Skip to content

Releases: cloudyspells/PSRule.Rules.AzureDevOps

v0.3.0-preview1

10 Dec 14:12
@webtonize webtonize
v0.3.0-preview1
5fc02fe
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.3.0-preview1 Pre-release
Pre-release

What's new

This release adds the Connect-AzDevOps cmdlet for authentication a session to the Azure DevOps REST API for the module. The new cmdlet can authenticate a Service Principal, Managed Identity (System- or User-assigned) or Personal Access Token. Unit testing has also been restructured improving coverage and maintainability.

Assets 2
Loading
0 Join discussion

v0.2.1

25 Nov 17:39
@webtonize webtonize
v0.2.1
879b7b8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.2.1

What's new:

  • Fix bug #53 where data collection fails with error if yaml is not in default branch
  • Added secret detection for MySQL, PostgreSQL, MongoDB, Redis, AWS ID, Azure Cognitive Services and OpenAI Connection strings and API keys in variable groups, build- and release definitions.
Assets 2
Loading
0 Join discussion

v0.2.0

21 Oct 12:44
@webtonize webtonize
v0.2.0
bb61586
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.2.0

What's new

Features:

This release introduces a TokenType parameter on the export commands to allow use of the module in environments where security policies restrict the use of FullAccess Personal Access Tokens. You can now specify a token as FullAccess, FineGrained or ReadOnly to suit your situation.

Additionally the export functions for service connections and pipeline settings were updated. Service connection export now covers all types of service connections, no longer just the modern Azure ARM type only. The project pipeline setting export has been migrated from using a UI endpoint to the REST API allowing for fine grained permissions.

Rules:

  • Azure.DevOps.ServiceConnections.ClassicAzure
  • Azure.DevOps.ServiceConnections.GitHubPAT
Assets 2
Loading

v0.1.1

08 Oct 14:21
@webtonize webtonize
v0.1.1
16252a5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.1.1

What's new

This release adds new rules that help secure your Azure DevOps environment. A set of 3 new rules now checks variables in various GUI features for plaintext sensitive information like connection strings for popular Azure services. The module now also checks the branch policy on the default branch in a git repo to require a successful build/pipeline run.

Rules

  • Azure.DevOps.Pipelines.Core.NoPlainTextSecrets
  • Azure.DevOps.Pipelines.Releases.Definition.NoPlainTextSecrets
  • Azure.DevOps.Tasks.VariableGroup.NoPlainTextSecrets
  • Azure.DevOps.Repos.BranchPolicyRequireBuild
Assets 2
Loading
0 Join discussion

v0.1.0

06 Oct 19:17
@webtonize webtonize
v0.1.0
6e514ea
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.1.0

What's new

Features:

Rules:

  • Azure.DevOps.Pipelines.Releases.Definition.InheritedPermissions
  • Azure.DevOps.Repos.InheritedPermissions
  • Azure.DevOps.Pipelines.Core.InheritedPermissions
Assets 2
Loading
0 Join discussion

v0.0.13

30 Sep 18:51
@webtonize webtonize
v0.0.13
80d02d6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.0.13

What's new

Features

  • Azure DevOps Pipeline YAML export and parsing
  • Enhanced detail in checks export on environments and serviceconnections

Rules

  • Azure.DevOps.Pipelines.PipelineYaml.AgentPoolVersionNotLatest
  • Azure.DevOps.Pipelines.PipelineYaml.StepDisplayName
  • Azure.DevOps.Pipelines.Environments.ProductionBranchLimit
  • Azure.DevOps.ServiceConnections.ProductionBranchLimit
Assets 2
Loading
0 Join discussion

v0.0.12

26 Sep 11:34
@webtonize webtonize
v0.0.12
f6af158
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.0.12

What's new

This update adds the following features:

  • Azure DevOps Project Pipelines Settings Export
  • PSRule Baselines for default and without add-on licenses: Baseline.Default, Baseline.NoExtraLicense
  • Configurable settings for some rules. See rule help for details.
  • Sample Azure DevOps pipeline YAML definition for running PSRule.Rules.AzureDevOps with Sarif output.

Added rules:

  • Azure.DevOps.Pipelines.Settings.LimitSetVariablesAtQueueTime
  • Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScope
  • Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForReleasePipelines
  • Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForYamlPipelines
  • Azure.DevOps.Pipelines.Settings.RequireCommentForPullRequestFromFork
  • Azure.DevOps.Pipelines.Settings.RestrictSecretsForPullRequestFromFork
  • Azure.DevOps.Pipelines.Settings.SanitizeShellTaskArguments
Assets 2
Loading

v0.0.11

24 Sep 09:00
@webtonize webtonize
v0.0.11
3956575
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.0.11

This release adds the following features:

  • Support for Workload Identity Federation on Service Connections
  • Support for GitHub Advanced Security on Azure DevOps
  • Enhanced test coverage
  • Minor rule bug fixes

The release adds the following new rules:

  • Azure.DevOps.ServiceConnections.WorkloadIdentityFederation
  • Azure.DevOps.Repos.GitHubAdvancedSecurityEnabled
  • Azure.DevOps.Repos.GitHubAdvancedSecurityBlockPushes
  • Azure.DevOps.Pipelines.Releases.Definition.SelfApproval
Assets 2
Loading

v0.0.10

23 Sep 10:59
@webtonize webtonize
v0.0.10
7af15c5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.0.10

What's Changed

  • Added test cases for export commands
  • Switch to new dedicated ADO testing environment
  • Added Pester tests for Rules
  • Fixed bugs in description related rules
  • Improved error handling for export commands

Full Changelog: v0.0.9...v0.0.10

Assets 2
Loading

v0.0.9

22 Sep 13:12
@webtonize webtonize
v0.0.9
df62b8d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.0.9
  • Updated help functionality and run output
  • Added nl (Dutch) help files
Assets 2
Loading