Security Knowledge Base

This website stores cookies on your computer.These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, please review our Privacy Policy.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked.
By clicking “Accept All”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.

Reset

Showing 123 rule(s)

Rule ID	Name	Platform	Category	Severity
DOS2335	Project should have a description	AzureDevOps	project	low
DOS2336	Project Team should have a description	AzureDevOps	project	low
DOS2340	Security Roles - Restrict common group access permissions on agent pool	AzureDevOps	project	high
DOS2350	Security Roles - Restrict inherited common group access permissions on agent pool	AzureDevOps	project	high
DOS2360	Security Roles - Restrict common group access permissions on environment	AzureDevOps	project	high
DOS2370	Security Roles - Restrict inherited common group access permissions on environment	AzureDevOps	project	high
DOS2380	Security Roles - Restrict inherited common group access permissions on variable group and secure file	AzureDevOps	project	high
DOS2390	Security Roles - Restrict common group access permissions on secure file	AzureDevOps	project	high
DOS2400	Security Roles - Restrict global group access permissions on service connection	AzureDevOps	project	high
DOS2410	Security Roles - Restrict inherited common group access permissions on service connection	AzureDevOps	project	high
DOS2420	Security Roles - Restrict common group access permissions on variable group	AzureDevOps	project	high
DOS2430	Azure service connection should use Workload Identity federation with OpenID Connect for authentication	AzureDevOps	project	high
DOS2440	Do not share the Service Connection across multiple projects	AzureDevOps	project	high
DOS2450	Do not use Azure Classic service connections to access an Azure subscription	AzureDevOps	project	high
DOS2460	Azure service connection should not be granted access to subscription or management group	AzureDevOps	project	high
DOS2470	Inactive service connection should be reviewed and must be removed if not used	AzureDevOps	project	high
DOS2475	Pipelines - Service connection should have a description	AzureDevOps	project	low
DOS3080	Default branch name should be main	AzureDevOps	repository	medium
DOS3170	Disable Forking	AzureDevOps	repository	high
DOS3410	Pipeline - Enforce job authorization scope to only current project	AzureDevOps	repository	critical

DevOps Shield

Browse security rules for Azure DevOps, GitHub, and GitLab

Security Knowledge Base