My team in Azure Storage is hitting a BinSkim violation for our C++/CLI binaries. The problematic module is the native/managed CRT (msvcmrt.lib). Is there a version of this library that we can link against to comply with Azure security policy?
BA2004: EnableSecureSourceCodeHashing
'myCppCliProject.dll' is a native binary that links one or more static libraries that include
object files which were hashed using an insecure checksum algorithm (MD5). MD5 is subject
to collision attacks and its use can compromise supply chain integrity. Pass '/ZH:SHA_256'
on the cl.exe command-line to enable secure source code hashing. The following modules
are out of policy:
Microsoft (R) Optimizing Compiler : cxx : 19.44.35207.1 : msvcmrt.lib (mehvecctr.obj)
My team in Azure Storage is hitting a BinSkim violation for our C++/CLI binaries. The problematic module is the native/managed CRT (msvcmrt.lib). Is there a version of this library that we can link against to comply with Azure security policy?