cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Security on Azure Devops Self Hosted agent

dparis
Copper Contributor

‎Aug 10 2020 11:32 AM

‎Aug 10 2020 11:32 AM

Security on Azure Devops Self Hosted agent

Hello,

 

Today I have discovered that is possible from the pipeline to deploy software directly on the agents without any kind of authentication, in my case I was able to deploy docker directly on a self-hosted agent by just using a bash script on the pipeline.

 

Is it possible to deny this kind of deployments on a self-hosted agent from the pipeline without impacting any other deployments, pipelines, or releases?

 

From the security perspective, it poses a risk, someone that has access to the pipelines deploy un-wanted software on an agent.

 

 

Labels:
3,365 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by dparis (Copper Contributor)
felixtsem5

‎Dec 07 2020 11:28 AM

‎Dec 07 2020 11:28 AM

Solution

Re: Security on Azure Devops Self Hosted agent

You are essentially running the agent using a specific account (the one you used to install the agent). You will have to limit the permission of that account to disallow software installation.

 

Felix.

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by dparis (Copper Contributor)
felixtsem5

‎Dec 07 2020 11:28 AM

‎Dec 07 2020 11:28 AM

Solution

Re: Security on Azure Devops Self Hosted agent

You are essentially running the agent using a specific account (the one you used to install the agent). You will have to limit the permission of that account to disallow software installation.

 

Felix.

View solution in original post

0 Likes
Reply