azure-devopsazure-pipelinesazure-pipelines-yamlazure-pipelines-tasksgithub-advanced-security

Azure DevOps Task: AdvancedSecurity-Dependency-Scanning@1 throws System.InvalidOperationException


Azure devops pipeline task: AdvancedSecurity-Dependency-Scanning@1 ran fine yesterday, but not today.

throws error:

System.InvalidOperationException: Sequence contains no matching element
   at System.Linq.ThrowHelper.ThrowNoMatchException()
   at System.Linq.Enumerable.Single[TSource](IEnumerable`1 source, Func`2 predicate)
   at Microsoft.AdvSec.Detection.Services.VulnerabilityOutputService.GetComponentDetailsForDisplay(Alert alert) in D:\a\1\s\tasks\dependency-scanning\detection\src\Microsoft.AdvSec.Detection\Services\VulnerabilityOutputService.cs:line 96
   at Microsoft.AdvSec.Detection.Services.VulnerabilityOutputService.LogAdvSecComponentAlert(Uri baseAlertsUri, Int32 index, Alert alert, List`1 locations, String branch) in D:\a\1\s\tasks\dependency-scanning\detection\src\Microsoft.AdvSec.Detection\Services\VulnerabilityOutputService.cs:line 47
   at Microsoft.AdvSec.Detection.Services.VulnerabilityOutputService.LogAdvSecVulnerabilitiesAsync(IEnumerable`1 alerts, String branch, GovernanceJobStatus processingJobStatus) in D:\a\1\s\tasks\dependency-scanning\detection\src\Microsoft.AdvSec.Detection\Services\VulnerabilityOutputService.cs:line 34
   at Microsoft.AdvSec.Detection.AdvSecOrchestrator.GetAndLogAlertsFromAdvSec(ScanResult scanResult, String projectId, AdvSecSubmissionArguments parsedArgs, String authToken, String repositoryId, String branchMoniker, Int64 sarifId, GovernanceJobStatus jobStatus) in D:\a\1\s\tasks\dependency-scanning\detection\src\Microsoft.AdvSec.Detection\AdvSecOrchestrator.cs:line 220
   at Microsoft.AdvSec.Detection.AdvSecOrchestrator.ExecuteDependencyScanningAsync(String[] args) in D:\a\1\s\tasks\dependency-scanning\detection\src\Microsoft.AdvSec.Detection\AdvSecOrchestrator.cs:line 148
Execution finished, status: -1.
Process terminating.

Solution

  • Thanks for reporting this! I'm a PM from the Advanced Security team on Azure DevOps - we've pushed a fix and the dependency scanning task should be working as expected previously.