Protect a repository resource

Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019

You can add protection to your repository resource with checks and pipeline permissions. When you add protection, you're better able to restrict repository ownership and editing privileges.

Prerequisites

You must be a member of the Project Administrators group or have your Manage permissions set to Allow for Git repositories.

Add a repository resource check

  1. Sign in to your organization (https://dev.azure.com/{yourorganization}) and choose your project.

  2. Select Project settings > Repos.

    Go to Repositories.

  3. Choose the repository that you want to modify.

  4. Select > Approvals and checks.

    Select Approvals & Checks.

  5. Choose a check to set how your repository resource can be used, and then select Next. In the following example, we choose to add Approvals, so a manual approver for each time a pipeline requests the repository. For more information, see Approvals and checks.

    Screenshot of checks that you can add.

  6. Configure the check in the resulting screen, and then select Create.

    Screenshot of configured check and Create button.

Your repository has a resource check.

Add pipeline permissions to a repository resource

You can also set a repository to only be used on specific YAML pipelines. Restricting a repository to specific pipelines prevents an unauthorized YAML pipeline in your project from using your repository. This setting only applies to YAML pipelines.

Important

Access to all pipelines is turned off for protected resources by default. To grant access to all pipelines, enter a check in the security box next to "Grant access permission to all pipelines" for the resource. You can do so when you're creating or editing a resource.

  1. Sign in to your organization (https://dev.azure.com/{yourorganization}) and choose your project.

  2. Select Project settings > Repositories.

    Go to Repositories.

  3. Choose the repository that you want to modify.

  4. Select Security.

    Select the Security tab.

  5. Go to Pipeline permissions.

    Add a pipeline repository restriction.

  6. Select .

  7. Choose the repository to add.

You can see the added repository listed.

Next steps