Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForReleasePipelines.md

category	severity	online version
Microsoft Azure DevOps Pipelines	Severe	https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForReleasePipelines.md

Azure.DevOps.Pipelines.Settings.LimitJobAuthorizationScopeForReleasePipelines

SYNOPSIS

Project settings should limit job authorization scope for release pipelines.

DESCRIPTION

Release pipelines can be used to deploy to multiple environments. Each environment can be configured to use a different set of resources. Limiting the job authorization scope to the current project will prevent the job from being able to access resources in other projects. This can help prevent accidental access to resources in other projects.

Mininum TokenType: ReadOnly

RECOMMENDATION

Consider limiting the job authorization scope for release pipelines to the current project in the project settings.

LINKS

• Azure DevOps Security best practices - Tasks