GitHub's pull_request_target in ADO ?

Copper Contributor



When some user open a PR from a branch/fork including some modification on the pipeline, ADO executes the "modified" pipeline instead of the original one. This is an open door to PPE (Poisoned Pipeline Execution). 

In GitHub the "original" pipeline can use pull_request_target as a trigger. In that case, in the above case the original pipeline is executed instead of the modified one.

Does anyone know how to make ADO to run the "original" pipeline instead of the modified one ?




0 Replies