Security guidance#
Abstract
The following is information provides consolidated guidance for customers on security when using PSRule.
PowerShell usage guidance#
PSRule supports and recommends using PowerShell security features to secure your environment. Additionally from PSRule v3.0.0, supports:
- Disabling PowerShell rules — However this will impact rules modules that implement PowerShell rules. For details on disabling PowerShell rules see Execution.RestrictScriptSource.
Continue reading PowerShell security features to learn more about how to secure your PowerShell environment.
Software Bill of Materials (SBOM)#
Beginning with v2.1.0, PSRule contains a Software Bill of Materials (SBOM).
The SBOM can be found at _manifest/spdx_2.2/manifest.spdx.json
within the module root.
Things to note:
- When installing the module using
Install-Module
orUpdate-Module
, PowerShell creates a metadata filePSGetModuleInfo.xml
in the module root. This file is used to keep track of when and where the module was installed from. As a result, this file is not included in the SBOM. ThePSGetModuleInfo.xml
file is not required for the module to function.
For more information about this initiative, see the blog post Generating Software Bills of Materials (SBOMs) with SPDX at Microsoft.
Reporting security issues#
If you have a security issue to report please see our security policy.