Home

PSRule.Rules.AzureDevOps

PSRule Module for Azure DevOps

This powershell module is built to be used with Bernie White's excellent PSRule module to check an Azure DevOps project against some best practices for a secure development environment.

This module is very much in early stage of development and should not be considered stable. Any input on the direction of the module and included rules is very much appreciated. Please consider opening an issue with your ideas.

Screenshot of version 0.0.11 Sarif output in Azure DevOps

This annotated version of the official security best practices provides a reference for how the rules in this module are related to the best practices recommended by Microsoft. It is the main guiding document in building the ruleset for this module.

Usage

To use this module, you need to have PSRule installed. You can install it from the PowerShell Gallery:

Install-Module -Name PSRule -Scope CurrentUser

Once you have PSRule installed, you can install this module from the PowerShell Gallery:

Install-Module -Name PSRule.Rules.AzureDevOps -Scope CurrentUser

Once you have both modules installed, you can run an export of your Azure DevOps project and run the rules on the exported data. The -PAT value needs to be an Azure DevOps Personal Access Token with sufficient permissions to read the project data.

Export-AzDevOpsRuleData `
    -Organization "MyOrg" `
    -Project "MyProject" `
    -PAT $MyPAT `
    -OutputPath "C:\Temp\MyProject"
Assert-PSRule `
    -InputPath "C:\Temp\MyProject\" `
    -Module PSRule.Rules.AzureDevOps

Screenshot of version 0.0.9 run

Organization level export

Since version 0.0.8 of this module, you can also export the data at the organization level, looping through all projects in the organization the PAT has access to.

Export-AzDevOpsOrganizationRuleData `
    -Organization "MyOrg" `
    -PAT $MyPAT `
    -OutputPath "C:\Temp\MyOrg"

Disable checks for Azure DevOps Features that require additional licenses

Since version 0.0.12 of this module, you can disable rules that check for Azure DevOps features that require additional licenses. This is done through applying the Baseline.NoExtraLicense baseline to the Assert-PSRule command through the -Baseline option.

Assert-PSRule `
    -InputPath "C:\Temp\MyProject\" `
    -Module PSRule.Rules.AzureDevOps `
    -Baseline Baseline.NoExtraLicense

Rules

Documentation for the implemented rules can be found in the en folder in the module folder.

Contributing

This project welcomes contributions and suggestions. Please read CONTRIBUTING.md for details on how to contribute.

License

This project is licensed under the MIT License.

Acknowledgements

Bernie White for creating PSRule.

Maintainer

Roderick Bant

Uh oh!

Home

PSRule.Rules.AzureDevOps

PSRule Module for Azure DevOps

Usage

Organization level export

Disable checks for Azure DevOps Features that require additional licenses

Rules

Contributing

License

Acknowledgements

Maintainer

References

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!