DOS1300

Enable Advanced Security for new Projects

DOS1300

AzureDevOps organization high builtIn

Description

Automatically enable Advanced Security for new projects. New projects in this organization will be set to automatically enable Advanced Security on new Git repositories by default. Settings can be changed on individual projects and repositories at any time. Advanced Security is billed based on the number of unique active committers across all enabled repositories in your subscription. Learn more: https://learn.microsoft.com/en-us/azure/devops/repos/security/configure-github-advanced-security-features

Recommendation

1. Go to Organization Settings. 
2. Select Repos -> Repositories. 
3. Turn 'On' the setting 'Automatically enable Advanced Security for new projects'.

Policy Rule

{
  "target": "ADOOrganizationAdvancedSecurityEnablement",
  "if": {
    "allOf": [
      {
        "resource": "ADOOrganizationAdvancedSecurityEnablement",
        "property": "EnableOnCreate",
        "operator": "equals",
        "value": true
      }
    ]
  },
  "then": {
    "effect": "Audit"
  }
}
« DOS1240 DOS1310 »
Rule Details
  • Rule ID: DOS1300
  • Code: ADO_Organization_AdvancedSecurity_Enable_For_New_Projects
  • Platform: AzureDevOps
  • Category: organization
  • Severity: high
  • Type: builtIn
Related Rules

Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions