Security Knowledge Base

This website stores cookies on your computer.These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, please review our Privacy Policy.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked.
By clicking “Accept All”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.

Reset

Showing 123 rule(s)

Rule ID	Name	Platform	Category	Severity
DOS1010	Artifacts - Restrict feeds creation to only administrators	AzureDevOps	organization	high
DOS1020	Extensions - Restrict extensions to only trusted publishers	AzureDevOps	organization	high
DOS1030	Extensions - Security Roles - Restrict extension manager role to only administrators	AzureDevOps	organization	high
DOS1040	An organization must have at least 2 and no more than 5 administrators	AzureDevOps	organization	medium
DOS1050	Disable auto-provisioning of agent pools	AzureDevOps	organization	high
DOS1060	Enable auto-update of agents in the agent pool	AzureDevOps	organization	high
DOS1070	Pipeline Settings - Disable anonymous access to badges	AzureDevOps	organization	low
DOS1075	Pipeline Settings - Disable building pull requests from forked repositories	AzureDevOps	organization	critical
DOS1080	Pipeline Settings - Disable creation of classic build pipelines	AzureDevOps	organization	medium
DOS1090	Pipeline Settings - Disable creation of classic release pipelines	AzureDevOps	organization	medium
DOS1100	Pipeline Settings - Disable implied YAML CI trigger to prevent unintended pipeline runs	AzureDevOps	organization	low
DOS1110	Pipeline Settings - Disable stage chooser	AzureDevOps	organization	low
DOS1115	Pipeline Settings - Enable shell tasks arguments validation	AzureDevOps	organization	high
DOS1120	Pipeline Settings - Enforce job authorization scope to current project for non-release pipelines	AzureDevOps	organization	critical
DOS1130	Pipeline Settings - Enforce access to repositories in YAML pipelines.	AzureDevOps	organization	critical
DOS1140	Pipeline Settings - Enforce job authorization scope to current project for release pipelines	AzureDevOps	organization	critical
DOS1150	Pipeline Settings - Limit variables that can be set at queue time	AzureDevOps	organization	high
DOS1160	Disallow OAuth Authentication	AzureDevOps	organization	high
DOS1170	Disallow SSH authentication	AzureDevOps	organization	high
DOS1180	Disallow Anonymous Access	AzureDevOps	organization	critical

DevOps Shield

Browse security rules for Azure DevOps, GitHub, and GitLab

Security Knowledge Base