BinSkim is a Portable Executable (PE) light-weight scanner that validates compiler/linker settings and other security-relevant binary characteristics. BinSkim is an open source tool. (GitHub)
The BinSkim build task provides a command line wrapper around the BinSkim.exe application. This page has the steps needed to configure & run the build task as part of your build definition.
|1.||You are using the Azure DevOps Build system.|
|2.||The Microsoft Security Code Analysis Extension installed in your account.|
|3.||Your build produces binary artifacts from managed code or you have binary artifacts committed you would like to analyze with BinSkim.|
|1.||Open your team project from your Azure DevOps Account.|
|2.||Navigate to the Build tab under Build and Release|
|3.||Select the Build Definition into which you wish to add the BinSkim build task.
|4.||Click + to navigate to the Add Tasks pane.|
|5.||Find the BinSkim build task either from the list or using the search box and then click
BinSkim build task should now be a part of the Build Definition. Add it after the publishing steps for
your build artifacts.
BinSkim task to see the different options available within.
|2.||Set the build configuration to Debug to produce
*.pdb debug files. They are used by
BinSkim to map issues found in the output binary back to source code.
|3.||Choose Type =
Basic & Function =
Analyze to avoid researching and creating your own commandline.
Target - One or more specifiers to a file, directory, or filter pattern that resolves to one or
more binaries to analyze.
|5.||If you select Type =
Microsoft Security Code Analysis Support is available Monday through Friday from 9:00 am-5:00pm Pacific Time