Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/azure/azuregovernedpipelines

A template repository for governed pipelines.
https://github.com/azure/azuregovernedpipelines

azure azure-pipelines cloud devops devsecops github-actions pipelines-as-code psrule

Last synced: 3 months ago
JSON representation

A template repository for governed pipelines.

Host: GitHub
URL: https://github.com/azure/azuregovernedpipelines
Owner: Azure
License: mit
Created: 2022-03-30T16:15:56.000Z (almost 3 years ago)
Default Branch: main
Last Pushed: 2024-07-26T02:47:02.000Z (5 months ago)
Last Synced: 2024-10-01T16:13:13.317Z (3 months ago)
Topics: azure, azure-pipelines, cloud, devops, devsecops, github-actions, pipelines-as-code, psrule
Homepage:
Size: 24.4 KB
Stars: 8
Watchers: 3
Forks: 6
Open Issues: 0
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md
- Support: SUPPORT.md

Awesome Lists containing this project

README

# Azure Governed Pipelines

**In development**

This repository contains sample code you can use to create your own governed pipelines for deploying Azure solutions.
To learn more about PSRule for Azure, see .

[![Use this template](https://img.shields.io/static/v1?label=GitHub&message=Use%20this%20template&logo=github&color=007acc)](https://github.com/Azure/PSRule.Rules.Azure-governed/generate)

## Overview

Building enterprise scale pipelines can be challenging.
Without a standard approach, pipelines can become complex and difficult to maintain.
Governed pipelines provides a set of patterns to help you build and maintain pipelines for deploying Azure solutions.

- **Who should consider using governed pipelines?** — Any organzation that need to scale one or two pipelines to many.
- **Why use governed pipelines?** — A central set of governed pipelines allows you to manage quality and security across projects or teams.
- **What systems are supported?** — In the current interation governed pipelines support Azure Pipelines.
In the future we plan to add support for GitHub Actions.

## How do they work?

Governed Pipelines allow an organization to enforce controls within deployment pipelines by extending on built-in features of Azure and GitHub.

Pipelines **must** prove they have extended from a secure pipeline that enforces an organization's DevSecOps requirements.

- When a pipeline extends from a governed pipeline it is entitled to use credentials with permissions to deploy to Azure.
- If the pipeline does not use a governed pipeline the credentials are not provides to the pipeline and deployment is blocked.

The implementation for Azure Piplines and GitHub Action is slightly different as follows:

- **Azure Pipelines** — [Security through templates][1] requires a specific pipeline template to be used.
- **GitHub Actions (available in the future)** — [Open ID Connect with reusable workflows][2] requires a specific workflow template to be used.

[1]: https://learn.microsoft.com/azure/devops/pipelines/security/templates?view=azure-devops
[2]: https://docs.github.com/enterprise-cloud@latest/actions/deployment/security-hardening-your-deployments/using-openid-connect-with-reusable-workflows

## Getting started

To get started, please check out our consumer guide for:

- [Azure Pipelines](docs/consumer-azure-pipelines.md)

## Support

This project uses GitHub Issues to track bugs and feature requests.
Please search the existing issues before filing new issues to avoid duplicates.

- For new issues, file your bug or feature request as a new [issue].
- For help, discussion, and support questions about using this project, join or start a [discussion].

Support for this project/ product is limited to the resources listed above.

[issue]: https://github.com/Azure/PSRule.Rules.Azure-governed/issues
[discussion]: https://github.com/Azure/PSRule.Rules.Azure-governed/discussion

## Contributing

This project welcomes contributions and suggestions.
If you are ready to contribute, please visit the [contribution guide](CONTRIBUTING.md).

## Code of Conduct

This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
or contact [[email protected]](mailto:[email protected]) with any additional questions or comments.

## Maintainers

- [Bernie White](https://github.com/BernieWhite)

## License

This project is [licensed under the MIT License](LICENSE).

## Trademarks

This project may contain trademarks or logos for projects, products, or services.
Authorized use of Microsoft trademarks or logos is subject to and must follow [Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/usage/general).
Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship.
Any use of third-party trademarks or logos are subject to those third-party's policies.