Member-only story
The Microsoft Trusted Package Management: A New Way Forward On Securing PowerShell Modules
We need to talk about PowerShell and the PSGallery.
Why?
There is an interesting shift in publishing going on around the official Microsoft PowerShell modules, like the famously known Az module.
Instead of publishing it to the standard PSGallery, Microsoft started to use the Microsoft Artifact Registry (MAR).
Yep, I already spoiled the big part of this article. But hang on there, there is more to come.
Sydney Smith, the Product Manager on the PowerShell team, provided us with information and tiny glimpses of using the MAR as a Trusted Package Management solution for good reasons during PSConfEU 2024 Minicon.
The MAR has a strict validation process with several key steps to ensure the integrity of published artifacts:
- Only official Microsoft teams can publish and submit artifacts
- Each artifact is validated against metadata
- Security scans to detect vulnerabilities
- Signature validation and compliance checks
In this article, you will learn how to use MAR and install the first published Az.Accounts module.
