PSRule.Rules.AzureDevOps

0.4.0

PSRule rules module for Azure DevOps project configuration best practices. This module helps to audit an Azure DevOps project for secure and best practice configuration. The module requires PSRule to be installed.

Minimum PowerShell version

5.1

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name PSRule.Rules.AzureDevOps -RequiredVersion 0.4.0

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name PSRule.Rules.AzureDevOps -Version 0.4.0

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

(c) Roderick Bant. All rights reserved.

Package Details

Author(s)

  • Roderick Bant

Tags

PSRule-rules PSRule AzureDevOps Security

Functions

Export-AzDevOpsRuleData Export-AzDevOpsOrganizationRuleData Connect-AzDevOps Disconnect-AzDevOps

PSEditions

Core Desktop

Dependencies

Release Notes

## What's new

### Features:

- -PassThru Parameter. This new parameter enables the export functions to write their output to the PowerShell pipeline and not write any files to storage. This enables full in-memory execution of the rules and prevents sensitive information written to the filesystem.
- Azure DevOps Group export and rules. Group information is now exported and 3 new rules have been added for best practices concering the default groups in Azure DevOps.
- All repository branches are now exported and in scope. With the _PSRule Supression Groups_ functionality you can define the scope of branches that should be protected with best practices.
- All serviceconnections are now exported and in scope. Previous versions of the module only inspected serviceconnections with names like prd, production etc. The scope has now been expanded to all serviceconnections and suppression groups can be set as shown in the supplied example for best-practice based suppression groups.
- Build (-artifact) retention settings export and rules.
- Rules for private vs. public projects and corresponding baselines.
- Enhancements in unit testing maintainability.

### Rules:

- [Azure.DevOps.Groups.ProjectAdmins.MinMembers](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Groups.ProjectAdmins.MinMembers.md)
- [Azure.DevOps.Groups.ProjectAdmins.MaxMembers](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Groups.ProjectAdmins.MaxMembers.md)
- [Azure.DevOps.Groups.ProjectValidUsers.DoNotAssignMemberOfOtherGroups](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Groups.ProjectValidUsers.DoNotAssignMemberOfOtherGroups.md)
- [Azure.DevOps.Pipelines.Settings.StatusBadgesPrivate](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Settings.StatusBadgesPrivate.md)
- [Azure.DevOps.Project.Visibility](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Project.Visibility.md)
- [Azure.DevOps.Repos.Branch.BranchPolicyAllowSelfApproval](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyAllowSelfApproval.md)
- [Azure.DevOps.Repos.Branch.BranchPolicyCommentResolution](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyCommentResolution.md)
- [Azure.DevOps.Repos.Branch.BranchPolicyEnforceLinkedWorkItems](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyEnforceLinkedWorkItems.md)
- [Azure.DevOps.Repos.Branch.BranchPolicyIsEnabled](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyIsEnabled.md)
- [Azure.DevOps.Repos.Branch.BranchPolicyMergeStrategy](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyMergeStrategy.md)
- [Azure.DevOps.Repos.Branch.BranchPolicyMinimumReviewers](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyMinimumReviewers.md)
- [Azure.DevOps.Repos.Branch.BranchPolicyRequireBuild](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyRequireBuild.md)
- [Azure.DevOps.Repos.Branch.BranchPolicyResetVotes](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyResetVotes.md)
- [Azure.DevOps.Repos.Branch.HasBranchPolicy](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.HasBranchPolicy.md)
- [Azure.DevOps.RetentionSettings.ArtifactMinimumRetentionDays](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.RetentionSettings.ArtifactMinimumRetentionDays.md)
- [Azure.DevOps.RetentionSettings.PullRequestRunsMinimumRetentionDays](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.RetentionSettings.PullRequestRunsMinimumRetentionDays.md)

FileList

  • PSRule.Rules.AzureDevOps.nuspec
  • PSRule.Rules.AzureDevOps.psm1
  • en\Azure.DevOps.Pipelines.Releases.Definition.ProductionApproval.md
  • Functions\DevOps.Tasks.VariableGroups.ps1
  • nl\Azure.DevOps.ServiceConnections.ProductionBranchLimit.md
  • en\Azure.DevOps.RetentionSettings.ArtifactMinimumRetentionDays.md
  • Functions\DevOps.Repos.ps1
  • nl\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScope.md
  • PSRule.Rules.AzureDevOps.psd1
  • en\Azure.DevOps.Repos.Branch.BranchPolicyAllowSelfApproval.md
  • Functions\DevOps.Pipelines.Core.ps1
  • nl\Azure.DevOps.Repos.GitHubAdvancedSecurityEnabled.md
  • en\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForReleasePipelines.md
  • en\Azure.DevOps.Pipelines.Settings.RestrictSecretsForPullRequestFromFork.md
  • Functions\DevOps.Pipelines.Environments.ps1
  • nl\Azure.DevOps.Repos.BranchPolicyIsEnabled.md
  • en\Azure.DevOps.Pipelines.Settings.LimitSetVariablesAtQueueTime.md
  • en\Azure.DevOps.Pipelines.PipelineYaml.AgentPoolVersionNotLatest.md
  • rules\AzureDevOps.Groups.Rule.ps1
  • nl\Azure.DevOps.Pipelines.Releases.Definition.SelfApproval.md
  • en\Azure.DevOps.Pipelines.Releases.Definition.NoPlainTextSecrets.md
  • en\Azure.DevOps.Repos.License.md
  • rules\Selectors.Rule.yaml
  • nl\Azure.DevOps.Pipelines.Core.InheritedPermissions.md
  • en\Azure.DevOps.Pipelines.Settings.SanitizeShellTaskArguments.md
  • en\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForYamlPipelines.md
  • rules\Baseline.PublicProject.Rule.yaml
  • nl\Azure.DevOps.ServiceConnections.ProductionCheckProtection.md
  • en\Azure.DevOps.ServiceConnections.ClassicAzure.md
  • en\Azure.DevOps.Pipelines.Environments.ProductionBranchLimit.md
  • rules\AzureDevOps.Projects.Rule.ps1
  • nl\Azure.DevOps.Tasks.VariableGroup.NoKeyVaultNoSecrets.md
  • en\Azure.DevOps.Repos.DefaultBranchPolicyMergeStrategy.md
  • en\Azure.DevOps.Pipelines.Environments.Description.md
  • rules\AzureDevOps.Tasks.VariableGroups.Rule.ps1
  • nl\Azure.DevOps.Repos.BranchPolicyEnforceLinkedWorkItems.md
  • en\Azure.DevOps.ServiceConnections.Scope.md
  • en\Azure.DevOps.Repos.Readme.md
  • rules\AzureDevOps.RetentionSettings.Rule.ps1
  • nl\Azure.DevOps.Repos.InheritedPermissions.md
  • en\Azure.DevOps.Pipelines.Environments.ProductionHumanApproval.md
  • en\Azure.DevOps.Pipelines.PipelineYaml.StepDisplayName.md
  • rules\AzureDevOps.Repos.Rule.ps1
  • nl\Azure.DevOps.Repos.BranchPolicyMinimumReviewers.md
  • en\Azure.DevOps.Repos.Branch.BranchPolicyResetVotes.md
  • en\Azure.DevOps.ServiceConnections.ProductionHumanApproval.md
  • rules\AzureDevOps.Pipelines.PipelineYaml.Rule.ps1
  • nl\Azure.DevOps.ServiceConnections.WorkloadIdentityFederation.md
  • en\Azure.DevOps.Pipelines.Core.NoPlainTextSecrets.md
  • en\Azure.DevOps.RetentionSettings.PullRequestRunsMinimumRetentionDays.md
  • rules\AzureDevOps.ServiceConnection.Rule.ps1
  • nl\Azure.DevOps.Pipelines.Releases.Definition.ProductionApproval.md
  • en\Azure.DevOps.Pipelines.Environments.ProductionCheckProtection.md
  • en\Azure.DevOps.Project.Visibility.md
  • rules\AzureDevOps.Pipelines.Releases.Rule.ps1
  • nl\Azure.DevOps.Pipelines.Settings.RestrictSecretsForPullRequestFromFork.md
  • en\Azure.DevOps.Repos.DefaultBranchPolicyResetVotes.md
  • en\Azure.DevOps.Groups.ProjectValidUsers.DoNotAssignMemberOfOtherGroups.md
  • rules\Baseline.Default.Rule.yaml
  • nl\Azure.DevOps.Repos.BranchPolicyMergeStrategy.md
  • en\Azure.DevOps.Pipelines.Releases.Definition.InheritedPermissions.md
  • en\Azure.DevOps.ServiceConnections.GitHubPAT.md
  • rules\AzureDevOps.Pipelines.Environments.Rule.ps1
  • nl\Azure.DevOps.Pipelines.PipelineYaml.AgentPoolVersionNotLatest.md
  • en\Azure.DevOps.Repos.DefaultBranchPolicyCommentResolution.md
  • en\Azure.DevOps.Repos.DefaultBranchPolicyRequireBuild.md
  • rules\AzureDevOps.Repo.Branches.Rule.ps1
  • nl\Azure.DevOps.Repos.License.md
  • en\Azure.DevOps.Repos.DefaultBranchPolicyIsEnabled.md
  • en\Azure.DevOps.Tasks.VariableGroup.NoPlainTextSecrets.md
  • rules\Config.Rule.yaml
  • nl\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForYamlPipelines.md
  • en\Azure.DevOps.Repos.DefaultBranchPolicyEnforceLinkedWorkItems.md
  • en\Azure.DevOps.Tasks.VariableGroup.Description.md
  • rules\Baseline.NoExtraLicense.Rule.yaml
  • nl\Azure.DevOps.Pipelines.Environments.ProductionBranchLimit.md
  • en\Azure.DevOps.ServiceConnections.ProductionBranchLimit.md
  • en\Azure.DevOps.Pipelines.Settings.StatusBadgesPrivate.md
  • rules\AzureDevOps.Pipelines.Core.Rule.ps1
  • nl\Azure.DevOps.Repos.BranchPolicyCommentResolution.md
  • en\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScope.md
  • en\Azure.DevOps.Pipelines.Settings.RequireCommentForPullRequestFromFork.md
  • rules\Standards.Rule.ps1
  • nl\Azure.DevOps.Pipelines.Environments.Description.md
  • en\Azure.DevOps.Repos.GitHubAdvancedSecurityEnabled.md
  • en\Azure.DevOps.Pipelines.Core.UseYamlDefinition.md
  • rules\AzureDevOps.Pipelines.Settings.Rule.ps1
  • nl\Azure.DevOps.Repos.Readme.md
  • en\Azure.DevOps.Repos.Branch.HasBranchPolicy.md
  • en\Azure.DevOps.Repos.Branch.BranchPolicyCommentResolution.md
  • Classes\AzureDevOpsConnection.ps1
  • nl\Azure.DevOps.Pipelines.PipelineYaml.StepDisplayName.md
  • en\Azure.DevOps.Repos.Branch.BranchPolicyMinimumReviewers.md
  • en\Azure.DevOps.ServiceConnections.Description.md
  • nl\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForReleasePipelines.md
  • nl\Azure.DevOps.ServiceConnections.ProductionHumanApproval.md
  • en\Azure.DevOps.Pipelines.Releases.Definition.SelfApproval.md
  • en\Azure.DevOps.Repos.GitHubAdvancedSecurityBlockPushes.md
  • nl\Azure.DevOps.Repos.HasBranchPolicy.md
  • nl\Azure.DevOps.ServiceConnections.GitHubPAT.md
  • en\Azure.DevOps.Groups.ProjectAdmins.MaxMembers.md
  • en\Azure.DevOps.Groups.ProjectAdmins.MinMembers.md
  • nl\Azure.DevOps.Pipelines.Settings.LimitSetVariablesAtQueueTime.md
  • nl\Azure.DevOps.Tasks.VariableGroup.NoPlainTextSecrets.md
  • en\Azure.DevOps.Pipelines.Core.InheritedPermissions.md
  • en\Azure.DevOps.Repos.DefaultBranchPolicyAllowSelfApproval.md
  • nl\Azure.DevOps.Pipelines.Releases.Definition.NoPlainTextSecrets.md
  • nl\Azure.DevOps.Tasks.VariableGroup.Description.md
  • en\Azure.DevOps.ServiceConnections.ProductionCheckProtection.md
  • en\Azure.DevOps.Repos.Branch.BranchPolicyEnforceLinkedWorkItems.md
  • nl\Azure.DevOps.Pipelines.Settings.SanitizeShellTaskArguments.md
  • nl\Azure.DevOps.Pipelines.Settings.RequireCommentForPullRequestFromFork.md
  • en\Azure.DevOps.Repos.Branch.BranchPolicyIsEnabled.md
  • en\Azure.DevOps.Repos.HasDefaultBranchPolicy.md
  • nl\Azure.DevOps.ServiceConnections.ClassicAzure.md
  • nl\Azure.DevOps.Pipelines.Core.UseYamlDefinition.md
  • en\Azure.DevOps.Tasks.VariableGroup.NoKeyVaultNoSecrets.md
  • Functions\DevOps.Pipelines.Settings.ps1
  • nl\Azure.DevOps.ServiceConnections.Scope.md
  • nl\Azure.DevOps.Repos.BranchPolicyResetVotes.md
  • en\Azure.DevOps.Repos.Branch.BranchPolicyRequireBuild.md
  • Functions\DevOps.Groups.ps1
  • nl\Azure.DevOps.Pipelines.Environments.ProductionHumanApproval.md
  • nl\Azure.DevOps.ServiceConnections.Description.md
  • en\Azure.DevOps.Repos.InheritedPermissions.md
  • Functions\Common.ps1
  • nl\Azure.DevOps.Pipelines.Core.NoPlainTextSecrets.md
  • nl\Azure.DevOps.Repos.GitHubAdvancedSecurityBlockPushes.md
  • en\Azure.DevOps.Repos.Branch.BranchPolicyMergeStrategy.md
  • Functions\DevOps.RetentionSettings.ps1
  • nl\Azure.DevOps.Pipelines.Environments.ProductionCheckProtection.md
  • nl\Azure.DevOps.Repos.BranchPolicyAllowSelfApproval.md
  • en\Azure.DevOps.Repos.DefaultBranchPolicyMinimumReviewers.md
  • Functions\DevOps.Pipelines.Releases.ps1
  • nl\Azure.DevOps.Pipelines.Releases.Definition.InheritedPermissions.md
  • nl\Azure.DevOps.Repos.BranchPolicyRequireBuild.md
  • en\Azure.DevOps.ServiceConnections.WorkloadIdentityFederation.md
  • Functions\DevOps.ServiceConnections.ps1

Version History

Version Downloads Last updated
0.5.1 2,318 4/1/2024
0.5.0 305 1/20/2024
0.4.4 17 1/16/2024
0.4.3 44 1/11/2024
0.4.2 31 1/7/2024
0.4.1 28 1/4/2024
0.4.0 (current version) 25 1/4/2024
0.4.0-preview1 6 12/29/2023
0.3.0 76 12/17/2023
0.3.0-preview4 6 12/10/2023
0.3.0-preview1 6 12/10/2023
0.2.1 76 11/25/2023
0.2.0 41 10/21/2023
0.1.1 26 10/8/2023
0.1.0 8 10/6/2023
0.0.13 15 9/30/2023
0.0.12 9 9/26/2023
0.0.11 17 9/24/2023
0.0.10 6 9/23/2023
0.0.9 6 9/22/2023
0.0.8 8 9/21/2023
0.0.7 8 9/20/2023
0.0.6 6 9/18/2023
0.0.5 7 9/17/2023
0.0.4 6 9/17/2023
0.0.3 7 9/17/2023
0.0.2 7 9/16/2023
0.0.1 6 9/16/2023
Show less