-
-
Notifications
You must be signed in to change notification settings - Fork 2
Azure.DevOps.ServiceConnections.GitHubPAT
github-actions edited this page Oct 21, 2023
·
1 revision
category: Microsoft Azure DevOps Service Connections severity: Severe online version: https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.ServiceConnections.GitHubPAT.md
A service connection should not use a GitHub Personal Access Token (PAT).
A service connection is a secure stored object that contains information about how to connect to a service. Service connections are used during the build or release pipeline to connect to external and remote resources. The GitHub PAT service connection type is linked to a personal account and cannot be traced back to the specific connection from Azure DevOps. This means any user with access to the service connection can impersonate the user who created the service connection.
Mininum TokenType: ReadOnly
Consider using an oauth-based service connection.