BinSkim is a Portable Executable (PE) light-weight scanner that validates compiler/linker settings and other security-relevant binary characteristics. BinSkim is an open source tool. (GitHub)
The BinSkim build task provides a command line wrapper around the BinSkim.exe application. This page has the steps needed to configure & run the build task as part of your build definition.
|1.||You are using the Azure DevOps Build system.|
|2.||The Microsoft Security Code Analysis Extension installed in your account.|
|3.||Your build produces binary artifacts from managed code or you have binary artifacts committed you would like to analyze with BinSkim.|
|1.||Open your team project from your Azure DevOps Account.|
|2.||Navigate to the Build tab under Build and Release|
|3.||Select the Build Definition into which you wish to add the BinSkim build task.
|4.||Click + to navigate to the Add Tasks pane.|
|5.||Find the BinSkim build task either from the list or using the search box and then click
BinSkim build task should now be a part of the Build Definition. Add it after the publishing steps for
your build artifacts.
BinSkim task to see the different options available within.
|2.||Set the build configuration to Debug to produce
*.pdb debug files. They are used by
BinSkim to map issues found in the output binary back to source code.
|3.||Choose Type =
Basic & Function =
Analyze to avoid researching and creating your own commandline.
Target - One or more specifiers to a file, directory, or filter pattern that resolves to one or
more binaries to analyze.
|5.||If you select Type =
The Private Preview for this extension is now closed. Please visit the Microsoft Security Code Analysis Home Page for information about the public MSCA extension and how to get it. You can also contact us via email at Microsoft Security Code Analysis