.NET Core 6 projects not able to run with SAST

Summary

When a customer with a .NET core 6 project runs a SAST scan with security-code-scan, it reports an unknown assembly in the output.

Steps to reproduce

Solution file details:

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 16
VisualStudioVersion = 16.0.30114.105
MinimumVisualStudioVersion = 10.0.40219.1

CSProj FIle

<PropertyGroup>
    <TargetFramework>net6.0</TargetFramework>
  </PropertyGroup>

Example Project

On customer project

What is the current bug behavior?

[INFO] [security-code-scan] [2022-04-20T16:43:27Z] ▶ Detecting project
[INFO] [security-code-scan] [2022-04-20T16:43:27Z] ▶ Found relevant files in project, analyzing entire repository
[INFO] [security-code-scan] [2022-04-20T16:43:27Z] ▶ Running analyzer
[INFO] [security-code-scan] [2022-04-20T16:43:27Z] ▶ Found solution /builds/**/**.CICD.sln
[WARN] [security-code-scan] [2022-04-20T16:43:30Z] ▶ Unable to build project using `dotnet`, attempting to build using `nuget` and `msbuild`
[FATA] [security-code-scan] [2022-04-20T16:43:34Z] ▶ Unable to build project from solution file using `nuget and `msbuild`.
output: Microsoft (R) Build Engine version 16.9.0 for Mono
Copyright (C) Microsoft Corporation. All rights reserved.
/builds/***/ApiDemo/ApiDemo.csproj : warning MSB4242: The SDK resolver "Microsoft.DotNet.MSBuildSdkResolver" failed to run. hostfxr assembly:<unknown assembly> type:<unknown type> member:(null)
/root/.dotnet/msbuild/Sdks/Microsoft.NET.Sdk.Web/Sdk/Sdk.props(26,3): warning MSB4242: The SDK resolver "Microsoft.DotNet.MSBuildSdkResolver" failed to run. hostfxr assembly:<unknown assembly> type:<unknown type> member:(null)
/root/.dotnet/msbuild/Sdks/Microsoft.NET.Sdk/Sdk/Sdk.props(40,3): error MSB4019: The imported project "/usr/lib/mono/xbuild/Current/Microsoft.Common.props" was not found. Confirm that the expression in the Import declaration "/usr/lib/mono/xbuild/Current/Microsoft.Common.props" is correct, and that the file exists on disk. [/builds/***/ApiDemo/ApiDemo.csproj]
error: exit status 1

What is the expected correct behavior?

Run successfully on .NET Core 6 Projects

Workaround

A work around includes installing dotnet core 6 in the before script as such

security-code-scan-sast:
  before_script:
    - wget https://dot.net/v1/dotnet-install.sh
    - bash ./dotnet-install.sh -c 6.0
    - dotnet new xunit
  - ``

Additional Information

  • Sort of puzzling to why this is occurring when .net6 is installed on the security-code-scan analyzer.