-
Notifications
You must be signed in to change notification settings - Fork 47
Debug Drops
A Debug Drop is a collection of logs and metadata about the environment MSDO (Microsoft Security DevOps) Action is running in. It helps support engineers efficiently debug problems that may occur in your workflows.
All task logs, MSDO config files in your repository (*.gdnconfig, tsaoptions.json, *.gdnbaselines, *.gdnsuppress), raw tool results (directly from the tool), processed tool results (converted into Guardian's results format), environment variables (filtering out values for anything MSDO does not use directly), and host machine metadata (operating system, disk space usage, and memory usage) will be included.
When you are creating an issue to get help from a support engineer, the engineer assigned to help you may not have access to your pipeline and will need you to provide logs and data in order to investigate. In these scenarios, the simplest way to collect all the data that may be required is to generate a Debug Drop and share it.
Add an environment variable GDN_DEBUG_DROP with the value 'true' and add an upload-artifact task to your yml, like this:
env:
GDN_DEBUG_DROP: 'true'
jobs:
sample:
name: Microsoft Security DevOps
steps:
- name: Run Microsoft Security DevOps Analysis
uses: microsoft/security-devops-action@v1
id: msdo
- name: Upload debugDrop file as a workflow artifact
uses: actions/upload-artifact@v3
with:
name: debugDrop
path: ${{ steps.msdo.outputs.debugDrop }} # Note the 'msdo' here must match the id of the security-devops-action above