DOS3170

Disable Forking

DOS3170

AzureDevOps repository high builtIn

Description

Disable repository forking. The more forks there are, the harder it is to keep track of each fork’s security. Learn more: https://learn.microsoft.com/en-us/azure/devops/organizations/security/security-best-practices#repositories-and-branches https://learn.microsoft.com/en-us/azure/devops/repos/git/repository-settings#enable-forks

Recommendation

1. Navigate to Project Settings. 
2. Open the Repositories link under Repos. 
3. Select a repository from the list. 
4. Click on Settings tab. 
5. Under 'Repository Settings' section, turn 'Off' the setting 'Forks'.

Policy Rule

{
  "target": "ADOProjectGitRepositorySettings",
  "if": {
    "allOf": [
      {
        "resource": "ADOProjectGitRepositorySettings",
        "property": "IsForksEnabled",
        "operator": "equals",
        "value": false
      }
    ]
  },
  "then": {
    "effect": "Audit"
  }
}
« DOS3080 DOS3410 »
Rule Details
  • Rule ID: DOS3170
  • Code: ADO_Project_Repository_Settings_Disable_Forking
  • Platform: AzureDevOps
  • Category: repository
  • Severity: high
  • Type: builtIn
Related Rules

Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions