{"id":19491209,"url":"https://github.com/cloudyspells/psrule.rules.azuredevops","last_synced_at":"2025-08-10T20:09:10.699Z","repository":{"id":195242682,"uuid":"691711473","full_name":"cloudyspells/PSRule.Rules.AzureDevOps","owner":"cloudyspells","description":"PSRule Module for Azure DevOps. Audit your Azure DevOps project configuration for best practice adoption in minutes.","archived":false,"fork":false,"pushed_at":"2024-04-01T18:33:59.000Z","size":992,"stargazers_count":30,"open_issues_count":14,"forks_count":4,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-25T19:37:11.977Z","etag":null,"topics":["azure","azure-devops","azure-devops-pipelines","devops","governance","hacktoberfest","powershell","powershell-module","psrule","vsts"],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloudyspells.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"docs/security-best-practices.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["cloudyspells"]}},"created_at":"2023-09-14T18:17:02.000Z","updated_at":"2025-04-15T19:32:37.000Z","dependencies_parsed_at":"2024-01-20T16:27:11.225Z","dependency_job_id":"4fc5038a-f8b6-4abd-a15a-951f6660bdc7","html_url":"https://github.com/cloudyspells/PSRule.Rules.AzureDevOps","commit_stats":null,"previous_names":["cloudyspells/psrule.rules.azuredevops"],"tags_count":27,"template":false,"template_full_name":null,"purl":"pkg:github/cloudyspells/PSRule.Rules.AzureDevOps","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudyspells%2FPSRule.Rules.AzureDevOps","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudyspells%2FPSRule.Rules.AzureDevOps/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudyspells%2FPSRule.Rules.AzureDevOps/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudyspells%2FPSRule.Rules.AzureDevOps/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloudyspells","download_url":"https://codeload.github.com/cloudyspells/PSRule.Rules.AzureDevOps/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudyspells%2FPSRule.Rules.AzureDevOps/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269780617,"owners_count":24474686,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-10T02:00:08.965Z","response_time":71,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azure","azure-devops","azure-devops-pipelines","devops","governance","hacktoberfest","powershell","powershell-module","psrule","vsts"],"created_at":"2024-11-10T21:16:08.668Z","updated_at":"2025-08-10T20:09:10.676Z","avatar_url":"https://github.com/cloudyspells.png","language":"PowerShell","readme":"# PSRule.Rules.AzureDevOps\n\n[![PowerShell Gallery Version (excluding pre-releases)](https://img.shields.io/powershellgallery/v/PSRule.Rules.AzureDevOps?logo=powershell\u0026link=https%3A%2F%2Fwww.powershellgallery.com%2Fpackages%2FPSRule.Rules.AzureDevOps)](https://www.powershellgallery.com/packages/PSRule.Rules.AzureDevOps)\n[![PowerShell Gallery](https://img.shields.io/powershellgallery/dt/PSRule.Rules.AzureDevOps?logo=powershell\u0026link=https%3A%2F%2Fwww.powershellgallery.com%2Fpackages%2FPSRule.Rules.AzureDevOps)](https://www.powershellgallery.com/packages/PSRule.Rules.AzureDevOps)\n[![GitHub Workflow Status (with event)](https://img.shields.io/github/actions/workflow/status/cloudyspells/PSRule.Rules.AzureDevOps/module-ci.yml?label=Pester%20Unit%20Tests)](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/actions/workflows/module-ci.yml)\n[![codecov](https://codecov.io/gh/cloudyspells/PSRule.Rules.AzureDevOps/graph/badge.svg?token=SULG2MXS9U)](https://codecov.io/gh/cloudyspells/PSRule.Rules.AzureDevOps)\n\n## PSRule Module for Azure DevOps\n\nThis powershell module is built to be used with\n[Bernie White's](https://github.com/BernieWhite) excellent\n[PSRule](https://github.com/microsoft/PSRule) module to check\nan Azure DevOps project for best practices for a\nsecure development environment. The module takes best practices from the official\n[Azure DevOps Security best practices](https://learn.microsoft.com/en-us/azure/devops/organizations/security/security-best-practices?view=azure-devops) documentation. It can\nfunction as a periodic security scan and check for your Azure DevOps project.\n\nThis module is actively developed since August 2023. Although a lot of testing has been\nperformed and is built in to the development cycle, up to now little feedback has come\nback from the community yet. Any input on the direction of the module and included rules\nis very much appreciated. Please consider opening an\n[issue](https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/issues)\nwith your ideas, encountered problems in using the module or other contributions. Any\nfeedback is highly appreciated.\n\n![Screenshot of version 0.0.11 Sarif output in Azure DevOps](assets/media/sarif-0.0.11.png)\n\n### Easy to use spin-off project\n\nIf you are looking for an easy to use spin-off project that uses this module and\ngives you a nice dashboard in Azure Monitor, please have a look at the\n[PsrAzDo-workbooks](https://github.com/cloudyspells/PsrAzDo-workbooks) project.\nIt is a set of Azure Monitor Workbooks that can be used to visualize the results\nof the PSRule.Rules.AzureDevOps module. The workbooks are easily deployed through\nthrough the included Bicep template and modules. A Yaml pipeline is included to\nrun the PSRule.Rules.AzureDevOps module on a daily basis and upload the results\nto Azure Monitor.\n\n## Usage\n\nTo use this module, you need to have _PSRule_ installed.\nYou can install it from the PowerShell Gallery:\n\n```powershell\nInstall-Module -Name PSRule -Scope CurrentUser\n```\n\nOnce you have PSRule installed, you can install this module\nfrom the PowerShell Gallery:\n\n```powershell\nInstall-Module -Name PSRule.Rules.AzureDevOps -Scope CurrentUser\n```\n\n### PAT Token\n\nOnce you have both modules installed, you can connect to your\nAzure DevOps organization and run an export of your Azure DevOps\nproject and run the rules on the exported data.\nThe `-PAT` value needs to be an Azure DevOps Personal Access Token\nwith sufficient permissions to read the project data. The default\nexpects a PAT with full access permissions. Alternately, you can\nuse a PAT with only read permissions or fine-grained permissions\nwith the `-TokenType` parameter. The fine-grained permissions expect\nread access to all scopes and read \u0026 manage for scope that do not\nhave read-only access. Documentation on how to create the PATs can\nbe found in the [docs/token-permissions.md](docs/token-permissions.md).\n\n#### Example: Run with full access token\n\n```powershell\nConnect-AzDevOps `\n    -Organization \"MyOrg\" `\n    -PAT $MyPAT\nExport-AzDevOpsRuleData `\n    -Project \"MyProject\" `\n    -OutputPath \"C:\\Temp\\MyProject\"\nAssert-PSRule `\n    -InputPath \"C:\\Temp\\MyProject\\\" `\n    -Module PSRule.Rules.AzureDevOps\n```\n\n#### Example: Run with read-only access token\n\n```powershell\nConnect-AzDevOps `\n    -Organization \"MyOrg\" `\n    -PAT $MyPAT `\n    -TokenType ReadOnly\nExport-AzDevOpsRuleData `\n    -Project \"MyProject\" `\n    -OutputPath \"C:\\Temp\\MyProject\"\nAssert-PSRule `\n    -InputPath \"C:\\Temp\\MyProject\\\" `\n    -Module PSRule.Rules.AzureDevOps\n```\n\n### Service Principal or Managed Identity\n\nSince version 0.3.0 of this module, you can also connect to your\nAzure DevOps organization with a Service Principal or Managed Identity.\nThe `-AuthType` parameter can be set to `ServicePrincipal` or `ManagedIdentity`.\nThe Service Principal needs to have sufficient permissions to read the\nproject data. The default expects a Service Principal with project\nadministrator permissions. Alternately, you can use a Service Principal\nwith only read permissions or fine-grained permissions with the `-TokenType`\nparameter.\n\n#### Example: Run with a Service Principal\n\n```powershell\nConnect-AzDevOps `\n    -Organization \"MyOrg\" `\n    -AuthType ServicePrincipal `\n    -ClientId $MyAppId `\n    -ClientSecret $MyAppSecret `\n    -TenantId $MyTenantId\nExport-AzDevOpsRuleData `\n    -Project \"MyProject\" `\n    -OutputPath \"C:\\Temp\\MyProject\"\nAssert-PSRule `\n    -InputPath \"C:\\Temp\\MyProject\\\" `\n    -Module PSRule.Rules.AzureDevOps\n```\n\n#### Example: Run with a System Assigned Managed Identity\n\n```powershell\nConnect-AzDevOps `\n    -Organization \"MyOrg\" `\n    -AuthType ManagedIdentity\nExport-AzDevOpsRuleData `\n    -Project \"MyProject\" `\n    -OutputPath \"C:\\Temp\\MyProject\"\nAssert-PSRule `\n    -InputPath \"C:\\Temp\\MyProject\\\" `\n    -Module PSRule.Rules.AzureDevOps\n```\n\n#### Example: Run with a User Assigned Managed Identity\n\n```powershell\n$env:ADO_MSI_CLIENT_ID = $MyClientId\nConnect-AzDevOps `\n    -Organization \"MyOrg\" `\n    -AuthType ManagedIdentity `\nExport-AzDevOpsRuleData `\n    -Project \"MyProject\" `\n    -OutputPath \"C:\\Temp\\MyProject\"\nAssert-PSRule `\n    -InputPath \"C:\\Temp\\MyProject\\\" `\n    -Module PSRule.Rules.AzureDevOps\n```\n\n![Screenshot of version 0.0.9 run](assets/media/run-0.0.9.png)\n\n### Organization level export\n\nSince version 0.0.8 of this module, you can also export the\ndata at the organization level, looping through all projects\nin the organization the PAT has access to.\n\n```powershell\nExport-AzDevOpsOrganizationRuleData `\n    -OutputPath \"C:\\Temp\\MyOrg\"\n```\n\n### Disable checks for Azure DevOps Features that require additional licenses\n\nSince version 0.0.12 of this module, you can disable rules that\ncheck for Azure DevOps features that require additional licenses.\nThis is done through applying the `Baseline.NoExtraLicense`\nbaseline to the `Assert-PSRule` command through the `-Baseline`\noption.\n\n```powershell\nAssert-PSRule `\n    -InputPath \"C:\\Temp\\MyProject\\\" `\n    -Module PSRule.Rules.AzureDevOps `\n    -Baseline Baseline.NoExtraLicense\n```\n\n## Rules\n\nDocumentation for the implemented rules can be found in the\n[en](src/PSRule.Rules.AzureDevOps/en/) folder in the module folder.\n\nThis [annotated version of the official security best practices](docs/security-best-practices.md)\nprovides a reference for how the rules in this module are related to the\nbest practices recommended by Microsoft. It is the main guiding document\nin building the ruleset for this module.\n\n### Implemented rules\n\n- [Azure.DevOps.Groups.ProjectAdmins.MaxMembers](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Groups.ProjectAdmins.MaxMembers.md)\n- [Azure.DevOps.Groups.ProjectAdmins.MinMembers](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Groups.ProjectAdmins.MinMembers.md)\n- [Azure.DevOps.Groups.ProjectValidUsers.DoNotAssignMemberOfOtherGroups](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Groups.ProjectValidUsers.DoNotAssignMemberOfOtherGroups.md)\n- [Azure.DevOps.Pipelines.Core.InheritedPermissions](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Core.InheritedPermissions.md)\n- [Azure.DevOps.Pipelines.Core.NoPlainTextSecrets](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Core.NoPlainTextSecrets.md)\n- [Azure.DevOps.Pipelines.Core.ProjectValidUsers](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Core.ProjectValidUsers.md)\n- [Azure.DevOps.Pipelines.Core.UseYamlDefinition](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Core.UseYamlDefinition.md)\n- [Azure.DevOps.Pipelines.Environments.Description](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Environments.Description.md)\n- [Azure.DevOps.Pipelines.Environments.InheritedPermissions](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Environments.InheritedPermissions.md)\n- [Azure.DevOps.Pipelines.Environments.ProductionBranchLimit](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Environments.ProductionBranchLimit.md)\n- [Azure.DevOps.Pipelines.Environments.ProductionCheckProtection](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Environments.ProductionCheckProtection.md)\n- [Azure.DevOps.Pipelines.Environments.ProductionHumanApproval](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Environments.ProductionHumanApproval.md)\n- [Azure.DevOps.Pipelines.Environments.ProjectValidUsers](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Environments.ProjectValidUsers.md)\n- [Azure.DevOps.Pipelines.PipelineYaml.AgentPoolVersionNotLatest](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.PipelineYaml.AgentPoolVersionNotLatest.md)\n- [Azure.DevOps.Pipelines.PipelineYaml.StepDisplayName](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.PipelineYaml.StepDisplayName.md)\n- [Azure.DevOps.Pipelines.Releases.Definition.InheritedPermissions](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Releases.Definition.InheritedPermissions.md)\n- [Azure.DevOps.Pipelines.Releases.Definition.NoPlainTextSecrets](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Releases.Definition.NoPlainTextSecrets.md)\n- [Azure.DevOps.Pipelines.Releases.Definition.ProductionApproval](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Releases.Definition.ProductionApproval.md)\n- [Azure.DevOps.Pipelines.Releases.Definition.ProjectValidUsers](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Releases.Definition.ProjectValidUsers.md)\n- [Azure.DevOps.Pipelines.Releases.Definition.SelfApproval](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Releases.Definition.SelfApproval.md)\n- [Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScope](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScope.md)\n- [Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForReleasePipelines](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForReleasePipelines.md)\n- [Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForYamlPipelines](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForYamlPipelines.md)\n- [Azure.DevOps.Pipelines.Settings.LimitSetVariablesAtQueueTime](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Settings.LimitSetVariablesAtQueueTime.md)\n- [Azure.DevOps.Pipelines.Settings.RequireCommentForPullRequestFromFork](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Settings.RequireCommentForPullRequestFromFork.md)\n- [Azure.DevOps.Pipelines.Settings.RestrictSecretsForPullRequestFromFork](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Settings.RestrictSecretsForPullRequestFromFork.md)\n- [Azure.DevOps.Pipelines.Settings.SanitizeShellTaskArguments](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Settings.SanitizeShellTaskArguments.md)\n- [Azure.DevOps.Pipelines.Settings.StatusBadgesPrivate](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Settings.StatusBadgesPrivate.md)\n- [Azure.DevOps.Project.MainEnvironmentAcl.ProjectValidUsers](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Project.MainEnvironmentAcl.ProjectValidUsers.md)\n- [Azure.DevOps.Project.MainPipelineAcl.ProjectValidUsers](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Project.MainPipelineAcl.ProjectValidUsers.md)\n- [Azure.DevOps.Project.MainReleaseDefinitionAcl.ProjectValidUsers](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Project.MainReleaseDefinitionAcl.ProjectValidUsers.md)\n- [Azure.DevOps.Project.MainRepositoryAcl.ProjectValidUsers](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Project.MainRepositoryAcl.ProjectValidUsers.md)\n- [Azure.DevOps.Project.MainServiceConnectionAcl.ProjectValidUsers](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Project.MainServiceConnectionAcl.ProjectValidUsers.md)\n- [Azure.DevOps.Project.MainVariableGroupAcl.ProjectValidUsers](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Project.MainVariableGroupAcl.ProjectValidUsers.md)\n- [Azure.DevOps.Project.Visibility](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Project.Visibility.md)\n- [Azure.DevOps.Repos.Branch.BranchPolicyAllowSelfApproval](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyAllowSelfApproval.md)\n- [Azure.DevOps.Repos.Branch.BranchPolicyCommentResolution](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyCommentResolution.md)\n- [Azure.DevOps.Repos.Branch.BranchPolicyEnforceLinkedWorkItems](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyEnforceLinkedWorkItems.md)\n- [Azure.DevOps.Repos.Branch.BranchPolicyIsEnabled](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyIsEnabled.md)\n- [Azure.DevOps.Repos.Branch.BranchPolicyMergeStrategy](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyMergeStrategy.md)\n- [Azure.DevOps.Repos.Branch.BranchPolicyMinimumReviewers](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyMinimumReviewers.md)\n- [Azure.DevOps.Repos.Branch.BranchPolicyRequireBuild](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyRequireBuild.md)\n- [Azure.DevOps.Repos.Branch.BranchPolicyResetVotes](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.BranchPolicyResetVotes.md)\n- [Azure.DevOps.Repos.Branch.HasBranchPolicy](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Branch.HasBranchPolicy.md)\n- [Azure.DevOps.Repos.DefaultBranchPolicyAllowSelfApproval](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.DefaultBranchPolicyAllowSelfApproval.md)\n- [Azure.DevOps.Repos.DefaultBranchPolicyCommentResolution](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.DefaultBranchPolicyCommentResolution.md)\n- [Azure.DevOps.Repos.DefaultBranchPolicyEnforceLinkedWorkItems](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.DefaultBranchPolicyEnforceLinkedWorkItems.md)\n- [Azure.DevOps.Repos.DefaultBranchPolicyIsEnabled](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.DefaultBranchPolicyIsEnabled.md)\n- [Azure.DevOps.Repos.DefaultBranchPolicyMergeStrategy](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.DefaultBranchPolicyMergeStrategy.md)\n- [Azure.DevOps.Repos.DefaultBranchPolicyMinimumReviewers](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.DefaultBranchPolicyMinimumReviewers.md)\n- [Azure.DevOps.Repos.DefaultBranchPolicyRequireBuild](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.DefaultBranchPolicyRequireBuild.md)\n- [Azure.DevOps.Repos.DefaultBranchPolicyResetVotes](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.DefaultBranchPolicyResetVotes.md)\n- [Azure.DevOps.Repos.GitHubAdvancedSecurityBlockPushes](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.GitHubAdvancedSecurityBlockPushes.md)\n- [Azure.DevOps.Repos.GitHubAdvancedSecurityEnabled](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.GitHubAdvancedSecurityEnabled.md)\n- [Azure.DevOps.Repos.HasDefaultBranchPolicy](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.HasDefaultBranchPolicy.md)\n- [Azure.DevOps.Repos.InheritedPermissions](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.InheritedPermissions.md)\n- [Azure.DevOps.Repos.License](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.License.md)\n- [Azure.DevOps.Repos.ProjectValidUsers](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.ProjectValidUsers.md)\n- [Azure.DevOps.Repos.Readme](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Repos.Readme.md)\n- [Azure.DevOps.RetentionSettings.ArtifactMinimumRetentionDays](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.RetentionSettings.ArtifactMinimumRetentionDays.md)\n- [Azure.DevOps.RetentionSettings.PullRequestRunsMinimumRetentionDays](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.RetentionSettings.PullRequestRunsMinimumRetentionDays.md)\n- [Azure.DevOps.ServiceConnections.ClassicAzure](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.ServiceConnections.ClassicAzure.md)\n- [Azure.DevOps.ServiceConnections.Description](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.ServiceConnections.Description.md)\n- [Azure.DevOps.ServiceConnections.GitHubPAT](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.ServiceConnections.GitHubPAT.md)\n- [Azure.DevOps.ServiceConnections.InheritedPermissions](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.ServiceConnections.InheritedPermissions.md)\n- [Azure.DevOps.ServiceConnections.ProductionBranchLimit](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.ServiceConnections.ProductionBranchLimit.md)\n- [Azure.DevOps.ServiceConnections.ProductionCheckProtection](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.ServiceConnections.ProductionCheckProtection.md)\n- [Azure.DevOps.ServiceConnections.ProductionHumanApproval](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.ServiceConnections.ProductionHumanApproval.md)\n- [Azure.DevOps.ServiceConnections.ProjectValidUsers](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.ServiceConnections.ProjectValidUsers.md)\n- [Azure.DevOps.ServiceConnections.Scope](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.ServiceConnections.Scope.md)\n- [Azure.DevOps.ServiceConnections.WorkloadIdentityFederation](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.ServiceConnections.WorkloadIdentityFederation.md)\n- [Azure.DevOps.Tasks.VariableGroup.Description](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Tasks.VariableGroup.Description.md)\n- [Azure.DevOps.Tasks.VariableGroup.InheritedPermissions](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Tasks.VariableGroup.InheritedPermissions.md)\n- [Azure.DevOps.Tasks.VariableGroup.NoKeyVaultNoSecrets](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Tasks.VariableGroup.NoKeyVaultNoSecrets.md)\n- [Azure.DevOps.Tasks.VariableGroup.NoPlainTextSecrets](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Tasks.VariableGroup.NoPlainTextSecrets.md)\n- [Azure.DevOps.Tasks.VariableGroup.ProjectValidUsers](src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Tasks.VariableGroup.ProjectValidUsers.md)\n\n## Contributing\n\nThis project welcomes contributions and suggestions. Please read\n[CONTRIBUTING.md](CONTRIBUTING.md) for details on how to contribute.\n\n## License\n\nThis project is [licensed under the MIT License](LICENSE).\n\n## Acknowledgements\n\n- [Bernie White](https://github.com/BernieWhite) for creating\n  [PSRule](https://microsoft.github.io/PSRule/V2).\n\n## Maintainer\n\n- [Roderick Bant](https://github.com/webtonize)\n\n## References\n\n- [PSRule](https://microsoft.github.io/PSRule/V2)\n- [PsrAzDo-workbooks](https://github.com/cloudyspells/PsrAzDo-workbooks) - Azure Monitor Workbooks for PSRule.Rules.AzureDevOps\n- [Auditing an Azure DevOps project configuration with PSRule](https://medium.com/@webtonize/auditing-an-azure-devops-project-configuration-with-psrule-73cf17753827)\n- [Audit Azure DevOps configuration with Sarif scan reports from the pipeline](https://medium.com/@webtonize/audit-azure-devops-configuration-with-sarif-scan-reports-from-the-pipeline-4ced6fc47988)\n- [Azure DevOps Security best practices](https://learn.microsoft.com/en-us/azure/devops/organizations/security/security-best-practices?view=azure-devops)\n","funding_links":["https://github.com/sponsors/cloudyspells"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudyspells%2Fpsrule.rules.azuredevops","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcloudyspells%2Fpsrule.rules.azuredevops","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudyspells%2Fpsrule.rules.azuredevops/lists"}