Security Scaner inherited permission on build definitions unable to fix

[danielsbezerra]

"Do not allow inherited permission on build definitions" issue doesn't fix even if I turn inheritance off in each build pipeline. It seems to be a bug. I'm running Security Scanner under Azure Pipelines agent pool/windows-2019.

[GaTechThomas]

It appears that hidden MS hosted pools exist. I tried a lot of different values for poolId and was able to reduce the issue count. Would be helpful to be able to enumerate details of things that were found by the scanner.

Here are the URLs that I manipulated:

https://dev.azure.com/ORGNAME/_settings/agentpools?view=security&poolId=1

https://dev.azure.com/ORGNAME/PROJNAME/_settings/agentqueues?view=security&queueId=1

[GaTechThomas]

Making progress. The following Azure CLI powershell command pulls back all of the agent pools:

az pipelines pool list --org https://dev.azure.com/ORGNAME | ConvertFrom-Json | Format-Table -Property id, name, isHosted, isLegacy, autoProvision

[GaTechThomas]

Also discovered that the scanner is picking up items in a deleted project. I suspect that because it's soft deleted.