PSRule.Rules.AzureDevOps

0.3.0

PSRule rules module for Azure DevOps project configuration best practices. This module helps to audit an Azure DevOps project for secure and best practice configuration. The module requires PSRule to be installed.

Minimum PowerShell version

5.1

There is a newer prerelease version of this module available.
See the version list below for details.

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name PSRule.Rules.AzureDevOps -RequiredVersion 0.3.0

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name PSRule.Rules.AzureDevOps -Version 0.3.0

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

(c) Roderick Bant. All rights reserved.

Package Details

Author(s)

  • Roderick Bant

Tags

PSRule-rules PSRule AzureDevOps Security

Functions

Export-AzDevOpsRuleData Export-AzDevOpsOrganizationRuleData Connect-AzDevOps Disconnect-AzDevOps

PSEditions

Core Desktop

Dependencies

Release Notes

## What's new

- Connect-AzDevOps Cmdlet to connect to Azure DevOps
- New name convention for exported resources: {DevOps Organization}.{Project}.{resource}. The new name convention allows for better use of the module at scale. E.g. when collecting data for all projects in an organization.
- Rule Severity levels reviewed and improved. See the table below for improvements.

|Rule|Previous Severity|New Severity|
|---|---|---|
|Azure.DevOps.Pipelines.PipelineYaml.AgentPoolVersionNotLatest|Informational|Important|
|Azure.DevOps.Pipelines.Settings.RequireCommentForPullRequestFromFork|Severe|Important|
|Azure.DevOps.Pipelines.Settings.RestrictSecretsForPullRequestFromFork|Severe|Critical|
|Azure.DevOps.Repos.BranchPolicyCommentResolution|Informational|Important|
|Azure.DevOps.Repos.BranchPolicyMergeStrategy|Informational|Important|
|Azure.DevOps.Repos.License|Important|Informational|
|Azure.DevOps.Repos.Readme|Important|Informational|
|Azure.DevOps.ServiceConnections.ClassicAzure|Severe|Critical|
|Azure.DevOps.ServiceConnections.Description|Severe|Informational|
|Azure.DevOps.ServiceConnections.WorkloadIdentityFederation|Severe|Important|
|Azure.DevOps.Tasks.VariableGroup.Description|Severe|Informational|
|Azure.DevOps.Tasks.VariableGroup.NoKeyVaultNoSecrets|Severe|Critical|

FileList

  • PSRule.Rules.AzureDevOps.nuspec
  • PSRule.Rules.AzureDevOps.psm1
  • en\Azure.DevOps.Pipelines.PipelineYaml.AgentPoolVersionNotLatest.md
  • rules\AzureDevOps.Repos.Rule.ps1
  • nl\Azure.DevOps.ServiceConnections.ProductionCheckProtection.md
  • en\Azure.DevOps.Repos.License.md
  • rules\AzureDevOps.Pipelines.PipelineYaml.Rule.ps1
  • nl\Azure.DevOps.Tasks.VariableGroup.NoKeyVaultNoSecrets.md
  • PSRule.Rules.AzureDevOps.psd1
  • en\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForYamlPipelines.md
  • rules\AzureDevOps.ServiceConnection.Rule.ps1
  • nl\Azure.DevOps.Repos.BranchPolicyEnforceLinkedWorkItems.md
  • en\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForReleasePipelines.md
  • en\Azure.DevOps.Pipelines.Environments.ProductionBranchLimit.md
  • rules\AzureDevOps.Pipelines.Releases.Rule.ps1
  • nl\Azure.DevOps.Repos.InheritedPermissions.md
  • en\Azure.DevOps.Repos.HasBranchPolicy.md
  • en\Azure.DevOps.Repos.BranchPolicyCommentResolution.md
  • rules\Baseline.Default.Rule.yaml
  • nl\Azure.DevOps.Repos.BranchPolicyMinimumReviewers.md
  • en\Azure.DevOps.Pipelines.Settings.LimitSetVariablesAtQueueTime.md
  • en\Azure.DevOps.Pipelines.Environments.Description.md
  • rules\AzureDevOps.Pipelines.Environments.Rule.ps1
  • nl\Azure.DevOps.ServiceConnections.WorkloadIdentityFederation.md
  • en\Azure.DevOps.Pipelines.Releases.Definition.NoPlainTextSecrets.md
  • en\Azure.DevOps.Repos.Readme.md
  • rules\Config.Rule.yaml
  • nl\Azure.DevOps.Pipelines.Releases.Definition.ProductionApproval.md
  • en\Azure.DevOps.Pipelines.Settings.SanitizeShellTaskArguments.md
  • en\Azure.DevOps.Pipelines.PipelineYaml.StepDisplayName.md
  • rules\Baseline.NoExtraLicense.Rule.yaml
  • nl\Azure.DevOps.Pipelines.Settings.RestrictSecretsForPullRequestFromFork.md
  • en\Azure.DevOps.ServiceConnections.ClassicAzure.md
  • en\Azure.DevOps.ServiceConnections.ProductionHumanApproval.md
  • rules\AzureDevOps.Pipelines.Core.Rule.ps1
  • nl\Azure.DevOps.Repos.BranchPolicyMergeStrategy.md
  • en\Azure.DevOps.ServiceConnections.Scope.md
  • en\Azure.DevOps.ServiceConnections.GitHubPAT.md
  • rules\Standards.Rule.ps1
  • nl\Azure.DevOps.Pipelines.PipelineYaml.AgentPoolVersionNotLatest.md
  • en\Azure.DevOps.Pipelines.Environments.ProductionHumanApproval.md
  • en\Azure.DevOps.Tasks.VariableGroup.NoPlainTextSecrets.md
  • rules\AzureDevOps.Pipelines.Settings.Rule.ps1
  • nl\Azure.DevOps.Repos.License.md
  • en\Azure.DevOps.Pipelines.Core.NoPlainTextSecrets.md
  • en\Azure.DevOps.Tasks.VariableGroup.Description.md
  • Classes\AzureDevOpsConnection.ps1
  • nl\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForYamlPipelines.md
  • en\Azure.DevOps.Pipelines.Environments.ProductionCheckProtection.md
  • en\Azure.DevOps.Pipelines.Settings.RequireCommentForPullRequestFromFork.md
  • nl\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForReleasePipelines.md
  • nl\Azure.DevOps.Pipelines.Environments.ProductionBranchLimit.md
  • en\Azure.DevOps.Pipelines.Releases.Definition.InheritedPermissions.md
  • en\Azure.DevOps.Pipelines.Core.UseYamlDefinition.md
  • nl\Azure.DevOps.Repos.HasBranchPolicy.md
  • nl\Azure.DevOps.Repos.BranchPolicyCommentResolution.md
  • en\Azure.DevOps.ServiceConnections.ProductionBranchLimit.md
  • en\Azure.DevOps.Repos.BranchPolicyResetVotes.md
  • nl\Azure.DevOps.Pipelines.Settings.LimitSetVariablesAtQueueTime.md
  • nl\Azure.DevOps.Pipelines.Environments.Description.md
  • en\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScope.md
  • en\Azure.DevOps.ServiceConnections.Description.md
  • nl\Azure.DevOps.Pipelines.Releases.Definition.NoPlainTextSecrets.md
  • nl\Azure.DevOps.Repos.Readme.md
  • en\Azure.DevOps.Repos.GitHubAdvancedSecurityEnabled.md
  • en\Azure.DevOps.Repos.GitHubAdvancedSecurityBlockPushes.md
  • nl\Azure.DevOps.Pipelines.Settings.SanitizeShellTaskArguments.md
  • nl\Azure.DevOps.Pipelines.PipelineYaml.StepDisplayName.md
  • en\Azure.DevOps.Repos.BranchPolicyIsEnabled.md
  • en\Azure.DevOps.Repos.BranchPolicyAllowSelfApproval.md
  • nl\Azure.DevOps.ServiceConnections.ClassicAzure.md
  • nl\Azure.DevOps.ServiceConnections.ProductionHumanApproval.md
  • en\Azure.DevOps.Pipelines.Releases.Definition.SelfApproval.md
  • en\Azure.DevOps.Repos.BranchPolicyRequireBuild.md
  • nl\Azure.DevOps.ServiceConnections.Scope.md
  • nl\Azure.DevOps.ServiceConnections.GitHubPAT.md
  • en\Azure.DevOps.Pipelines.Core.InheritedPermissions.md
  • Functions\DevOps.Pipelines.Settings.ps1
  • nl\Azure.DevOps.Pipelines.Environments.ProductionHumanApproval.md
  • nl\Azure.DevOps.Tasks.VariableGroup.NoPlainTextSecrets.md
  • en\Azure.DevOps.ServiceConnections.ProductionCheckProtection.md
  • Functions\Common.ps1
  • nl\Azure.DevOps.Pipelines.Core.NoPlainTextSecrets.md
  • nl\Azure.DevOps.Tasks.VariableGroup.Description.md
  • en\Azure.DevOps.Tasks.VariableGroup.NoKeyVaultNoSecrets.md
  • Functions\DevOps.Pipelines.Releases.ps1
  • nl\Azure.DevOps.Pipelines.Environments.ProductionCheckProtection.md
  • nl\Azure.DevOps.Pipelines.Settings.RequireCommentForPullRequestFromFork.md
  • en\Azure.DevOps.Repos.BranchPolicyEnforceLinkedWorkItems.md
  • Functions\DevOps.ServiceConnections.ps1
  • nl\Azure.DevOps.Pipelines.Releases.Definition.InheritedPermissions.md
  • nl\Azure.DevOps.Pipelines.Core.UseYamlDefinition.md
  • en\Azure.DevOps.Repos.InheritedPermissions.md
  • Functions\DevOps.Tasks.VariableGroups.ps1
  • nl\Azure.DevOps.ServiceConnections.ProductionBranchLimit.md
  • nl\Azure.DevOps.Repos.BranchPolicyResetVotes.md
  • en\Azure.DevOps.Repos.BranchPolicyMinimumReviewers.md
  • Functions\DevOps.Repos.ps1
  • nl\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScope.md
  • nl\Azure.DevOps.ServiceConnections.Description.md
  • en\Azure.DevOps.ServiceConnections.WorkloadIdentityFederation.md
  • Functions\DevOps.Pipelines.Core.ps1
  • nl\Azure.DevOps.Repos.GitHubAdvancedSecurityEnabled.md
  • nl\Azure.DevOps.Repos.GitHubAdvancedSecurityBlockPushes.md
  • en\Azure.DevOps.Pipelines.Releases.Definition.ProductionApproval.md
  • Functions\DevOps.Pipelines.Environments.ps1
  • nl\Azure.DevOps.Repos.BranchPolicyIsEnabled.md
  • nl\Azure.DevOps.Repos.BranchPolicyAllowSelfApproval.md
  • en\Azure.DevOps.Pipelines.Settings.RestrictSecretsForPullRequestFromFork.md
  • rules\Selectors.Rule.yaml
  • nl\Azure.DevOps.Pipelines.Releases.Definition.SelfApproval.md
  • nl\Azure.DevOps.Repos.BranchPolicyRequireBuild.md
  • en\Azure.DevOps.Repos.BranchPolicyMergeStrategy.md
  • rules\AzureDevOps.Tasks.VariableGroups.Rule.ps1
  • nl\Azure.DevOps.Pipelines.Core.InheritedPermissions.md

Version History

Version Downloads Last updated
0.5.1 5,084 4/1/2024
0.5.0 307 1/20/2024
0.4.4 17 1/16/2024
0.4.3 44 1/11/2024
0.4.2 31 1/7/2024
0.4.1 28 1/4/2024
0.4.0 25 1/4/2024
0.4.0-preview1 6 12/29/2023
0.3.0 (current version) 76 12/17/2023
0.3.0-preview4 6 12/10/2023
0.3.0-preview1 6 12/10/2023
0.2.1 76 11/25/2023
0.2.0 41 10/21/2023
0.1.1 26 10/8/2023
0.1.0 8 10/6/2023
0.0.13 16 9/30/2023
0.0.12 9 9/26/2023
0.0.11 17 9/24/2023
0.0.10 6 9/23/2023
0.0.9 6 9/22/2023
0.0.8 8 9/21/2023
0.0.7 8 9/20/2023
0.0.6 6 9/18/2023
0.0.5 7 9/17/2023
0.0.4 6 9/17/2023
0.0.3 7 9/17/2023
0.0.2 7 9/16/2023
0.0.1 6 9/16/2023
Show less