PSRule.Rules.AzureDevOps
0.4.0
PSRule rules module for Azure DevOps project configuration best practices. This module helps to audit an Azure DevOps project for secure and best practice configuration. The module requires PSRule to be installed.
Minimum PowerShell version
5.1
Installation Options
Owners
Copyright
(c) Roderick Bant. All rights reserved.
Package Details
Author(s)
- Roderick Bant
Tags
PSRule-rules PSRule AzureDevOps Security
Functions
Export-AzDevOpsRuleData Export-AzDevOpsOrganizationRuleData Connect-AzDevOps Disconnect-AzDevOps
PSEditions
Dependencies
Release Notes
## What's new
### Features:
- -PassThru Parameter. This new parameter enables the export functions to write their output to the PowerShell pipeline and not write any files to storage. This enables full in-memory execution of the rules and prevents sensitive information written to the filesystem.
- Azure DevOps Group export and rules. Group information is now exported and 3 new rules have been added for best practices concering the default groups in Azure DevOps.
- All repository branches are now exported and in scope. With the _PSRule Supression Groups_ functionality you can define the scope of branches that should be protected with best practices.
- All serviceconnections are now exported and in scope. Previous versions of the module only inspected serviceconnections with names like prd, production etc. The scope has now been expanded to all serviceconnections and suppression groups can be set as shown in the supplied example for best-practice based suppression groups.
- Build (-artifact) retention settings export and rules.
- Rules for private vs. public projects and corresponding baselines.
- Enhancements in unit testing maintainability.
### Rules:
- [Azure.DevOps.Groups.ProjectAdmins.MinMembers](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Groups.ProjectAdmins.MinMembers.md)
- [Azure.DevOps.Groups.ProjectAdmins.MaxMembers](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Groups.ProjectAdmins.MaxMembers.md)
- [Azure.DevOps.Groups.ProjectValidUsers.DoNotAssignMemberOfOtherGroups](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Groups.ProjectValidUsers.DoNotAssignMemberOfOtherGroups.md)
- [Azure.DevOps.Pipelines.Settings.StatusBadgesPrivate](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Settings.StatusBadgesPrivate.md)
- [Azure.DevOps.Project.Visibility](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Project.Visibility.md)
- [Azure.DevOps.Repos.Branch.BranchPolicyAllowSelfApproval](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyAllowSelfApproval.md)
- [Azure.DevOps.Repos.Branch.BranchPolicyCommentResolution](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyCommentResolution.md)
- [Azure.DevOps.Repos.Branch.BranchPolicyEnforceLinkedWorkItems](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyEnforceLinkedWorkItems.md)
- [Azure.DevOps.Repos.Branch.BranchPolicyIsEnabled](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyIsEnabled.md)
- [Azure.DevOps.Repos.Branch.BranchPolicyMergeStrategy](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyMergeStrategy.md)
- [Azure.DevOps.Repos.Branch.BranchPolicyMinimumReviewers](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyMinimumReviewers.md)
- [Azure.DevOps.Repos.Branch.BranchPolicyRequireBuild](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyRequireBuild.md)
- [Azure.DevOps.Repos.Branch.BranchPolicyResetVotes](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyResetVotes.md)
- [Azure.DevOps.Repos.Branch.HasBranchPolicy](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.HasBranchPolicy.md)
- [Azure.DevOps.RetentionSettings.ArtifactMinimumRetentionDays](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.RetentionSettings.ArtifactMinimumRetentionDays.md)
- [Azure.DevOps.RetentionSettings.PullRequestRunsMinimumRetentionDays](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.RetentionSettings.PullRequestRunsMinimumRetentionDays.md)
FileList
- PSRule.Rules.AzureDevOps.nuspec
- PSRule.Rules.AzureDevOps.psm1
- en\Azure.DevOps.Pipelines.Releases.Definition.ProductionApproval.md
- Functions\DevOps.Tasks.VariableGroups.ps1
- nl\Azure.DevOps.ServiceConnections.ProductionBranchLimit.md
- en\Azure.DevOps.RetentionSettings.ArtifactMinimumRetentionDays.md
- Functions\DevOps.Repos.ps1
- nl\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScope.md
- PSRule.Rules.AzureDevOps.psd1
- en\Azure.DevOps.Repos.Branch.BranchPolicyAllowSelfApproval.md
- Functions\DevOps.Pipelines.Core.ps1
- nl\Azure.DevOps.Repos.GitHubAdvancedSecurityEnabled.md
- en\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForReleasePipelines.md
- en\Azure.DevOps.Pipelines.Settings.RestrictSecretsForPullRequestFromFork.md
- Functions\DevOps.Pipelines.Environments.ps1
- nl\Azure.DevOps.Repos.BranchPolicyIsEnabled.md
- en\Azure.DevOps.Pipelines.Settings.LimitSetVariablesAtQueueTime.md
- en\Azure.DevOps.Pipelines.PipelineYaml.AgentPoolVersionNotLatest.md
- rules\AzureDevOps.Groups.Rule.ps1
- nl\Azure.DevOps.Pipelines.Releases.Definition.SelfApproval.md
- en\Azure.DevOps.Pipelines.Releases.Definition.NoPlainTextSecrets.md
- en\Azure.DevOps.Repos.License.md
- rules\Selectors.Rule.yaml
- nl\Azure.DevOps.Pipelines.Core.InheritedPermissions.md
- en\Azure.DevOps.Pipelines.Settings.SanitizeShellTaskArguments.md
- en\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForYamlPipelines.md
- rules\Baseline.PublicProject.Rule.yaml
- nl\Azure.DevOps.ServiceConnections.ProductionCheckProtection.md
- en\Azure.DevOps.ServiceConnections.ClassicAzure.md
- en\Azure.DevOps.Pipelines.Environments.ProductionBranchLimit.md
- rules\AzureDevOps.Projects.Rule.ps1
- nl\Azure.DevOps.Tasks.VariableGroup.NoKeyVaultNoSecrets.md
- en\Azure.DevOps.Repos.DefaultBranchPolicyMergeStrategy.md
- en\Azure.DevOps.Pipelines.Environments.Description.md
- rules\AzureDevOps.Tasks.VariableGroups.Rule.ps1
- nl\Azure.DevOps.Repos.BranchPolicyEnforceLinkedWorkItems.md
- en\Azure.DevOps.ServiceConnections.Scope.md
- en\Azure.DevOps.Repos.Readme.md
- rules\AzureDevOps.RetentionSettings.Rule.ps1
- nl\Azure.DevOps.Repos.InheritedPermissions.md
- en\Azure.DevOps.Pipelines.Environments.ProductionHumanApproval.md
- en\Azure.DevOps.Pipelines.PipelineYaml.StepDisplayName.md
- rules\AzureDevOps.Repos.Rule.ps1
- nl\Azure.DevOps.Repos.BranchPolicyMinimumReviewers.md
- en\Azure.DevOps.Repos.Branch.BranchPolicyResetVotes.md
- en\Azure.DevOps.ServiceConnections.ProductionHumanApproval.md
- rules\AzureDevOps.Pipelines.PipelineYaml.Rule.ps1
- nl\Azure.DevOps.ServiceConnections.WorkloadIdentityFederation.md
- en\Azure.DevOps.Pipelines.Core.NoPlainTextSecrets.md
- en\Azure.DevOps.RetentionSettings.PullRequestRunsMinimumRetentionDays.md
- rules\AzureDevOps.ServiceConnection.Rule.ps1
- nl\Azure.DevOps.Pipelines.Releases.Definition.ProductionApproval.md
- en\Azure.DevOps.Pipelines.Environments.ProductionCheckProtection.md
- en\Azure.DevOps.Project.Visibility.md
- rules\AzureDevOps.Pipelines.Releases.Rule.ps1
- nl\Azure.DevOps.Pipelines.Settings.RestrictSecretsForPullRequestFromFork.md
- en\Azure.DevOps.Repos.DefaultBranchPolicyResetVotes.md
- en\Azure.DevOps.Groups.ProjectValidUsers.DoNotAssignMemberOfOtherGroups.md
- rules\Baseline.Default.Rule.yaml
- nl\Azure.DevOps.Repos.BranchPolicyMergeStrategy.md
- en\Azure.DevOps.Pipelines.Releases.Definition.InheritedPermissions.md
- en\Azure.DevOps.ServiceConnections.GitHubPAT.md
- rules\AzureDevOps.Pipelines.Environments.Rule.ps1
- nl\Azure.DevOps.Pipelines.PipelineYaml.AgentPoolVersionNotLatest.md
- en\Azure.DevOps.Repos.DefaultBranchPolicyCommentResolution.md
- en\Azure.DevOps.Repos.DefaultBranchPolicyRequireBuild.md
- rules\AzureDevOps.Repo.Branches.Rule.ps1
- nl\Azure.DevOps.Repos.License.md
- en\Azure.DevOps.Repos.DefaultBranchPolicyIsEnabled.md
- en\Azure.DevOps.Tasks.VariableGroup.NoPlainTextSecrets.md
- rules\Config.Rule.yaml
- nl\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForYamlPipelines.md
- en\Azure.DevOps.Repos.DefaultBranchPolicyEnforceLinkedWorkItems.md
- en\Azure.DevOps.Tasks.VariableGroup.Description.md
- rules\Baseline.NoExtraLicense.Rule.yaml
- nl\Azure.DevOps.Pipelines.Environments.ProductionBranchLimit.md
- en\Azure.DevOps.ServiceConnections.ProductionBranchLimit.md
- en\Azure.DevOps.Pipelines.Settings.StatusBadgesPrivate.md
- rules\AzureDevOps.Pipelines.Core.Rule.ps1
- nl\Azure.DevOps.Repos.BranchPolicyCommentResolution.md
- en\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScope.md
- en\Azure.DevOps.Pipelines.Settings.RequireCommentForPullRequestFromFork.md
- rules\Standards.Rule.ps1
- nl\Azure.DevOps.Pipelines.Environments.Description.md
- en\Azure.DevOps.Repos.GitHubAdvancedSecurityEnabled.md
- en\Azure.DevOps.Pipelines.Core.UseYamlDefinition.md
- rules\AzureDevOps.Pipelines.Settings.Rule.ps1
- nl\Azure.DevOps.Repos.Readme.md
- en\Azure.DevOps.Repos.Branch.HasBranchPolicy.md
- en\Azure.DevOps.Repos.Branch.BranchPolicyCommentResolution.md
- Classes\AzureDevOpsConnection.ps1
- nl\Azure.DevOps.Pipelines.PipelineYaml.StepDisplayName.md
- en\Azure.DevOps.Repos.Branch.BranchPolicyMinimumReviewers.md
- en\Azure.DevOps.ServiceConnections.Description.md
- nl\Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForReleasePipelines.md
- nl\Azure.DevOps.ServiceConnections.ProductionHumanApproval.md
- en\Azure.DevOps.Pipelines.Releases.Definition.SelfApproval.md
- en\Azure.DevOps.Repos.GitHubAdvancedSecurityBlockPushes.md
- nl\Azure.DevOps.Repos.HasBranchPolicy.md
- nl\Azure.DevOps.ServiceConnections.GitHubPAT.md
- en\Azure.DevOps.Groups.ProjectAdmins.MaxMembers.md
- en\Azure.DevOps.Groups.ProjectAdmins.MinMembers.md
- nl\Azure.DevOps.Pipelines.Settings.LimitSetVariablesAtQueueTime.md
- nl\Azure.DevOps.Tasks.VariableGroup.NoPlainTextSecrets.md
- en\Azure.DevOps.Pipelines.Core.InheritedPermissions.md
- en\Azure.DevOps.Repos.DefaultBranchPolicyAllowSelfApproval.md
- nl\Azure.DevOps.Pipelines.Releases.Definition.NoPlainTextSecrets.md
- nl\Azure.DevOps.Tasks.VariableGroup.Description.md
- en\Azure.DevOps.ServiceConnections.ProductionCheckProtection.md
- en\Azure.DevOps.Repos.Branch.BranchPolicyEnforceLinkedWorkItems.md
- nl\Azure.DevOps.Pipelines.Settings.SanitizeShellTaskArguments.md
- nl\Azure.DevOps.Pipelines.Settings.RequireCommentForPullRequestFromFork.md
- en\Azure.DevOps.Repos.Branch.BranchPolicyIsEnabled.md
- en\Azure.DevOps.Repos.HasDefaultBranchPolicy.md
- nl\Azure.DevOps.ServiceConnections.ClassicAzure.md
- nl\Azure.DevOps.Pipelines.Core.UseYamlDefinition.md
- en\Azure.DevOps.Tasks.VariableGroup.NoKeyVaultNoSecrets.md
- Functions\DevOps.Pipelines.Settings.ps1
- nl\Azure.DevOps.ServiceConnections.Scope.md
- nl\Azure.DevOps.Repos.BranchPolicyResetVotes.md
- en\Azure.DevOps.Repos.Branch.BranchPolicyRequireBuild.md
- Functions\DevOps.Groups.ps1
- nl\Azure.DevOps.Pipelines.Environments.ProductionHumanApproval.md
- nl\Azure.DevOps.ServiceConnections.Description.md
- en\Azure.DevOps.Repos.InheritedPermissions.md
- Functions\Common.ps1
- nl\Azure.DevOps.Pipelines.Core.NoPlainTextSecrets.md
- nl\Azure.DevOps.Repos.GitHubAdvancedSecurityBlockPushes.md
- en\Azure.DevOps.Repos.Branch.BranchPolicyMergeStrategy.md
- Functions\DevOps.RetentionSettings.ps1
- nl\Azure.DevOps.Pipelines.Environments.ProductionCheckProtection.md
- nl\Azure.DevOps.Repos.BranchPolicyAllowSelfApproval.md
- en\Azure.DevOps.Repos.DefaultBranchPolicyMinimumReviewers.md
- Functions\DevOps.Pipelines.Releases.ps1
- nl\Azure.DevOps.Pipelines.Releases.Definition.InheritedPermissions.md
- nl\Azure.DevOps.Repos.BranchPolicyRequireBuild.md
- en\Azure.DevOps.ServiceConnections.WorkloadIdentityFederation.md
- Functions\DevOps.ServiceConnections.ps1
Version History
Version | Downloads | Last updated |
---|---|---|
0.5.1 | 2,318 | 4/1/2024 |
0.5.0 | 305 | 1/20/2024 |
0.4.4 | 17 | 1/16/2024 |
0.4.3 | 44 | 1/11/2024 |
0.4.2 | 31 | 1/7/2024 |
0.4.1 | 28 | 1/4/2024 |
0.4.0 (current version) | 25 | 1/4/2024 |
0.4.0-preview1 | 6 | 12/29/2023 |
0.3.0 | 76 | 12/17/2023 |
0.3.0-preview4 | 6 | 12/10/2023 |
0.3.0-preview1 | 6 | 12/10/2023 |
0.2.1 | 76 | 11/25/2023 |
0.2.0 | 41 | 10/21/2023 |
0.1.1 | 26 | 10/8/2023 |
0.1.0 | 8 | 10/6/2023 |
0.0.13 | 15 | 9/30/2023 |
0.0.12 | 9 | 9/26/2023 |
0.0.11 | 17 | 9/24/2023 |
0.0.10 | 6 | 9/23/2023 |
0.0.9 | 6 | 9/22/2023 |
0.0.8 | 8 | 9/21/2023 |
0.0.7 | 8 | 9/20/2023 |
0.0.6 | 6 | 9/18/2023 |
0.0.5 | 7 | 9/17/2023 |
0.0.4 | 6 | 9/17/2023 |
0.0.3 | 7 | 9/17/2023 |
0.0.2 | 7 | 9/16/2023 |
0.0.1 | 6 | 9/16/2023 |