CodeBuild source credentials should be stored and transmitted securely

codebuild
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

This control verifies if AWS CodeBuild source credentials include personal access tokens or basic authentication credentials (username and password). It is applicable only to credentials for GitHub or Bitbucket sources, as only these sources support insecure repository access methods.

Using personal access tokens or basic authentication may lead to unintended data exposure or unauthorized access. Secure methods to access source respositories include AWS CodeConnections, AWS Secrets Manager, or OAuth.

Remediation

For guidance on updating CodeBuild source provider settings, refer to the Access your source provider in CodeBuild section of the AWS CodeBuild User Guide.