Forem: RoderickB

New Preview of Azure DevOps Best Practice analyzer released

RoderickB — Fri, 29 Dec 2023 10:32:42 +0000

The new Public Preview of PSRule.Rules.AzureDevOps has just been released and its packed with new features. The scope of inspected branches and service connections has been expanded to include all. Build- and artifact retention settings are also included in this new 0.4.0 release of the best-practice analyzer for Azure DevOps.

Additional features include group export, rules to cover sensible use of some the default groups and full in-memory processing without writing any configuration data to disk with the new PassThru feature.

Check out the full release notes on GitHub

Hacktoberfest issues for grabs at PSRule.Rules.AzureDevOps

RoderickB — Sun, 22 Oct 2023 11:44:27 +0000

As most of you are probably aware by now, October is the month for Hacktoberfest, the coolest way to start contributing to open source and get some nice goodies and a tree planted in reward when you make 4 approved open source contributions.

The PSRule.Rules.AzureDevOps project still has some nice beginner issues open for anyone looking to contribute in documentation, PowerShell, Regex or GitHub skills. The project aims to deliver a standards based tool for auditing an Azure DevOps project for security configuration best practices.

Among the issues included for Hacktoberfest improving the Wiki content and delivery workflow, adding regular expressions for secret detection and other features as well. Ofcourse suggestions are always welcome as in any open source project.

Check out the project's issue tracker and see if there is anthing there to your liking.

PSRule.Rules.AzureDevOps v0.1.0 released

RoderickB — Fri, 06 Oct 2023 19:28:40 +0000

The new v0.1.0 version of PSRule.Rules.AzureDevOps has just been released. The new release includes documentation for justification of the rules versus Microsoft Official security best practices for Azure DevOps. This release includes new export features for various ACLs and rules to check for inheritance.

Check out the new release on GitHub

Vendor slashes prices for pre-built Azure DevOps Agent

RoderickB — Sun, 01 Oct 2023 07:34:54 +0000

RTBusinessValidation has slashed the price for their pre-built Azure DevOps agent image by a whopping 66 percent. The image is available in the Azure Marketplace and contains all the open source tools included in the official Microsoft Hosted pool image.

Save time by using the pre-built image. No more lost sprints for maintance of build and deployment agents.

Audit your Azure DevOps configuration from the Pipeline

RoderickB — Tue, 26 Sep 2023 17:16:23 +0000

Today marks the release of version 0.0.12 of PSRule.Rules.AzureDevOps in the PowerShell Gallery. Again, the new release is packed with new features. The module can now export and analyze the project's main pipelines settings and comes with 7 new rules making a total of 32 overall checkpoints in the module.

This release also introduces configurability for some of the rules. For example, the number of reviewers required by branch policies. Baselines were added to this release to provide a better fit for Azure DevOps customers with or without additional Microsoft licensing, for example GitHub Advanced Security.

Finally, a quick start Azure Pipelines YAML definition was added to the project so you can get started with the project quickly and read the reports in Sarif format in the Azure DevOps portal.

Checkout the latest release notes on GitHub and give the module a test drive with your Azure DevOps project.

PSRule.Rules.AzureDevOps 0.0.11 Released

RoderickB — Sun, 24 Sep 2023 14:32:06 +0000

Version 0.0.11 of PSRule.Rules.AzureDevOps has just been released in the PowerShell Gallery. It boasts support for some of the latest new features in Azure DevOps. With this module for checking configuration best practices on your Azure DevOps project, you can now also check your service connections for use of the new Workload Identity Federation feature. You can also confirm you have the best repository security enabled through the new GitHub Advanced Security feature on Azure DevOps.

Check out the source code and install instructions on GitHub or checkout the module in the PowerShell Gallery

PSRule.Rules.AzureDevOps 0.0.7 released

RoderickB — Wed, 20 Sep 2023 09:19:11 +0000

Since the initial release of PSRule.Rules.AzureDevOps last Saturday, development has gone fast. Today marks the release of version 0.0.7 and quite a few features have been added along the way. The PowerShell module is a rules module for PSRule and helps to analyze an Azure DevOps project for configuration and security best-practices.

Recently added features include rules for:

Variable Group secrets should be linked to KeyVault
Azure pipelines should be defined as YAML
Release pipelines should use approvals for production stages

The module, available as open source on GitHub and PowerShell gallery, can easily be run from your desktop in a PowerShell terminal, or through CI/CD pipelines as a routine governance check of your Azure DevOps project. Besides the new features, PSRule.Rules.AzureDevOps already has support for checks on including license and readme files in your repos, protecting your repos, environments and service connections with branch policies, checks and approvals and it even checks if your Azure Resource Manager Service Connection has a scope assigned as advised in the best practices.

The near future will bring some new features and improve the existing codebase with descriptive error handling and test cases. All of your ideas, inspiration, remarks and other contributions are very welcome through opening an issue on GitHub.

PSRule module for Azure DevOps available for feedback

RoderickB — Sun, 17 Sep 2023 14:21:33 +0000

I have been a long time user of Azure DevOps and I have been using the Microsoft PSRule module for checking my Bicep templates for quite a while now. I like the flexible rule engine allowing to check for a wide range of issues. Now I have developed a PSRule module for checking Azure DevOps projects for common configuration issues. The module is available on GitHub and can be installed from the PowerShell Gallery.

Please note it is in early stage of development so I am very much looking forward to your feedback and contributions.

Using the module

To use this module, you need to have PSRule installed. You can install it from the PowerShell Gallery:

Install-Module -Name PSRule -Scope CurrentUser

Once you have PSRule installed, you can install this module from the PowerShell Gallery:

Install-Module -Name PSRule.Rules.AzureDevOps -Scope CurrentUser

Once you have both modules installed, you can run an export of your Azure DevOps project and run the rules against it. The -PAT value needs to be an Azure DevOps Personal Access Token with sufficient permissions to read the project data.

Export-AzDevOpsRuleData `
    -Organization "MyOrg" `
    -Project "MyProject" `
    -PAT $MyPAT `
    -OutputPath "C:\Temp\MyProject"
Assert-PSRule `
    -InputPath "C:\Temp\MyProject\" `
    -Module PSRule.Rules.AzureDevOps

Save Time With Pre-built Azure DevOps Pipeline agent image

RoderickB — Thu, 07 Sep 2023 12:30:37 +0000

Microsoft Hosted Azure DevOps agents are great for CI/CD in most projects with the extensive built-in set of popular tools. In practice however, their usability is limited because the Microsoft Hosted agents cannot be connected to a private network. License limitations prevent Microsoft from distributing the image used in their hosted pools. To speed up development and remove toil, a
pre-built version of the Microsoft Hosted image containing only the included Open Source tools is now available in the Azure Marketplace. The source code for the project is also available on GitHub with instructions how to get started.

What is included?

The image is based on the Microsoft Hosted Ubuntu 22.04 image and contains the all tools included in the Microsoft Hosted image that include a license that allows redistribution. The image is built using the same scripts as the Microsoft Hosted image and is updated regularly. A full list of included tools is available in the project wiki.

How to use it?

The image is available in the Azure Marketplace and can be used in Azure DevOps pipelines as a self-hosted agent. The image is available in the all regions where Microsoft Hosted agents are available. You can also build your own image using the scripts in the GitHub repository. Building your own image is useful if you want to add additional tools or customize the image further.

What are the advantages?

When connecting to a private network is required, the Microsoft Hosted agents cannot be used. This is a common requirement in many projects. As your organization grows, the need for various build and deployment tools increases. Building and maintaining your own agent images is a lot of work. Using the pre-built image removes the need to build and maintain your own images as it includes most popular tools. The image is also updated regularly with the latest versions of the tools.