DOS1100

Pipeline Settings - Disable implied YAML CI trigger to prevent unintended pipeline runs

DOS1100

AzureDevOps organization low builtIn

Description

Prevent unintended pipeline runs. Enable the setting 'Disable implied YAML CI trigger'. Trigger a pipeline only for code changes that match its trigger section. Do not trigger the pipeline if the trigger section is missing. Learn more: https://learn.microsoft.com/en-us/azure/devops/release-notes/2023/sprint-227-update#prevent-unintended-pipeline-runs https://learn.microsoft.com/en-us/azure/devops/pipelines/yaml-schema/trigger

Recommendation

1. Go to Organization Settings. 
2. Click on Pipelines -> Settings. 
3. Turn 'On' the setting 'Disable implied YAML CI trigger'.

Policy Rule

{
  "target": "ADOOrganizationPipelineSettings",
  "if": {
    "allOf": [
      {
        "resource": "ADOOrganizationPipelineSettings",
        "property": "DisableImpliedYAMLCiTrigger",
        "operator": "equals",
        "value": true
      }
    ]
  },
  "then": {
    "effect": "Audit"
  }
}
« DOS1090 DOS1110 »
Rule Details
  • Rule ID: DOS1100
  • Code: ADO_Organization_Pipeline_Settings_Disable_Implied_YAML_CI_Trigger
  • Platform: AzureDevOps
  • Category: organization
  • Severity: low
  • Type: builtIn
Related Rules

Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions