Microsoft Defender DevOps

JoelP 346 Reputation points
2023-07-13T08:48:34.32+00:00

Hi,

We just enabled the preview for Defender for Cloud for DevOps. It's weird as it is giving us some errors on Microsoft dlls. Any idea how to fix this issue or ignore?

Tool: BinSkim: Rule: BA2004 (EnableSecureSourceCodeHashing). https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2004EnableSecureSourceCodeHashing
      'Microsoft.Azure.WebJobs.Host.Storage.dll' is a managed binary compiled with an insecure (SHA-1) source code hashing algorithm. SHA-1 is subject to collision attacks and its use can compromise supply chain integrity. Pass '-checksumalgorithm:SHA256' on the csc.exe command-line or populate the project <ChecksumAlgorithm> property with 'SHA256' to enable secure source code hashing.
     

      Tool: BinSkim: Rule: BA2004 (EnableSecureSourceCodeHashing). 
      'Microsoft.Azure.WebJobs.Extensions.Http.dll' is a managed binary compiled with an insecure (SHA-1) source code hashing algorithm. SHA-1 is subject to collision attacks and its use can compromise supply chain integrity. Pass '-checksumalgorithm:SHA256' on the csc.exe command-line or populate the project <ChecksumAlgorithm> property with 'SHA256' to enable secure source code hashing.
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,468 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Andrew Blumhardt 9,866 Reputation points Microsoft Employee
    2023-07-13T13:52:05.4533333+00:00

    I recommend opening a support case/bug report within the portal.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.