Skip to content

Instantly share code, notes, and snippets.

@jayanthjj

jayanthjj/ADOSecuritySkill_OpenAPISpec.yaml

Last active July 10, 2024 08:54
Show Gist options
  • Save jayanthjj/119fc7c5378486ca212f71d308b09ebb to your computer and use it in GitHub Desktop.
Save jayanthjj/119fc7c5378486ca212f71d308b09ebb to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ADOSecuritySkill_OpenAPISpec.yaml
openapi: 3.0.0
info:
title: ADOSecuritySkill API
description: ADOSecuritySkill API Documentation
version: 1.0.0
servers:
- url: https://adoskillsetwebapp20240527182841.azurewebsites.net
paths:
/buildsecurebulk/{orgName}/{projectName}/{buildDefinitions}:
get:
operationId: AreBuildPipelinesSecure
summary: Checks for all the provided comma separated builddef are secure.
parameters:
- in: path
name: orgName
schema:
type: string
required: true
description: The orgName to be used for checking if the build pipelines are secure.
- in: path
name: projectName
schema:
type: string
required: true
description: The projectName to be used for checking if the build pipelines are secure.
- in: path
name: buildDefinitions
schema:
type: string
required: true
description: Multiple comma separated buildDefinitions for multiple pipelines to check if they are secure.
responses:
200:
description: Successful request.
400:
description: Bad request.
/buildsecure/{orgName}/{projectName}/{buildDefinition}:
get:
operationId: isBuildPipelineSecure
summary: Check if the build pipeline is secure for single buildId without any separators.
parameters:
- in: path
name: orgName
schema:
type: string
required: true
description: The orgName to be used for checking if the build pipeline is secure.
- in: path
name: projectName
schema:
type: string
required: true
description: The projectName to be used for checking if the build pipeline is secure.
- in: path
name: buildDefinition
schema:
type: string
required: true
description: Single buildDefinition to be used for checking if the build pipeline is secure.
responses:
200:
description: Successful request.
400:
description: Bad request.
/releasesecure/{orgName}/{projectName}/{buildDefinition}:
get:
operationId: isReleasePipelineSecure
summary: Check if the release pipeline is secure.
parameters:
- in: path
name: orgName
schema:
type: string
required: true
description: The orgName to be used for checking if the release pipeline is secure.
- in: path
name: projectName
schema:
type: string
required: true
description: The projectName to be used for checking if the release pipeline is secure.
- in: path
name: buildDefinition
schema:
type: string
required: true
description: The buildDefinition to be used for checking if the release pipeline is secure.
responses:
200:
description: Successful request.
400:
description: Bad request.
/buildpipelinelevelsecret/{orgName}/{projectName}/{buildDefinition}:
get:
operationId: CheckBuildPipelineLevelSecrets
summary: Check if the build pipeline is secure by evaluating if there is any pipeline level secrets in the build pipeline.
parameters:
- in: path
name: orgName
schema:
type: string
required: true
description: The orgName to be used for checking if pipeline level secrets are present in the build pipeline.
- in: path
name: projectName
schema:
type: string
required: true
description: The projectName to be used for checking if pipeline level secrets are present in the build pipeline.
- in: path
name: buildDefinition
schema:
type: string
required: true
description: The buildDefinition to be used for checking if pipeline level secrets are present in the build pipeline.
responses:
200:
description: Successful request.
400:
description: Bad request.
/buildyamllevelsecret/{orgName}/{projectName}/{buildDefinition}:
get:
operationId: CheckBuildYamlLevelSecret
summary: Check if the build pipeline is secure by evaluating if there is any plain-text secrets in the yaml file of the build pipeline.
parameters:
- in: path
name: orgName
schema:
type: string
required: true
description: The orgName to be used for checking if plain text secrets are present in the build pipeline.
- in: path
name: projectName
schema:
type: string
required: true
description: The projectName to be used for checking if plain text secrets are present in the build pipeline.
- in: path
name: buildDefinition
schema:
type: string
required: true
description: The buildDefinition to be used for checking if plain text secrets are present in the build pipeline.
responses:
200:
description: Successful request.
400:
description: Bad request.
/buildPCBSVulneribility/{orgName}/{projectName}/{buildDefinition}:
get:
operationId: CheckBuildPCBSVulnerability
summary: Check if the build pipeline is secure by evaluating PCBS vulnerability.
parameters:
- in: path
name: orgName
schema:
type: string
required: true
description: The orgName to be used for checking if the build pipeline has PCBS vulnerability.
- in: path
name: projectName
schema:
type: string
required: true
description: The projectName to be used for checking if the build pipeline has PCBS vulnerability.
- in: path
name: buildDefinition
schema:
type: string
required: true
description: The buildDefinition to be used for checking if the build pipeline has PCBS vulnerability.
responses:
200:
description: Successful request.
400:
description: Bad request.
/releasecontributorcreaterelease/{orgName}/{projectName}/{buildDefinition}:
get:
operationId: CheckReleaseContributorCreateRelease
summary: Check if the release pipeline is secure by checking Contributor access to create release.
parameters:
- in: path
name: orgName
schema:
type: string
required: true
description: The orgName to be used for checking if Contributor has access to create release in the release pipeline.
- in: path
name: projectName
schema:
type: string
required: true
description: The projectName to be used for checking if Contributor has access to create release in the release pipeline.
- in: path
name: buildDefinition
schema:
type: string
required: true
description: The buildDefinition to be used for checking if Contributor has access to create release in the release pipeline.
responses:
200:
description: Successful request.
400:
description: Bad request.
/releaseminimumapprover/{orgName}/{projectName}/{buildDefinition}:
get:
operationId: CheckReleaseMinimumApprover
summary: Check if the release pipeline is secure by checking if there is minimum approval required to create release.
parameters:
- in: path
name: orgName
schema:
type: string
required: true
description: The orgName to be used for checking if there is minimum approval required to create release in the release pipeline.
- in: path
name: projectName
schema:
type: string
required: true
description: The projectName to be used for checking if there is minimum approval required to create release in the release pipeline.
- in: path
name: buildDefinition
schema:
type: string
required: true
description: The buildDefinition to be used for checking if there is minimum approval required to create release in the release pipeline.
responses:
200:
description: Successful request.
400:
description: Bad request.
/buildqueuepermission/{orgName}/{projectName}/{buildDefinition}:
get:
operationId: RestrictBuildQueuePermission
summary: Check if the build pipeline is secure by checking if PCBS or PBS has Queue Build Permission.
parameters:
- in: path
name: orgName
schema:
type: string
required: true
description: The orgName to be used for checking if PCBS or PBS has Queue Build Permission.
- in: path
name: projectName
schema:
type: string
required: true
description: The projectName to be used for checking if PCBS or PBS has Queue Build Permission.
- in: path
name: buildDefinition
schema:
type: string
required: true
description: The buildDefinition to be used for checking if PCBS or PBS has Queue Build Permission.
responses:
200:
description: Successful request.
400:
description: Bad request.
/triggerpipelinebranch/{orgName}/{projectName}/{buildDefinition}:
get:
operationId: BuildRestrictTriggerBranchCount
summary: Check if the build pipeline is secure by checking if more than 5 branches has trigger permission, or if an '*' is present, if it's a production pipeline take necessary actions.
parameters:
- in: path
name: orgName
schema:
type: string
required: true
description: The orgName to be used for checking if more than 5 branches has trigger permission, or if an '*' is present.
- in: path
name: projectName
schema:
type: string
required: true
description: The projectName to be used for checking if more than 5 branches has trigger permission, or if an '*' is present.
- in: path
name: buildDefinition
schema:
type: string
required: true
description: The buildDefinition to be used for checking if more than 5 branches has trigger permission, or if an '*' is present.
responses:
200:
description: Successful request.
400:
description: Bad request.
/releasetriggerpipelinebranch/{orgName}/{projectName}/{buildDefinition}:
get:
operationId: ReleaseRestrictTriggerBranchCount
summary: Check if the release pipeline is secure by checking if more than 5 branches has trigger permission, if it's a production pipeline take necessary actions.
parameters:
- in: path
name: orgName
schema:
type: string
required: true
description: The orgName to be used for checking if more than 5 branches has trigger permission.
- in: path
name: projectName
schema:
type: string
required: true
description: The projectName to be used for checking if more than 5 branches has trigger permission.
- in: path
name: buildDefinition
schema:
type: string
required: true
description: The buildDefinition to be used for checking if more than 5 branches has trigger permission.
responses:
200:
description: Successful request.
400:
description: Bad request.
/buildrestrictjobauthscope/{orgName}/{projectName}:
get:
operationId: BuildRestrictJobAuthScope
summary: Check for the build pipelines if job Authorization for current project is restricted.
parameters:
- in: path
name: orgName
schema:
type: string
required: true
description: The orgName to be used for checking job authorization scope.
- in: path
name: projectName
schema:
type: string
required: true
description: The orgName to be used for checking job authorization scope.
responses:
200:
description: Successful request.
400:
description: Bad request.
/releaserestrictjobauthscope/{orgName}/{projectName}:
get:
operationId: ReleaseRestrictJobAuthScope
summary: Check for the release pipelines if job Authorization for current project is restricted.
parameters:
- in: path
name: orgName
schema:
type: string
required: true
description: The orgName to be used for checking job authorization scope.
- in: path
name: projectName
schema:
type: string
required: true
description: The orgName to be used for checking job authorization scope.
responses:
200:
description: Successful request.
400:
description: Bad request.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment