This repo is the heart of the azure devops compliance solution containing the default rules that are used to inspect projects in an organization.
Example rules are:
- NobodyCanDeleteTheTeamProject
- NobodyCanDeleteReleases
- NobodyCanDeleteTheRepository
- ReleaseBranchesAreProtectedByPolicies
- etc.
These rules are primarily evaluated in an azure function and the reports are uploaded into Azure DevOps and accessible via this extension.
Most rules also implement functionality to reconcile [ rek-uhn-sahyl ] meaning it will bring your project or item into the desired state.
For example, reconciling the ReleaseBranchesAreProtectedByPolicies does:
- Require a minimum number of reviewers policy is created or updated.
- Minimum number of reviewers is set to at least 2
- Reset code reviewer votes when there are new changes is enabled.
- Policy is blocking the PR.