v.0.5.1

New in this release

Functions added

• Export git repository branch statistics

Rules added

• Azure.DevOps.Repos.Branch.CommitRecent checks for stale branches with a configurable age in days.

Fixed

• Managed Identity authentication on Azure Virtual Machine

v0.5.0

Whats new:

This release brings new internal export functionality to the module and expands the capabilities in exporting Access Control Lists (ACL). These capabilities enable 15 new rules for validating best-practices in setting permission inheritance and misconfigurations of the Project Valid Users group in Azure DevOps.

Module Internal Functions

• Get-AzDevOpsProjectAcls
• Get-AzDevOpsEnvironmentAcls
• Get-AzDevOpsServiceConnectionAcls
• Get-AzDevOpsVariableGroupAcls

Rules

• Azure.DevOps.Pipelines.Core.ProjectValidUsers
• Azure.DevOps.Pipelines.Environments.InheritedPermissions
• Azure.DevOps.Pipelines.Environments.ProjectValidUsers
• Azure.DevOps.Pipelines.Releases.ProjectValidUsers
• Azure.DevOps.Project.MainEnvironmentAcl.ProjectValidUsers
• Azure.DevOps.Project.MainPipelineAcl.ProjectValidUsers
• Azure.DevOps.Project.MainReleaseDefinitionAcl.ProjectValidUsers
• Azure.DevOps.Project.MainRepositoryAcl.ProjectValidUsers
• Azure.DevOps.Project.MainServiceConnectionAcl.ProjectValidUsers
• Azure.DevOps.Project.MainVariableGroupAcl.ProjectValidUsers
• Azure.DevOps.Repos.ProjectValidUsers
• Azure.DevOps.ServiceConnections.InheritedPermissions
• Azure.DevOps.ServiceConnections.ProjectValidUsers
• Azure.DevOps.Tasks.VariableGroup.InheritedPermissions
• Azure.DevOps.Tasks.VariableGroup.ProjectValidUsers

Bug fixes

• Undocumented bug where no ACL was returned when Release or Build Definition is in a folder

v0.4.4

What's new:

• Fix #106 where saving a service connection with / in the name fails. Contributed by @wouter-van-den-meulenhof
• Fix #105 typo in Azure Pipelines example YAML. Contributed by @wouter-van-den-meulenhof

v0.4.3

Whats new:

• Fix bug in Azure.DevOps.Repos.Branch.BranchPolicyIsEnabled and Fix Azure.DevOps.Repos.DefaultBranchPolicyIsEnabled

v0.4.2

Whats new:

• All exported objects now have an id property consisting of a JSON formatted object string of the fields below. This has been added to allow KQL parsing back to the original object hierarchy when the module is used together with PSRule.Monitor
  • originalId
  • resourceName
  • project
  • organization

v0.4.1

What's new

• Fix Bug #97

v0.4.0

What's new

Features:

• -PassThru Parameter. This new parameter enables the export functions to write their output to the PowerShell pipeline and not write any files to storage. This enables full in-memory execution of the rules and prevents sensitive information written to the filesystem.
• Azure DevOps Group export and rules. Group information is now exported and 3 new rules have been added for best practices concering the default groups in Azure DevOps.
• All repository branches are now exported and in scope. With the PSRule Supression Groups functionality you can define the scope of branches that should be protected with best practices.
• All serviceconnections are now exported and in scope. Previous versions of the module only inspected serviceconnections with names like prd, production etc. The scope has now been expanded to all serviceconnections and suppression groups can be set as shown in the supplied example for best-practice based suppression groups.
• Build (-artifact) retention settings export and rules.
• Rules for private vs. public projects and corresponding baselines.
• Enhancements in unit testing maintainability.

Rules:

• Azure.DevOps.Groups.ProjectAdmins.MinMembers
• Azure.DevOps.Groups.ProjectAdmins.MaxMembers
• Azure.DevOps.Groups.ProjectValidUsers.DoNotAssignMemberOfOtherGroups
• Azure.DevOps.Pipelines.Settings.StatusBadgesPrivate
• Azure.DevOps.Project.Visibility
• Azure.DevOps.Repos.Branch.BranchPolicyAllowSelfApproval
• Azure.DevOps.Repos.Branch.BranchPolicyCommentResolution
• Azure.DevOps.Repos.Branch.BranchPolicyEnforceLinkedWorkItems
• Azure.DevOps.Repos.Branch.BranchPolicyIsEnabled
• Azure.DevOps.Repos.Branch.BranchPolicyMergeStrategy
• Azure.DevOps.Repos.Branch.BranchPolicyMinimumReviewers
• Azure.DevOps.Repos.Branch.BranchPolicyRequireBuild
• Azure.DevOps.Repos.Branch.BranchPolicyResetVotes
• Azure.DevOps.Repos.Branch.HasBranchPolicy
• Azure.DevOps.RetentionSettings.ArtifactMinimumRetentionDays
• Azure.DevOps.RetentionSettings.PullRequestRunsMinimumRetentionDays

v0.4.0-preview1

What's new

Features:

• -PassThru Parameter. This new parameter enables the export functions to write their output to the PowerShell pipeline and not write any files to storage. This enables full in-memory execution of the rules and prevents sensitive information written to the filesystem.
• Azure DevOps Group export and rules. Group information is now exported and 3 new rules have been added for best practices concering the default groups in Azure DevOps.
• All repository branches are now exported and in scope. With the PSRule Supression Groups functionality you can define the scope of branches that should be protected with best practices.
• All serviceconnections are now exported and in scope. Previous versions of the module only inspected serviceconnections with names like prd, production etc. The scope has now been expanded to all serviceconnections and suppression groups can be set as shown in the supplied example for best-practice based suppression groups.
• Build (-artifact) retention settings export and rules.
• Rules for private vs. public projects and corresponding baselines.
• Enhancements in unit testing maintainability.

Rules:

• Azure.DevOps.Groups.ProjectAdmins.MinMembers
• Azure.DevOps.Groups.ProjectAdmins.MaxMembers
• Azure.DevOps.Groups.ProjectValidUsers.DoNotAssignMemberOfOtherGroups
• Azure.DevOps.Pipelines.Settings.StatusBadgesPrivate
• Azure.DevOps.Project.Visibility
• Azure.DevOps.Repos.Branch.BranchPolicyAllowSelfApproval
• Azure.DevOps.Repos.Branch.BranchPolicyCommentResolution
• Azure.DevOps.Repos.Branch.BranchPolicyEnforceLinkedWorkItems
• Azure.DevOps.Repos.Branch.BranchPolicyIsEnabled
• Azure.DevOps.Repos.Branch.BranchPolicyMergeStrategy
• Azure.DevOps.Repos.Branch.BranchPolicyMinimumReviewers
• Azure.DevOps.Repos.Branch.BranchPolicyRequireBuild
• Azure.DevOps.Repos.Branch.BranchPolicyResetVotes
• Azure.DevOps.Repos.Branch.HasBranchPolicy
• Azure.DevOps.RetentionSettings.ArtifactMinimumRetentionDays
• Azure.DevOps.RetentionSettings.PullRequestRunsMinimumRetentionDays

v0.3.0

What's new

• Connect-AzDevOps Cmdlet to connect to Azure DevOps
• New name convention for exported resources: {DevOps Organization}.{Project}.{resource}. The new name convention allows for better use of the module at scale. E.g. when collecting data for all projects in an organization.
• Rule Severity levels reviewed and improved. See the table below for improvements.

Rule	Previous Severity	New Severity
Azure.DevOps.Pipelines.PipelineYaml.AgentPoolVersionNotLatest	Informational	Important
Azure.DevOps.Pipelines.Settings.RequireCommentForPullRequestFromFork	Severe	Important
Azure.DevOps.Pipelines.Settings.RestrictSecretsForPullRequestFromFork	Severe	Critical
Azure.DevOps.Repos.BranchPolicyCommentResolution	Informational	Important
Azure.DevOps.Repos.BranchPolicyMergeStrategy	Informational	Important
Azure.DevOps.Repos.License	Important	Informational
Azure.DevOps.Repos.Readme	Important	Informational
Azure.DevOps.ServiceConnections.ClassicAzure	Severe	Critical
Azure.DevOps.ServiceConnections.Description	Severe	Informational
Azure.DevOps.ServiceConnections.WorkloadIdentityFederation	Severe	Important
Azure.DevOps.Tasks.VariableGroup.Description	Severe	Informational
Azure.DevOps.Tasks.VariableGroup.NoKeyVaultNoSecrets	Severe	Critical

v0.3.0-preview4

• Fix cmdlet export