DOS2130: A project must have at least 2 and no more than 5 administrators | Security KB - DevOps Shield - The ultimate DevSecOps platform designed to secure your DevOps.

This website stores cookies on your computer.These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, please review our Privacy Policy.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked.
By clicking “Accept All”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.

AzureDevOps project medium builtIn

Description

Your project should have at least 2 and at most 5 Project Administrators. To reduce the risk of losing admin access, you may want to ensure at least 2 users are part of the Project Administrators group. Limit the number of administrators to no more than 5 for your project. Learn more: https://learn.microsoft.com/en-us/azure/devops/organizations/security/look-up-project-administrators

Recommendation

1. Go to Project Settings. 
2. Click on General -> Permissions. 
3. Groups - Select ' Project Administrators'. 
4. Review all members of this group.

Policy Rule

{
  "target": "ADOSecurityGroupMembers",
  "if": {
    "allOf": [
      {
        "resource": "ADOSecurityGroupMembers",
        "property": "ScopeResource.ResourceType",
        "operator": "equals",
        "value": "project"
      },
      {
        "resource": "ADOSecurityGroupMembers",
        "property": "ScopeResource.Group.DisplayName",
        "operator": "equals",
        "value": "Project Administrators"
      },
      {
        "resource": "ADOSecurityGroupMembers",
        "property": "TotalUserIdentityCount",
        "operator": "GreaterThan",
        "value": 1
      },
      {
        "resource": "ADOSecurityGroupMembers",
        "property": "TotalUserIdentityCount",
        "operator": "LessThan",
        "value": 4
      }
    ]
  },
  "then": {
    "effect": "Audit"
  }
}

« DOS1330 DOS2135 »

Rule Details

Rule ID: DOS2130
Code: ADO_Project_Limit_Min_Max_Admins
Platform: AzureDevOps
Category: project
Severity: medium
Type: builtIn

DOS2130

A project must have at least 2 and no more than 5 administrators

DOS2130

Description

Recommendation

Policy Rule

View evaluation logic (JSON)

Rule Details

Related Rules