Summary
Ran PSScriptAnalyzer across all non-test PowerShell files (bin/, scripts/, provisioners/). Found 580 issues across 51 files (1 Error, 579 Warnings).
Settings files have been added to the repo on the RELOPS-2180 branch:
PSScriptAnalyzerSettings.psd1 (repo root) for production scriptstests/PSScriptAnalyzerSettings.psd1 for Pester test files (suppresses PSUseDeclaredVarsMoreThanAssignments)
Error (1)
PSAvoidUsingConvertToSecureStringWithPlainText
provisioners/windows/MDC1Windows/OS-deploy.ps1:63
Warnings by Rule
PSAvoidUsingWriteHost (421 occurrences)
Intentional for provisioning/logging scripts. Should be suppressed in settings or left as-is.
PSUseShouldProcessForStateChangingFunctions (35)
Functions using New-/Set-/Remove- verbs without [CmdletBinding(SupportsShouldProcess)].
| File |
Line |
bin/WorkerImages/Public/New-AWSWorkerImage.ps1 |
1 |
bin/WorkerImages/Public/Set-AzWorkerImageOutput.ps1 |
1 |
bin/WorkerImages/Public/Remove-AzVMImageVersion.ps1 |
1 |
bin/WorkerImages/Public/New-AzSharedWorkerImage_temp.ps1 |
1 |
bin/WorkerImages/Public/Set-AzWorkerImageLocation.ps1 |
1 |
bin/WorkerImages/Public/New-AzWorkerImage.ps1 |
1 |
bin/WorkerImages/Public/Set-GCPWorkerImageProject.ps1 |
1 |
bin/WorkerImages/Public/New-GCPWorkerImage.ps1 |
1 |
bin/WorkerImages/Public/New-AzSharedWorkerImage.ps1 |
1 |
bin/WorkerImages/Public/Remove-AzWorkerImage.ps1 |
1 |
bin/WorkerImages/Public/Set-GCPWorkerImageName.ps1 |
1 |
scripts/windows/CustomFunctions/Bootstrap/Public/Set-YAMLModule.ps1 |
1 |
scripts/windows/CustomFunctions/Bootstrap/Public/Set-ReleaseNotes2.ps1 |
1 |
scripts/windows/CustomFunctions/Bootstrap/Public/Start-AzRoninPuppet.ps1 |
1 |
scripts/windows/CustomFunctions/Bootstrap/Public/Set-OOBE.ps1 |
1 |
scripts/windows/CustomFunctions/Bootstrap/Public/Set-PesterVersion.ps1 |
1 |
scripts/windows/CustomFunctions/Bootstrap/Public/Set-ReleaseNotes.ps1 |
1 |
scripts/windows/CustomFunctions/Bootstrap/Public/Set-AzRoninRepo.ps1 |
1 |
scripts/windows/CustomFunctions/Bootstrap/Public/Set-MarkdownPSModule.ps1 |
1 |
scripts/windows/CustomFunctions/Bootstrap/Public/Set-Logging.ps1 |
1 |
scripts/windows/CustomFunctions/Bootstrap/Public/Set-RoninRegOptions.ps1 |
1 |
provisioners/windows/MDC1Windows/OS-deploy.ps1 |
85 |
provisioners/windows/MDC1Windows/Get-Bootstrap.ps1 |
24, 104, 148, 279 |
provisioners/windows/MDC1Windows/bootstrap.ps1 |
305, 365, 390, 591, 841, 855, 870 |
provisioners/windows/MDC1Windows/utility_scripts/AuditAndPXE.ps1 |
231 |
provisioners/windows/MDC1Windows/utility_scripts/SetPXE.ps1 |
40 |
PSReviewUnusedParameter (30)
Declared parameters that are never referenced in the function body.
| File |
Lines |
bin/WorkerImages/Public/New-AWSWorkerImage.ps1 |
16 |
bin/WorkerImages/Public/New-AzSharedWorkerImage_temp.ps1 |
11 |
bin/WorkerImages/Public/New-GCPWorkerImage.ps1 |
6, 7, 8, 9, 10 |
bin/WorkerImages/Public/New-AzSharedWorkerImage.ps1 |
7, 58 |
scripts/windows/CustomFunctions/Bootstrap/Public/Set-ReleaseNotes2.ps1 |
17, 18 |
scripts/windows/CustomFunctions/Bootstrap/Public/Start-AzRoninPuppet.ps1 |
3, 5, 6, 9, 13, 15 |
scripts/windows/CustomFunctions/Bootstrap/Public/Set-AzRoninRepo.ps1 |
6, 7, 8, 9, 10 |
scripts/windows/CustomFunctions/Bootstrap/Public/Install-AzPreReq.ps1 |
5 |
scripts/windows/CustomFunctions/Bootstrap/Public/Invoke-RoninTest.ps1 |
6 |
scripts/windows/CustomFunctions/Bootstrap/Public/Install-Pwsh.ps1 |
5 |
scripts/windows/CustomFunctions/Bootstrap/Public/Get-InstalledSoftware.ps1 |
18 |
provisioners/windows/MDC1Windows/OS-deploy.ps1 |
2 |
provisioners/windows/MDC1Windows/Get-Bootstrap.ps1 |
106 |
provisioners/windows/MDC1Windows/bootstrap.ps1 |
309 |
provisioners/windows/MDC1Windows/utility_scripts/AuditAndPXE.ps1 |
9 |
PSAvoidUsingCmdletAliases (20)
Using aliases (%, ?, select, etc.) instead of full cmdlet names.
| File |
Lines |
scripts/windows/CustomFunctions/Bootstrap/Public/Get-WinFactsCustomOS.ps1 |
20, 35 |
scripts/windows/tceng/generic-worker-win2022-staging.ps1 |
127, 128, 270, 271, 364, 368, 372 |
scripts/windows/tceng/generic-worker-win2022.ps1 |
122, 123, 265, 266, 353, 357, 361 |
scripts/windows/tceng/generic-worker-win2025-staging.ps1 |
127, 128, 270, 271 |
PSAvoidOverwritingBuiltInCmdlets (7)
| File |
Line |
scripts/windows/CustomFunctions/Bootstrap/Public/Write-Log.ps1 |
1 |
scripts/windows/tceng/generic-worker-win2022-staging.ps1 |
2 |
scripts/windows/tceng/generic-worker-win2022.ps1 |
2 |
scripts/windows/tceng/generic-worker-win2025-staging.ps1 |
2 |
provisioners/windows/MDC1Windows/Get-Bootstrap.ps1 |
1 |
provisioners/windows/MDC1Windows/bootstrap.ps1 |
266 |
provisioners/windows/MDC1Windows/utility_scripts/SetPXE.ps1 |
1 |
PSAvoidAssignmentToAutomaticVariable (6)
| File |
Line |
scripts/windows/tceng/generic-worker-win2022-staging.ps1 |
29 |
scripts/windows/tceng/generic-worker-win2022.ps1 |
29 |
scripts/windows/tceng/generic-worker-win2025-staging.ps1 |
29 |
provisioners/windows/MDC1Windows/bootstrap.ps1 |
233 |
provisioners/windows/MDC1Windows/utility_scripts/AuditAndPXE.ps1 |
186, 335 |
PSPossibleIncorrectComparisonWithNull (4)
$null should be on the left side of comparisons.
| File |
Line |
scripts/windows/tceng/generic-worker-win2022-staging.ps1 |
75 |
scripts/windows/tceng/generic-worker-win2022.ps1 |
75 |
scripts/windows/tceng/generic-worker-win2025-staging.ps1 |
75 |
provisioners/windows/MDC1Windows/OS-deploy.ps1 |
737 |
PSAvoidUsingInvokeExpression (3)
| File |
Line |
scripts/windows/tceng/generic-worker-win2022-staging.ps1 |
234 |
scripts/windows/tceng/generic-worker-win2022.ps1 |
229 |
scripts/windows/tceng/generic-worker-win2025-staging.ps1 |
234 |
Other (remaining)
- PSUseApprovedVerbs (15) — non-standard verbs in function names
- PSUseSingularNouns (17) — plural nouns in function names
- PSUseToExportFieldsInManifest (6) — wildcard exports in
.psd1 files
- PSUseBOMForUnicodeEncodedFile (5) — missing BOM on Unicode files
- PSUseDeclaredVarsMoreThanAssignments (4) — unused variables
- PSAvoidUsingWMICmdlet (2) — deprecated WMI cmdlets in
Get-WinFactsCustomOS.ps1
- PSUseProcessBlockForPipelineCommand (2) —
Get-InstalledSoftware.ps1 missing process block
- PSAvoidUsingPlainTextForPassword (1) —
OS-deploy.ps1:11
- PSAvoidUsingEmptyCatchBlock (1) —
bootstrap.ps1:950
Suggested Next Steps
- Fix the 1 Error (
ConvertToSecureStringWithPlainText)
- Suppress
PSAvoidUsingWriteHost in the root settings (intentional usage)
- Consider suppressing
PSUseShouldProcessForStateChangingFunctions (these are provisioning scripts, not interactive cmdlets)
- Fix
PSAvoidUsingCmdletAliases and PSPossibleIncorrectComparisonWithNull (low effort, high value)
- Review
PSAvoidUsingInvokeExpression for security implications
- Add PSScriptAnalyzer to CI pipeline
Summary
Ran PSScriptAnalyzer across all non-test PowerShell files (
bin/,scripts/,provisioners/). Found 580 issues across 51 files (1 Error, 579 Warnings).Settings files have been added to the repo on the
RELOPS-2180branch:PSScriptAnalyzerSettings.psd1(repo root) for production scriptstests/PSScriptAnalyzerSettings.psd1for Pester test files (suppressesPSUseDeclaredVarsMoreThanAssignments)Error (1)
PSAvoidUsingConvertToSecureStringWithPlainText
provisioners/windows/MDC1Windows/OS-deploy.ps1:63Warnings by Rule
PSAvoidUsingWriteHost (421 occurrences)
Intentional for provisioning/logging scripts. Should be suppressed in settings or left as-is.
PSUseShouldProcessForStateChangingFunctions (35)
Functions using
New-/Set-/Remove-verbs without[CmdletBinding(SupportsShouldProcess)].bin/WorkerImages/Public/New-AWSWorkerImage.ps1bin/WorkerImages/Public/Set-AzWorkerImageOutput.ps1bin/WorkerImages/Public/Remove-AzVMImageVersion.ps1bin/WorkerImages/Public/New-AzSharedWorkerImage_temp.ps1bin/WorkerImages/Public/Set-AzWorkerImageLocation.ps1bin/WorkerImages/Public/New-AzWorkerImage.ps1bin/WorkerImages/Public/Set-GCPWorkerImageProject.ps1bin/WorkerImages/Public/New-GCPWorkerImage.ps1bin/WorkerImages/Public/New-AzSharedWorkerImage.ps1bin/WorkerImages/Public/Remove-AzWorkerImage.ps1bin/WorkerImages/Public/Set-GCPWorkerImageName.ps1scripts/windows/CustomFunctions/Bootstrap/Public/Set-YAMLModule.ps1scripts/windows/CustomFunctions/Bootstrap/Public/Set-ReleaseNotes2.ps1scripts/windows/CustomFunctions/Bootstrap/Public/Start-AzRoninPuppet.ps1scripts/windows/CustomFunctions/Bootstrap/Public/Set-OOBE.ps1scripts/windows/CustomFunctions/Bootstrap/Public/Set-PesterVersion.ps1scripts/windows/CustomFunctions/Bootstrap/Public/Set-ReleaseNotes.ps1scripts/windows/CustomFunctions/Bootstrap/Public/Set-AzRoninRepo.ps1scripts/windows/CustomFunctions/Bootstrap/Public/Set-MarkdownPSModule.ps1scripts/windows/CustomFunctions/Bootstrap/Public/Set-Logging.ps1scripts/windows/CustomFunctions/Bootstrap/Public/Set-RoninRegOptions.ps1provisioners/windows/MDC1Windows/OS-deploy.ps1provisioners/windows/MDC1Windows/Get-Bootstrap.ps1provisioners/windows/MDC1Windows/bootstrap.ps1provisioners/windows/MDC1Windows/utility_scripts/AuditAndPXE.ps1provisioners/windows/MDC1Windows/utility_scripts/SetPXE.ps1PSReviewUnusedParameter (30)
Declared parameters that are never referenced in the function body.
bin/WorkerImages/Public/New-AWSWorkerImage.ps1bin/WorkerImages/Public/New-AzSharedWorkerImage_temp.ps1bin/WorkerImages/Public/New-GCPWorkerImage.ps1bin/WorkerImages/Public/New-AzSharedWorkerImage.ps1scripts/windows/CustomFunctions/Bootstrap/Public/Set-ReleaseNotes2.ps1scripts/windows/CustomFunctions/Bootstrap/Public/Start-AzRoninPuppet.ps1scripts/windows/CustomFunctions/Bootstrap/Public/Set-AzRoninRepo.ps1scripts/windows/CustomFunctions/Bootstrap/Public/Install-AzPreReq.ps1scripts/windows/CustomFunctions/Bootstrap/Public/Invoke-RoninTest.ps1scripts/windows/CustomFunctions/Bootstrap/Public/Install-Pwsh.ps1scripts/windows/CustomFunctions/Bootstrap/Public/Get-InstalledSoftware.ps1provisioners/windows/MDC1Windows/OS-deploy.ps1provisioners/windows/MDC1Windows/Get-Bootstrap.ps1provisioners/windows/MDC1Windows/bootstrap.ps1provisioners/windows/MDC1Windows/utility_scripts/AuditAndPXE.ps1PSAvoidUsingCmdletAliases (20)
Using aliases (
%,?,select, etc.) instead of full cmdlet names.scripts/windows/CustomFunctions/Bootstrap/Public/Get-WinFactsCustomOS.ps1scripts/windows/tceng/generic-worker-win2022-staging.ps1scripts/windows/tceng/generic-worker-win2022.ps1scripts/windows/tceng/generic-worker-win2025-staging.ps1PSAvoidOverwritingBuiltInCmdlets (7)
scripts/windows/CustomFunctions/Bootstrap/Public/Write-Log.ps1scripts/windows/tceng/generic-worker-win2022-staging.ps1scripts/windows/tceng/generic-worker-win2022.ps1scripts/windows/tceng/generic-worker-win2025-staging.ps1provisioners/windows/MDC1Windows/Get-Bootstrap.ps1provisioners/windows/MDC1Windows/bootstrap.ps1provisioners/windows/MDC1Windows/utility_scripts/SetPXE.ps1PSAvoidAssignmentToAutomaticVariable (6)
scripts/windows/tceng/generic-worker-win2022-staging.ps1scripts/windows/tceng/generic-worker-win2022.ps1scripts/windows/tceng/generic-worker-win2025-staging.ps1provisioners/windows/MDC1Windows/bootstrap.ps1provisioners/windows/MDC1Windows/utility_scripts/AuditAndPXE.ps1PSPossibleIncorrectComparisonWithNull (4)
$nullshould be on the left side of comparisons.scripts/windows/tceng/generic-worker-win2022-staging.ps1scripts/windows/tceng/generic-worker-win2022.ps1scripts/windows/tceng/generic-worker-win2025-staging.ps1provisioners/windows/MDC1Windows/OS-deploy.ps1PSAvoidUsingInvokeExpression (3)
scripts/windows/tceng/generic-worker-win2022-staging.ps1scripts/windows/tceng/generic-worker-win2022.ps1scripts/windows/tceng/generic-worker-win2025-staging.ps1Other (remaining)
.psd1filesGet-WinFactsCustomOS.ps1Get-InstalledSoftware.ps1missingprocessblockOS-deploy.ps1:11bootstrap.ps1:950Suggested Next Steps
ConvertToSecureStringWithPlainText)PSAvoidUsingWriteHostin the root settings (intentional usage)PSUseShouldProcessForStateChangingFunctions(these are provisioning scripts, not interactive cmdlets)PSAvoidUsingCmdletAliasesandPSPossibleIncorrectComparisonWithNull(low effort, high value)PSAvoidUsingInvokeExpressionfor security implications