DOS1330

Enable Advanced Security - Secret Scanning - Block secrets on push

DOS1330

AzureDevOps repository high builtIn

Description

Block secrets on push. Enable secret push protection for your repository. Scan all pushes to the repository and block pushes containing secrets. Secret scanning push protection and repository scanning are automatically enabled when you turn on Advanced Security. Learn more: https://learn.microsoft.com/en-us/azure/devops/repos/security/configure-github-advanced-security-features

Recommendation

1. Go to Project Settings. 
2. Select Repos -> Repositories. 
3. Select the repository you want to enable Advanced Security for. 
4. Ensure the setting 'Advanced Security' is 'On'. 
5. Enable the check 'Block secrets on push'.

Policy Rule

{
  "target": "ADORepositoryAdvancedSecurityEnablement",
  "if": {
    "allOf": [
      {
        "resource": "ADORepositoryAdvancedSecurityEnablement",
        "property": "BlockPushes",
        "operator": "equals",
        "value": true
      }
    ]
  },
  "then": {
    "effect": "Audit"
  }
}
« DOS1320 DOS2130 »
Rule Details
  • Rule ID: DOS1330
  • Code: ADO_Project_Repository_AdvancedSecurity_Enable_Secret_Scanning_Push_Protection
  • Platform: AzureDevOps
  • Category: repository
  • Severity: high
  • Type: builtIn
Related Rules

Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions