PSRule.Rules.AzureDevOps

0.5.0

PSRule rules module for Azure DevOps project configuration best practices. This module helps to audit an Azure DevOps project for secure and best practice configuration. The module requires PSRule to be installed.

Minimum PowerShell version

5.1

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name PSRule.Rules.AzureDevOps

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name PSRule.Rules.AzureDevOps

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Author(s)

Roderick Bant

Copyright

(c) Roderick Bant. All rights reserved.

Package Details

Owners

Tags

PSRule-rules PSRule AzureDevOps Security

Functions

Export-AzDevOpsRuleData Export-AzDevOpsOrganizationRuleData Connect-AzDevOps Disconnect-AzDevOps

PSEditions

Core Desktop

Dependencies

Release Notes

## Whats new:

This release brings new internal export functionality to the module and expands the capabilities in exporting Access Control Lists (ACL). These capabilities enable 15 new rules for validating best-practices in setting permission inheritance and misconfigurations of the Project Valid Users group in Azure DevOps.

### Module Internal Functions

- Get-AzDevOpsProjectAcls
- Get-AzDevOpsEnvironmentAcls
- Get-AzDevOpsServiceConnectionAcls
- Get-AzDevOpsVariableGroupAcls

### Rules

- Azure.DevOps.Pipelines.Core.ProjectValidUsers
- Azure.DevOps.Pipelines.Environments.InheritedPermissions
- Azure.DevOps.Pipelines.Environments.ProjectValidUsers
- Azure.DevOps.Pipelines.Releases.ProjectValidUsers
- Azure.DevOps.Project.MainEnvironmentAcl.ProjectValidUsers
- Azure.DevOps.Project.MainPipelineAcl.ProjectValidUsers
- Azure.DevOps.Project.MainReleaseDefinitionAcl.ProjectValidUsers
- Azure.DevOps.Project.MainRepositoryAcl.ProjectValidUsers
- Azure.DevOps.Project.MainServiceConnectionAcl.ProjectValidUsers
- Azure.DevOps.Project.MainVariableGroupAcl.ProjectValidUsers
- Azure.DevOps.Repos.ProjectValidUsers
- Azure.DevOps.ServiceConnections.InheritedPermissions
- Azure.DevOps.ServiceConnections.ProjectValidUsers
- Azure.DevOps.Tasks.VariableGroup.InheritedPermissions
- Azure.DevOps.Tasks.VariableGroup.ProjectValidUsers

### Bug fixes

- Undocumented bug where no ACL was returned when Release or Build Definition is in a folder

FileList

  • PSRule.Rules.AzureDevOps.nuspec
  • PSRule.Rules.AzureDevOps.psm1
  • en\Azure.DevOps.Repos.Branch.BranchPolicyMergeStrategy.md
  • en\Azure.DevOps.Repos.HasDefaultBranchPolicy.md
  • nl\Azure.DevOps.Pipelines.Environments.ProductionHumanApproval.md
  • en\Azure.DevOps.Repos.DefaultBranchPolicyMinimumReviewers.md
  • en\Azure.DevOps.Pipelines.Releases.Definition.ProjectValidUsers.md
  • nl\Azure.DevOps.Pipelines.Core.NoPlainTextSecrets.md
  • PSRule.Rules.AzureDevOps.psd1
  • en\Azure.DevOps.Repos.ProjectValidUsers.md
  • Functions\DevOps.Pipelines.Settings.ps1
  • nl\Azure.DevOps.Pipelines.Environments.ProductionCheckProtection.md
  • en\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForReleasePipelines.md
  • en\Azure.DevOps.ServiceConnections.WorkloadIdentityFederation.md
  • Functions\DevOps.Groups.ps1
  • nl\Azure.DevOps.Pipelines.Releases.Definition.InheritedPermissions.md
  • en\Azure.DevOps.Pipelines.Settings.LimitSetVariablesAtQueueTime.md
  • en\Azure.DevOps.Pipelines.Environments.InheritedPermissions.md
  • Functions\Common.ps1
  • nl\Azure.DevOps.ServiceConnections.ProductionBranchLimit.md
  • en\Azure.DevOps.Pipelines.Releases.Definition.NoPlainTextSecrets.md
  • en\Azure.DevOps.Project.MainEnvironmentAcl.ProjectValidUsers.md
  • Functions\DevOps.RetentionSettings.ps1
  • nl\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScope.md
  • en\Azure.DevOps.Pipelines.Settings.SanitizeShellTaskArguments.md
  • en\Azure.DevOps.Pipelines.Releases.Definition.ProductionApproval.md
  • Functions\DevOps.Pipelines.Releases.ps1
  • nl\Azure.DevOps.Repos.GitHubAdvancedSecurityEnabled.md
  • en\Azure.DevOps.Tasks.VariableGroup.ProjectValidUsers.md
  • en\Azure.DevOps.RetentionSettings.ArtifactMinimumRetentionDays.md
  • Functions\DevOps.ServiceConnections.ps1
  • nl\Azure.DevOps.Repos.BranchPolicyIsEnabled.md
  • en\Azure.DevOps.ServiceConnections.ClassicAzure.md
  • en\Azure.DevOps.Repos.Branch.BranchPolicyAllowSelfApproval.md
  • Functions\DevOps.Tasks.VariableGroups.ps1
  • nl\Azure.DevOps.Pipelines.Releases.Definition.SelfApproval.md
  • en\Azure.DevOps.Repos.DefaultBranchPolicyMergeStrategy.md
  • en\Azure.DevOps.Tasks.VariableGroup.InheritedPermissions.md
  • Functions\DevOps.Repos.ps1
  • nl\Azure.DevOps.Pipelines.Core.InheritedPermissions.md
  • en\Azure.DevOps.ServiceConnections.Scope.md
  • en\Azure.DevOps.Pipelines.Settings.RestrictSecretsForPullRequestFromFork.md
  • Functions\DevOps.Pipelines.Core.ps1
  • nl\Azure.DevOps.ServiceConnections.ProductionCheckProtection.md
  • en\Azure.DevOps.Pipelines.Core.ProjectValidUsers.md
  • en\Azure.DevOps.Pipelines.PipelineYaml.AgentPoolVersionNotLatest.md
  • Functions\DevOps.Pipelines.Environments.ps1
  • nl\Azure.DevOps.Tasks.VariableGroup.NoKeyVaultNoSecrets.md
  • en\Azure.DevOps.Pipelines.Environments.ProductionHumanApproval.md
  • en\Azure.DevOps.Repos.License.md
  • rules\AzureDevOps.Groups.Rule.ps1
  • nl\Azure.DevOps.Repos.BranchPolicyEnforceLinkedWorkItems.md
  • en\Azure.DevOps.Repos.Branch.BranchPolicyResetVotes.md
  • en\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForYamlPipelines.md
  • rules\Selectors.Rule.yaml
  • nl\Azure.DevOps.Repos.InheritedPermissions.md
  • en\Azure.DevOps.Pipelines.Core.NoPlainTextSecrets.md
  • en\Azure.DevOps.Pipelines.Environments.ProductionBranchLimit.md
  • rules\Baseline.PublicProject.Rule.yaml
  • nl\Azure.DevOps.Repos.BranchPolicyMinimumReviewers.md
  • en\Azure.DevOps.Pipelines.Environments.ProductionCheckProtection.md
  • en\Azure.DevOps.Pipelines.Environments.Description.md
  • rules\AzureDevOps.Projects.Rule.ps1
  • nl\Azure.DevOps.ServiceConnections.WorkloadIdentityFederation.md
  • en\Azure.DevOps.Repos.DefaultBranchPolicyResetVotes.md
  • en\Azure.DevOps.Repos.Readme.md
  • rules\AzureDevOps.Tasks.VariableGroups.Rule.ps1
  • nl\Azure.DevOps.Pipelines.Releases.Definition.ProductionApproval.md
  • en\Azure.DevOps.Pipelines.Releases.Definition.InheritedPermissions.md
  • en\Azure.DevOps.Pipelines.PipelineYaml.StepDisplayName.md
  • rules\AzureDevOps.RetentionSettings.Rule.ps1
  • nl\Azure.DevOps.Pipelines.Settings.RestrictSecretsForPullRequestFromFork.md
  • en\Azure.DevOps.ServiceConnections.ProjectValidUsers.md
  • en\Azure.DevOps.ServiceConnections.ProductionHumanApproval.md
  • rules\AzureDevOps.Repos.Rule.ps1
  • nl\Azure.DevOps.Repos.BranchPolicyMergeStrategy.md
  • en\Azure.DevOps.Repos.DefaultBranchPolicyCommentResolution.md
  • en\Azure.DevOps.RetentionSettings.PullRequestRunsMinimumRetentionDays.md
  • rules\AzureDevOps.Pipelines.PipelineYaml.Rule.ps1
  • nl\Azure.DevOps.Pipelines.PipelineYaml.AgentPoolVersionNotLatest.md
  • en\Azure.DevOps.Repos.DefaultBranchPolicyIsEnabled.md
  • en\Azure.DevOps.Project.Visibility.md
  • rules\AzureDevOps.ServiceConnection.Rule.ps1
  • nl\Azure.DevOps.Repos.License.md
  • en\Azure.DevOps.Repos.DefaultBranchPolicyEnforceLinkedWorkItems.md
  • en\Azure.DevOps.Groups.ProjectValidUsers.DoNotAssignMemberOfOtherGroups.md
  • rules\AzureDevOps.Pipelines.Releases.Rule.ps1
  • nl\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForYamlPipelines.md
  • en\Azure.DevOps.ServiceConnections.ProductionBranchLimit.md
  • en\Azure.DevOps.ServiceConnections.GitHubPAT.md
  • rules\Baseline.Default.Rule.yaml
  • nl\Azure.DevOps.Pipelines.Environments.ProductionBranchLimit.md
  • en\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScope.md
  • en\Azure.DevOps.Repos.DefaultBranchPolicyRequireBuild.md
  • rules\AzureDevOps.Pipelines.Environments.Rule.ps1
  • nl\Azure.DevOps.Repos.BranchPolicyCommentResolution.md
  • en\Azure.DevOps.Pipelines.Environments.ProjectValidUsers.md
  • en\Azure.DevOps.Tasks.VariableGroup.NoPlainTextSecrets.md
  • rules\AzureDevOps.Repo.Branches.Rule.ps1
  • nl\Azure.DevOps.Pipelines.Environments.Description.md
  • en\Azure.DevOps.Repos.GitHubAdvancedSecurityEnabled.md
  • en\Azure.DevOps.Tasks.VariableGroup.Description.md
  • rules\Config.Rule.yaml
  • nl\Azure.DevOps.Repos.Readme.md
  • en\Azure.DevOps.Repos.Branch.HasBranchPolicy.md
  • en\Azure.DevOps.Project.MainRepositoryAcl.ProjectValidUsers.md
  • rules\Baseline.NoExtraLicense.Rule.yaml
  • nl\Azure.DevOps.Pipelines.PipelineYaml.StepDisplayName.md
  • en\Azure.DevOps.Project.MainReleaseDefinitionAcl.ProjectValidUsers.md
  • en\Azure.DevOps.Pipelines.Settings.StatusBadgesPrivate.md
  • rules\AzureDevOps.Pipelines.Core.Rule.ps1
  • nl\Azure.DevOps.ServiceConnections.ProductionHumanApproval.md
  • en\Azure.DevOps.Repos.Branch.BranchPolicyMinimumReviewers.md
  • en\Azure.DevOps.Pipelines.Settings.RequireCommentForPullRequestFromFork.md
  • rules\Standards.Rule.ps1
  • nl\Azure.DevOps.ServiceConnections.GitHubPAT.md
  • en\Azure.DevOps.Pipelines.Releases.Definition.SelfApproval.md
  • en\Azure.DevOps.Pipelines.Core.UseYamlDefinition.md
  • rules\AzureDevOps.Pipelines.Settings.Rule.ps1
  • nl\Azure.DevOps.Tasks.VariableGroup.NoPlainTextSecrets.md
  • en\Azure.DevOps.Groups.ProjectAdmins.MaxMembers.md
  • en\Azure.DevOps.Repos.Branch.BranchPolicyCommentResolution.md
  • Classes\AzureDevOpsConnection.ps1
  • nl\Azure.DevOps.Tasks.VariableGroup.Description.md
  • en\Azure.DevOps.ServiceConnections.InheritedPermissions.md
  • en\Azure.DevOps.ServiceConnections.Description.md
  • nl\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForReleasePipelines.md
  • nl\Azure.DevOps.Pipelines.Settings.RequireCommentForPullRequestFromFork.md
  • en\Azure.DevOps.Pipelines.Core.InheritedPermissions.md
  • en\Azure.DevOps.Project.MainPipelineAcl.ProjectValidUsers.md
  • nl\Azure.DevOps.Repos.HasBranchPolicy.md
  • nl\Azure.DevOps.Pipelines.Core.UseYamlDefinition.md
  • en\Azure.DevOps.ServiceConnections.ProductionCheckProtection.md
  • en\Azure.DevOps.Repos.GitHubAdvancedSecurityBlockPushes.md
  • nl\Azure.DevOps.Pipelines.Settings.LimitSetVariablesAtQueueTime.md
  • nl\Azure.DevOps.Repos.BranchPolicyResetVotes.md
  • en\Azure.DevOps.Repos.Branch.BranchPolicyIsEnabled.md
  • en\Azure.DevOps.Groups.ProjectAdmins.MinMembers.md
  • nl\Azure.DevOps.Pipelines.Releases.Definition.NoPlainTextSecrets.md
  • nl\Azure.DevOps.ServiceConnections.Description.md
  • en\Azure.DevOps.Project.MainVariableGroupAcl.ProjectValidUsers.md
  • en\Azure.DevOps.Project.MainServiceConnectionAcl.ProjectValidUsers.md
  • nl\Azure.DevOps.Pipelines.Settings.SanitizeShellTaskArguments.md
  • nl\Azure.DevOps.Repos.GitHubAdvancedSecurityBlockPushes.md
  • en\Azure.DevOps.Tasks.VariableGroup.NoKeyVaultNoSecrets.md
  • en\Azure.DevOps.Repos.DefaultBranchPolicyAllowSelfApproval.md
  • nl\Azure.DevOps.ServiceConnections.ClassicAzure.md
  • nl\Azure.DevOps.Repos.BranchPolicyAllowSelfApproval.md
  • en\Azure.DevOps.Repos.Branch.BranchPolicyRequireBuild.md
  • en\Azure.DevOps.Repos.Branch.BranchPolicyEnforceLinkedWorkItems.md
  • nl\Azure.DevOps.ServiceConnections.Scope.md
  • nl\Azure.DevOps.Repos.BranchPolicyRequireBuild.md
  • en\Azure.DevOps.Repos.InheritedPermissions.md

Version History

Version Downloads Last updated
0.5.0 (current version) 213 1/20/2024
0.4.4 14 1/16/2024
0.4.3 41 1/11/2024
0.4.2 28 1/7/2024
0.4.1 25 1/4/2024
0.4.0 21 1/4/2024
0.4.0-preview1 3 12/29/2023
0.3.0 73 12/17/2023
0.3.0-preview4 3 12/10/2023
0.3.0-preview1 3 12/10/2023
0.2.1 73 11/25/2023
0.2.0 38 10/21/2023
0.1.1 23 10/8/2023
0.1.0 5 10/6/2023
0.0.13 11 9/30/2023
0.0.12 6 9/26/2023
0.0.11 14 9/24/2023
0.0.10 3 9/23/2023
0.0.9 3 9/22/2023
0.0.8 5 9/21/2023
0.0.7 5 9/20/2023
0.0.6 3 9/18/2023
0.0.5 4 9/17/2023
0.0.4 3 9/17/2023
0.0.3 4 9/17/2023
0.0.2 4 9/16/2023
0.0.1 3 9/16/2023
Show more