-
-
Notifications
You must be signed in to change notification settings - Fork 3
Azure.DevOps.ServiceConnections.Scope
github-actions edited this page Oct 21, 2023
·
5 revisions
category: Microsoft Azure DevOps Service Connections severity: Severe online version: https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.ServiceConnections.Scope.md
A service connection scoped to production should use a narrow scope. This will help ensure no unwanted changes or access is made to the production resources or beyond
A service connection scoped to production should use a narrow scope. For example, a service connection scoped to production should only have access to the production resource groups. This will help ensure no unwanted changes or access is made to the production resources or beyond. Normally it is not desirable to have a service connection with access to all resource groups in a subscription.
Mininum TokenType: ReadOnly
Consider using a resource group scope for a service connection scoped to production.