Framework/Configurations/SVT/ControlSettings.json

{
  "BaselineControls": {
    "ResourceTypeControlIdMappingList": [
      {
        "ResourceType": "Organization",
        "ControlIds": [
          "AzureDevOps_Organization_AuthN_Use_AAD_Auth",
          "AzureDevOps_Organization_AuthN_Disable_External_Guest_Users",
          "AzureDevOps_Organization_AuthZ_Justify_Guest_Identities",
          "AzureDevOps_Organization_SI_Review_Installed_Extensions",
          "AzureDevOps_Organization_SI_Review_Shared_Extensions",
          "AzureDevOps_Organization_AuthZ_Review_Extension_Managers",
          "AzureDevOps_Organization_AuthZ_Review_Project_Collection_Service_Accounts",
          "AzureDevOps_Organization_SI_Review_Auto_Injected_Extensions"
        ]
     },
     {
      "ResourceType": "Project",
      "ControlIds": [
        "AzureDevOps_Project_AuthZ_Set_Visibility_Private",
        "AzureDevOps_Project_AuthZ_Limit_Job_Scope_To_Current_Project"
      ]
     },
     {
      "ResourceType": "ServiceConnection",
      "ControlIds": [
         "AzureDevOps_ServiceConnection_AuthZ_Dont_Use_Classic_Connections",
         "AzureDevOps_ServiceConnection_AuthZ_Disable_InheritPermissions",
         "AzureDevOps_ServiceConnection_AuthZ_Dont_Grant_All_Pipelines_Access",
         "AzureDevOps_ServiceConnection_AuthZ_Dont_Allow_Global_SecurityGroups"
      ]
     },
     {
      "ResourceType": "Build",
      "ControlIds": [
        "AzureDevOps_Build_AuthZ_Disable_Inherited_Permissions"
      ]
     },
     {
      "ResourceType": "Release",
      "ControlIds": [
        "AzureDevOps_Release_AuthZ_Disable_Inherited_Permissions",
        "AzureDevOps_Release_SI_Review_External_Sources"
      ]
     },
     {
      "ResourceType": "AgentPool",
      "ControlIds": [
        "AzureDevOps_AgentPool_AuthZ_Disable_Inherited_Permissions",
        "AzureDevOps_AgentPool_AuthZ_Project_Dont_Grant_All_Pipeline_Access"
      ]
     }
    ]
  },
  "PreviewBaselineControls": {
    "ResourceTypeControlIdMappingList": [
    ]
  },
  "AllowAttestationResourceType": [
    "Organization",
    "Project",
    "Build",
    "Release",
    "ServiceConnection",
    "AgentPool"
   ],
  "AttestationExpiryPeriodInDays": {
    "Default": 90,
    "ControlSeverity": {
      "Critical": 7,
      "High": 30,
      "Medium": 60,
      "Low": 90
    }
  },
  "AllowAttestationByGroups": [
    {
      "ResourceType": "Organization",
      "GroupNames": [
        "Project Collection Administrators"
      ]
   },
   {
    "ResourceType": "Project",
    "GroupNames": [
      "Project Collection Administrators",
      "Project Administrators"
    ]
 }
  ],
  "DefaultValidAttestationStates": [ "NotAnIssue", "WillFixLater", "WillNotFix" ],
  "NewControlGracePeriodInDays": {
    "Default": 60,
    "ControlSeverity": {
      "Critical": 7,
      "High": 30,
      "Medium": 60,
      "Low": 90
    }
  },
  "AttestationPeriodInDays": {
    "Default": 90,
    "ControlSeverity": {
      "Critical": 7,
      "High": 30,
      "Medium": 60,
      "Low": 90
    }
  },
  "ControlSeverity": {
    "Critical": "Critical",
    "High": "High",
    "Medium": "Medium",
    "Low": "Low"
  },
  "Build":{
    "BuildHistoryPeriodInDays": 180,
    "WhitelistedUserIdentities":[
      {
        "Domain" : "Build",
        "DisplayName" : [
          "OneITVSO Build Service (MicrosoftIT)",
          "Project Collection Build Service (MicrosoftIT)"
        ]
      }
    ]
  },
  "Release":{
    "ReleaseHistoryPeriodInDays": 180,
    "WhitelistedUserIdentities":[
      {
        "Domain" : "Build",
        "DisplayName" : [
          "OneITVSO Build Service (MicrosoftIT)",
          "Project Collection Build Service (MicrosoftIT)"
        ]
      }
    ],
    "RequirePreDeployApprovals": [
      "Production",
      "Pre-Production",
      "Prod",
      "Pre-Prod"
    ]
  },
  "Organization":{
    "InActiveUserActivityLogsPeriodInDays": 365,
    "WhitelistedExtensionPublishers":[
      "Microsoft",
      "Microsoft DevLabs"
    ]
  },
  "ServiceConnection":{
    "WhitelistedGroupIdentities": [
      "Endpoint Administrators"
    ]
  },
  "Patterns" : [
    {"RegexCode": "Build", "RegexList": ["^(?=[^\\d_].*?\\d)\\w(\\w|[!@#$%]){7,20}",
                                "(?=^.{6,12}$)((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*",
                                "(pwd|password)\\s*=\\s*(?<pwd>('(([^'])|(''))+'|[^';]+))"
                                ] },
    {"RegexCode": "Release", "RegexList": ["^(?=[^\\d_].*?\\d)\\w(\\w|[!@#$%]){7,20}",
                                  "(?=^.{6,12}$)((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*",
                                  "(pwd|password)\\s*=\\s*(?<pwd>('(([^'])|(''))+'|[^';]+))"
                                  ] }
   ]
}