I am using Snyk Security Scan Task in Azure DevOps Pipeline for .Net 8 Project but I am getting the following error:
Starting: SnykSecurityScan ============================================================================== Task : Snyk Security Scan Description : Azure Pipelines Task for Snyk Version : 1.7.1 Author : Snyk Help : ============================================================================== Getting Snyk download info for platform: 0 version: stable Downloading executable to: C:\agent\_work\_temp\snyk-win.exe Downloading: snyk-win.exe from: https://downloads.snyk.io/cli/stable/snyk-win.exe?utm_source=AZURE_PIPELINES Download connection closed for https://downloads.snyk.io/cli/stable/snyk-win.exe?utm_source=AZURE_PIPELINES File.close snyk-win.exe saved to C:\agent\_work\_temp\snyk-win.exe Download successful for snyk-win.exe Downloading executable to: C:\agent\_work\_temp\snyk-to-html-win.exe Downloading: snyk-to-html-win.exe from: https://downloads.snyk.io/snyk-to-html/latest/snyk-to-html-win.exe?utm_source=AZURE_PIPELINES Download connection closed for https://downloads.snyk.io/snyk-to-html/latest/snyk-to-html-win.exe?utm_source=AZURE_PIPELINES File.close snyk-to-html-win.exe saved to C:\agent\_work\_temp\snyk-to-html-win.exe Download successful for snyk-to-html-win.exe project name contains space C:\agent\_work\_temp\snyk-win.exe test --severity-threshold=low --org=myOrg "--project-name=\"Project Name\"" --json-file-output=C:\agent\_work\_temp\report-2024-11-20T15-06-37.json Testing C:\agent\_work\8\s... Could not detect supported target files in C:\agent\_work\8\s. Please see our documentation for supported languages and target files: https://snyk.co/udVgQ and make sure you are in the right directory. ********************************** ** Snyk task will fail pipeline ** ************************************** failing task because `snyk` was improperly used or had other errors C:\agent\_work\_temp\report-2024-11-20T15-06-37.json does not exist... cannot attach C:\agent\_work\_temp\report-2024-11-20T15-06-37.html exists... attaching file ##[error]failing task because `snyk` was improperly used or had other errors Finishing: SnykSecurityScan
We are using a self hosted build agent
Does Snyk not support .Net 8 or is there something else I'm missing? I am using the Free version of Snyk
Here is the yaml in my pipeline
- task: SnykSecurityScan@1
inputs:
serviceConnectionEndpoint: 'Snyk Connection'
testType: 'app'
monitorWhen: 'always'
failOnIssues: true
projectName: 'Project Name'
organization: 'myOrg'
I'm expecting the security report to get generated based on my .Net web api solution
Does Snyk not support .Net 8 or is there something else I'm missing?
Yes. Snyk supports scanning .net8 project. Refer to this doc: guidance-for-snyk-for-.net
Snyk will scan based on project.assets.json file or packages.config file -> Package folder.
In this case, before you running the Snyk Security Scan task, you need to run dotnet restore /nuget restore to generate the required file(project.assets.json) or package folder.
I can reproduce the same issue when using the same task definition.
To solve this issue, you can refer to the following Pipeline sample:
steps:
- task: DotNetCoreCLI@2
inputs:
command: 'build'
projects: '**/*.csproj'
- task: SnykSecurityScan@1
inputs:
serviceConnectionEndpoint: 'xxx'
testType: 'app'
monitorWhen: 'always'
organization: 'myOrg'
failOnIssues: true
additionalArguments: '--all-projects'
You can set the --all-projects
argument and Remove the projectName field in the task. In this case, it will scan all package managers, and .sln files.
Or you can define the targetFile field in the task to define the single scan file.
For example:
steps:
- task: DotNetCoreCLI@2
inputs:
command: 'build'
projects: '**/*.csproj'
- task: SnykSecurityScan@1
inputs:
serviceConnectionEndpoint: 'xx'
testType: 'app'
targetFile: '$(build.sourcesdirectory)/.../yourpath/project.assets.json'
monitorWhen: 'always'
failOnIssues: true
projectName: 'ProjectName'
organization: 'Myorg'
Result: