Ensure Azure Pipelines Workflows Are Without Usage of Image

Image usages may affect the security and reliability of your pipeline because:

  • You may not have control over the updates, patches, or changes of an image from a public registry.
  • You may expose private information or credentials in your image that could be compromised by malicious actors.
    Therefore, it is recommended to use images from trusted sources and to avoid exposing sensitive data in your images.

Risk Level: medium
Platform: Azure Pipelines
Spectral Rule ID: AZRPPL005


In stages.job.pool of in job.pool delete vmImage

- vmImage: windows-latest

Read more: