Limit building pull requests from forked GitHub repositories.

Why This Matter

Limiting pull request builds from forked GitHub repositories is critical to prevent unauthorized code injection in your CI/CD pipeline. Malicious actors could submit pull requests from forks containing harmful code that executes during automated builds, potentially compromising your entire Microsoft 365 environment. Without this restriction, you risk exposing sensitive data or deploying tampered artifacts.

What Aether365 Checks

This check verifies that your Azure DevOps pipeline settings restrict automated builds for pull requests originating from forked GitHub repositories. It appears in the Aether365 dashboard under microsoft-365 checks as AZDO.1022 and flags configurations where this security control is disabled.