BinSkim is a Portable Executable (PE) light-weight scanner that validates compiler/linker settings and other security-relevant binary characteristics. BinSkim is an open source tool. (GitHub)
The BinSkim build task provides a command line wrapper around the BinSkim.exe application. This page has the steps needed to configure & run the build task as part of your build definition.
1. | You are using the Azure DevOps Build system. |
---|---|
2. | The Microsoft Security Code Analysis Extension installed in your account. |
3. | Your build produces binary artifacts from managed code or you have binary artifacts committed you would like to analyze with BinSkim. |
1. | Open your team project from your Azure DevOps Account. |
---|---|
2. | Navigate to the Build tab under Build and Release |
3. | Select the Build Definition into which you wish to add the BinSkim build task.
|
4. | Click + to navigate to the Add Tasks pane. |
5. | Find the BinSkim build task either from the list or using the search box and then click
Add.
|
6. | The
BinSkim build task should now be a part of the Build Definition. Add it after the publishing steps for
your build artifacts.
![]() |
1. | Click the
BinSkim task to see the different options available within.
![]() |
---|---|
2. | Set the build configuration to Debug to produce
*.pdb debug files. They are used by
BinSkim to map issues found in the output binary back to source code.
|
3. | Choose Type =
Basic & Function =
Analyze to avoid researching and creating your own commandline.
|
4. |
Target - One or more specifiers to a file, directory, or filter pattern that resolves to one or
more binaries to analyze.
|
5. | If you select Type =
Command Line,
|
Microsoft Security Code Analysis Support is available Monday through Friday from 9:00 am-5:00pm Pacific Time
Onboarding | Email our team at Microsoft Security Code Analysis Onboarding |
---|---|
Support | Email our team at Microsoft Security Code Analysis Support |
For more details on BinSkim whether command line arguments or rules by ID or exit codes, visit the BinSkim User Guide