🚀✨ I am in your pipeline, decorating it with compliance 🛠️🔒
Back in 2022 I wrote a blog post I am in your pipeline reading all your secrets!
about how secrets can be leaked in Azure Pipelines
.
I think it’s time to offset that blog post and have a look at how compliance of all pipelines in a single Azure DevOps Project
can be achieved. This is done by using a feature called Pipeline Decorators
.
What are pipeline decorators?
In most organizations there are certain required compliance and security policies. For example; to be compliant with corporate policies a static code analysis tool must to be executed on all pipelines before executing the actual pipeline tasks. This is where pipeline decorators come in, pipeline authors don’t need to remember to add that step. We as Azure DevOps Organization
owners create a decorator that automatically injects the step into all pipelines during their runtime. Ensuring on an Azure DevOps Organization
level that all pipelines are compliant with our organization’s policies.