Security Knowledge Base

This website stores cookies on your computer.These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, please review our Privacy Policy.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked.
By clicking “Accept All”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.

Reset

Showing 123 rule(s)

Rule ID	Name	Platform	Category	Severity
DOS2180	Pipeline Settings - Disable creation of classic release pipelines	AzureDevOps	project	medium
DOS2190	Pipeline Settings - Disable implied YAML CI trigger to prevent unintended pipeline runs	AzureDevOps	project	low
DOS2195	Pipeline Settings - Enable shell tasks arguments validation	AzureDevOps	project	high
DOS2200	Pipeline Settings - Enforce job authorization scope to current project for non-release pipelines	AzureDevOps	project	critical
DOS2210	Pipeline Settings - Enforce access to repositories in YAML pipelines.	AzureDevOps	project	critical
DOS2220	Pipeline Settings - Enforce job authorization scope to current project for release pipelines	AzureDevOps	project	critical
DOS2230	Pipeline Settings - Limit variables that can be set at queue time	AzureDevOps	project	high
DOS2240	Pipeline Retention Policy - Days to keep Artifacts (>= 30)	AzureDevOps	project	low
DOS2250	Pipeline Retention Policy - Days to keep Pull Request Runs (>= 10)	AzureDevOps	project	low
DOS2260	Pipeline Retention Policy - Number of recent runs to retain per pipeline (>= 3)	AzureDevOps	project	low
DOS2270	Pipeline Retention Policy - Days to keep Runs (>= 30)	AzureDevOps	project	low
DOS2280	Do not make the Agent Pool accessible to all YAML Pipelines	AzureDevOps	project	high
DOS2290	Do not make the Environment accessible to all YAML Pipelines	AzureDevOps	project	high
DOS2300	Do not make the Secure File accessible to all YAML Pipelines	AzureDevOps	project	high
DOS2310	Do not make the Service Connection accessible to all YAML Pipelines	AzureDevOps	project	high
DOS2320	Do not make the Variable Group with secret variables accessible to all YAML Pipelines	AzureDevOps	project	high
DOS2325	Pipelines - Environment should have a description	AzureDevOps	project	low
DOS2326	Pipelines - Variable group should have a description	AzureDevOps	project	low
DOS2327	Pipelines - Variable group secrets should only be linked to a key vault	AzureDevOps	project	high
DOS2330	Ensure project visibility is set to Private	AzureDevOps	project	critical

DevOps Shield

Browse security rules for Azure DevOps, GitHub, and GitLab

Security Knowledge Base