer to the OWASP Source Code Analysis Tools for alternative options in Azure DevOps. For customers planning to migrate to GitHub, you can check out GitHub Advanced Security.

Not sure what will be the replacement of CredScan.

@zhoxing-ms zhoxing-ms merged commit 0faa0ea into dev Feb 9, 2022
@jiasli jiasli mentioned this pull request Feb 9, 2022
Merged
@zhoxing-ms zhoxing-ms mentioned this pull request Feb 9, 2022
Merged
3 tasks
@jiasli jiasli deleted the pin_version_for_credscan branch February 10, 2022 06:43
zhoxing-ms added a commit to zhoxing-ms/azure-cli that referenced this pull request Feb 14, 2022
@zhoxing-ms
Update azure-pipelines.yml for Azure Pipelines (Azure#21230)
7c142b7 
Pin version for cred scan
@zhoxing-ms zhoxing-ms mentioned this pull request Feb 14, 2022
Merged
3 tasks
zhoxing-ms added a commit that referenced this pull request Feb 14, 2022
@zhoxing-ms @jiasli
{Release} Fix CI issue for release branch (#21277)
e861f13 
* [Packaging] BREAKING CHANGE: Drop `jmespath-terminal` from docker image (#21206)

* {Packaging} Fix CI job "Test Yum Package" by using `centos7` (#21207)

* Update azure-pipelines.yml for Azure Pipelines (#21230)

Pin version for cred scan

Co-authored-by: Jiashuo Li <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wangzelin007 wangzelin007 wangzelin007 approved these changes

@evelyn-ys evelyn-ys evelyn-ys approved these changes

@jiasli jiasli jiasli approved these changes

Assignees

@zhoxing-ms zhoxing-ms

Labels
None yet
Projects
None yet
Milestone
Feb 2022 (2022-03-01)
Development

Successfully merging this pull request may close these issues.
5 participants
@zhoxing-ms @yonzhan @jiasli @evelyn-ys @wangzelin007