zure-azdo-scanner 0.3.1

.NET 9.0 This package targets .NET 9.0. The package is compatible with this framework or higher. 
dotnet tool install --global zure-azdo-scanner --version 0.3.1
This package contains a .NET tool you can call from the shell/command line. 
dotnet new tool-manifest
                    


                            if you are setting up this repo
                        

                    

                
dotnet tool install --local zure-azdo-scanner --version 0.3.1
This package contains a .NET tool you can call from the shell/command line. 
#tool dotnet:?package=zure-azdo-scanner&version=0.3.1
                    


                    

                
nuke :add-package zure-azdo-scanner --version 0.3.1

zure-azdo-scanner

A .NET Global Tool for scanning and analyzing Azure DevOps organizations to assist with governance and security compliance. It helps identify potential security risks, analyze project configurations, and ensure best practices are followed.

Installation

Prerequisites:

  • Azure CLI installed & logged in (az login)
  • Azure DevOps CLI extension installed (az extension add --name azure-devops)
  • .NET SDK 9 (or runtime for installing/running the tool)
  • Run az devops configure --defaults organization=https://dev.azure.com/<yourorg> (or pass --org each command)

Install (first time):

dotnet tool install --global zure-azdo-scanner

Update (later):

dotnet tool update --global zure-azdo-scanner

Verify:

zure-azdo-scanner --help

Commands

list-projects

List Azure DevOps projects with optional repository (branch policy status) and service connection info.

Examples:

zure-azdo-scanner list-projects
zure-azdo-scanner list-projects --org https://dev.azure.com/myorg
zure-azdo-scanner list-projects --projects "ProjA,ProjB" --include-repos --include-serviceconnections

Options:

  • --org <ORG> Azure DevOps organization URL
  • --projects <NAMES> Comma-separated project names
  • --include-repos Include repositories and branch protection policy evaluation
  • --include-serviceconnections Include service connections

list-extensions

List installed extensions with their permissions.

zure-azdo-scanner list-extensions
zure-azdo-scanner list-extensions --org https://dev.azure.com/myorg

Options:

  • --org <ORG> Azure DevOps organization URL

Exit Codes

  • 0 Success
  • Non-zero: execution / prerequisite failure

Troubleshooting

  • Ensure az and az devops commands work standalone.
  • Set default org: az devops configure --defaults organization=https://dev.azure.com/<org>
  • Use PAT via environment if needed: AZDO_PERSONAL_ACCESS_TOKEN (ensure proper scopes)

Contributing

Issues and PRs are welcome. Please retain NOTICE and license headers in derivative work.

License

Apache License 2.0. See LICENSE and NOTICE files packaged with this tool.

Product Compatible and additional computed target framework versions.
.NET net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

This package has no dependencies.

Version Downloads Last Updated
0.3.1 121 8/20/2025
0.3.0 123 8/19/2025
0.2.0 129 8/13/2025