Skip to content
Web App
Verified

RepoFabric

RepoFabric is a self-hosted WinGet source platform for Microsoft-managed fleets. It provides Entra ID sign-in, one-click Intune policy export (DesktopAppInstaller CSP) to point endpoints to a private source, Azure Arc readiness, and a GUI admin console. It also offers a REST API and a 48-cmdlet PowerShell module, GitOps manifests, scheduled sync, and LAN peer-caching to reduce bandwidth.

Security Analysis

6of 6
All Checks Passed

50 files scanned on Jul 14, 2026

No Obfuscated Code
No Remote Execution
No Credential Theft
No Data Exfiltration
No Malicious Patterns
No Hardcoded Secrets
AI Analysis

Overall assessment: The RepoFabric client code appears to be legitimate admin tooling for managing a private WinGet source and related client defaults in an Intune/enterprise environment. There are no obfuscated payloads or direct remote code execution vectors. However, there are security considerations: (1) hardcoded/seeding secret templates in deployment scripts can lead to credential exposure if mishandled; (2) privileged actions (certificate import, registry edits, zone mappings) require strict RBAC and auditing; (3) error handling/logging could be improved for better traceability. Enforce secret management, validate REST sources, and standardize logging to strengthen the security posture.

You might also like

Web App

OIB Deployer

OIB Deployer automates the deployment of OpenIntuneBaseline configurations within Microsoft Intune, enabling rapid, repeatable rollouts of baseline security policies and device configurations. It supports policy templating, script deployment, and integration with community-provided baseline content, with built-in logging and error reporting for auditability. Ideal for IT admins seeking consistent, scalable endpoint security across devices.

James RobinsonJames Robinson
Web App

TenuVault

TenuVault is a safe backup and restore solution for Microsoft Intune configurations. It backs up Intune policies to JSON files, detects configuration drift, and restores by creating new policies with a [Restored] prefix - never overwriting existing ones. It supports multiple export formats (JSON, CSV, HTML), full audit logs, and a read-only backup model with preview mode to ensure non-destructive changes.

Ugur KocUgur Koc
Web App

Windows LAPS Self‑Service Portal

Windows LAPS Self-Service Portal lets users securely retrieve the LAPS password for their own device without helpdesk tickets. Built on Azure Static Web Apps + Azure Functions and Entra ID, it enforces an only-my-device rule, requires a justification, and auto-hides the password after 60 seconds. Every access is auditable in Azure Table Storage, with a zero-stored-secrets design and Graph access via a Managed Identity.

D
Daniel Fraubaum
Desktop App

DUDE Manager

DUDE Manager is a Windows PowerShell WPF GUI that configures, deploys, and monitors the DUDE automation engine, which dynamically synchronizes Intune device groups with Entra ID user groups. The sync runs in Azure Functions with a Managed Identity, supports transitive membership and nested groups, and includes safety rails (no shared credentials, prefix allowlists, blast-radius limiter, debug mode). The GUI handles deployment and monitoring, with ARM64 browser login for devices lacking WAM, and supports delegation features via Administrative Units and Defender tags.

Daniel PetriDaniel Petri