Security Knowledge Base

This website stores cookies on your computer.These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, please review our Privacy Policy.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked.
By clicking “Accept All”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.

Reset

Showing 123 rule(s)

Rule ID	Name	Platform	Category	Severity
DOS3510	DevSecOps Control - Ensure Secret Scanning (SS)	AzureDevOps	appsec	Severitycritical
DOS3520	DevSecOps Control - Ensure Software Composition Analysis (SCA) / Dependency Scanning	AzureDevOps	appsec	Severitycritical
DOS3530	DevSecOps Control - Ensure Static Application Security Testing (SAST) / Code Scanning	AzureDevOps	appsec	Severitycritical
DOS3540	DevSecOps Control - Ensure Container Image Scanning (CIS) / Container Scanning	AzureDevOps	appsec	Severitycritical
DOS3550	DevSecOps Control - Ensure Infrastructure as Code Scanning (IACS)	AzureDevOps	appsec	Severitycritical
DOS3560	DevSecOps Control - Ensure Infrastructure Scanning (IS)	AzureDevOps	appsec	Severitycritical
DOS3570	DevSecOps Control - Ensure Dynamic Application Security Testing (DAST)	AzureDevOps	appsec	Severitycritical
DOS3580	DevSecOps Control - Ensure Interactive Application Security Testing (IAST)	AzureDevOps	appsec	Severityhigh
DOS4010	Ensure Repository Base permissions is set to 'No permission'	GitHub	organization	Severitycritical
DOS4015	Disable Repository Forking	GitHub	organization	Severitycritical
DOS4025	Disable Public Repository Creation - Disallow members to create public repositories	GitHub	organization	Severitycritical
DOS4030	Restrict Repository Creation to Internal - Allow members to create internal repositories	GitHub	organization	Severitycritical
DOS4035	Restrict Repository Creation to Private - Allow members to create private repositories	GitHub	organization	Severitycritical
DOS4040	Restrict GitHub Pages Creation - Disallow members to publish sites	GitHub	organization	Severityhigh
DOS4210	Require two-factor authentication in your organization	GitHub	organization	Severitycritical
DOS4300	Workflow permissions - Default workflow permissions granted to the GITHUB_TOKEN should be restricted to read-only access	GitHub	organization	Severitycritical
DOS4320	Workflow permissions - Prevent GitHub Actions workflows from creating or approving pull requests	GitHub	organization	Severitycritical
DOS4375	GitHub Actions Secrets - Minimize the usage and sharing of your organization secrets	GitHub	organization	Severitycritical
DOS4380	GitHub Actions Secrets - Restrict the access and visibility of an organization secret to only selected repositories	GitHub	organization	Severitycritical
DOS4381	GitHub Actions Secrets - Restrict the sharing of an organization secret to fewer selected repositories	GitHub	organization	Severitycritical

DevOps Shield

Browse security rules for Azure DevOps, GitHub, and GitLab

Security Knowledge Base