Forum Discussion
Security on Azure Devops Self Hosted agent
Hello,
Today I have discovered that is possible from the pipeline to deploy software directly on the agents without any kind of authentication, in my case I was able to deploy docker directly on a self-hosted agent by just using a bash script on the pipeline.
Is it possible to deny this kind of deployments on a self-hosted agent from the pipeline without impacting any other deployments, pipelines, or releases?
From the security perspective, it poses a risk, someone that has access to the pipelines deploy un-wanted software on an agent.
You are essentially running the agent using a specific account (the one you used to install the agent). You will have to limit the permission of that account to disallow software installation.
Felix.
- felixtsem5Microsoft
You are essentially running the agent using a specific account (the one you used to install the agent). You will have to limit the permission of that account to disallow software installation.
Felix.