Share via

Microsoft Defender DevOps

JoelP 386 Reputation points
2023-07-13T08:48:34.32+00:00

Hi,

We just enabled the preview for Defender for Cloud for DevOps. It's weird as it is giving us some errors on Microsoft dlls. Any idea how to fix this issue or ignore?

Tool: BinSkim: Rule: BA2004 (EnableSecureSourceCodeHashing). https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2004EnableSecureSourceCodeHashing
      'Microsoft.Azure.WebJobs.Host.Storage.dll' is a managed binary compiled with an insecure (SHA-1) source code hashing algorithm. SHA-1 is subject to collision attacks and its use can compromise supply chain integrity. Pass '-checksumalgorithm:SHA256' on the csc.exe command-line or populate the project <ChecksumAlgorithm> property with 'SHA256' to enable secure source code hashing.
     

      Tool: BinSkim: Rule: BA2004 (EnableSecureSourceCodeHashing). 
      'Microsoft.Azure.WebJobs.Extensions.Http.dll' is a managed binary compiled with an insecure (SHA-1) source code hashing algorithm. SHA-1 is subject to collision attacks and its use can compromise supply chain integrity. Pass '-checksumalgorithm:SHA256' on the csc.exe command-line or populate the project <ChecksumAlgorithm> property with 'SHA256' to enable secure source code hashing.
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pramita Dhakal 20 Reputation points
    2025-02-25T19:35:21.3966667+00:00

    I am getting same error as above. what I am supposed to do?

    'Microsoft.Azure.WebJobs.Host.Storage.dll' is a managed binary compiled with an insecure (Sha1) source code hashing algorithm. Sha1 is subject to collision attacks and its use can compromise supply chain integrity. Pass '-checksumalgorithm:SHA256' on the csc.exe command-line or populate the project <ChecksumAlgorithm> property with 'SHA256' to enable secure source code hashing.

    ##[error]132. BinSkim Error BA2008 - File: drop/target/distrib/Release/x64/AzureAppInsightsNet8/net8.0/Monitoring/Agent/Extensions/AMACoreAgent/grpc_csharp_ext.x64.dll.

    Signature: 224300abbcf9ebf0b28a10e8c63f8a68d35f626cfc4275f891ddf2aefcb2fb99

    Tool: BinSkim: Rule: BA2008 (EnableControlFlowGuard). https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2008EnableControlFlowGuard

    'grpc_csharp_ext.x64.dll' does not enable the control flow guard (CFG) mitigation.

    To resolve this issue, pass /guard:cf on both the compiler and linker command lines. Binaries also require the /DYNAMICBASE linker option in order to enable CFG.

    For VC projects use ItemDefinitionGroup - ClCompile - ControlFlowGuard property with 'Guard' value, link CFG property will be set automatically.

    0 comments
  2. Andrew Blumhardt 10,071 Reputation points Microsoft Employee
    2023-07-13T13:52:05.4533333+00:00

    I recommend opening a support case/bug report within the portal.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.