SAST for .NET installs SecurityCodeScan 2.8.0, which is not compatible with Unix
See release message:
Bad news: this release will no longer run on Unix machines.
Good news: for Continuous Integration builds on Unix use https://www.nuget.org/packages/SecurityCodeScan.VS2017 nuget package.
Thank you @Pavardenis for reporting this!
I'm still investigating on this seen I've not been enable to reproduce the issue.
Steps to reproduce
It should fail when running the integration tests of security-code-scan analyzer and find no vulnerability at all. As a consequence, the CI pipeline should also fail.
So far I have not been able to reproduce the issue. I'm still able to run the integration tests and get the expected results even though it install SecurityCodeScan 2.8.0 as shown in
app.csproj after running the scan:
<Project Sdk="Microsoft.NET.Sdk"> <PropertyGroup> <TargetFramework>netcoreapp2.0</TargetFramework> </PropertyGroup> <ItemGroup> <PackageReference Include="SecurityCodeScan" Version="188.8.131.52" /> </ItemGroup> </Project>
Any .NET project where SAST is enabled.
What is the current bug behavior?
What is the expected correct behavior?
SecurityCodeScan scans the .NET source code and find vulnerabilities.