Hi,
We just enabled the preview for Defender for Cloud for DevOps. It's weird as it is giving us some errors on Microsoft dlls. Any idea how to fix this issue or ignore?
Tool: BinSkim: Rule: BA2004 (EnableSecureSourceCodeHashing). https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2004EnableSecureSourceCodeHashing
'Microsoft.Azure.WebJobs.Host.Storage.dll' is a managed binary compiled with an insecure (SHA-1) source code hashing algorithm. SHA-1 is subject to collision attacks and its use can compromise supply chain integrity. Pass '-checksumalgorithm:SHA256' on the csc.exe command-line or populate the project <ChecksumAlgorithm> property with 'SHA256' to enable secure source code hashing.
Tool: BinSkim: Rule: BA2004 (EnableSecureSourceCodeHashing).
'Microsoft.Azure.WebJobs.Extensions.Http.dll' is a managed binary compiled with an insecure (SHA-1) source code hashing algorithm. SHA-1 is subject to collision attacks and its use can compromise supply chain integrity. Pass '-checksumalgorithm:SHA256' on the csc.exe command-line or populate the project <ChecksumAlgorithm> property with 'SHA256' to enable secure source code hashing.