top of page

CodeBuild.2

CodeBuild project environment variables should not contain clear text credentials

Severity

Cloud Platforms

Resources

Related Standards

Automated

CRITICAL

AWS

AWS CodeBuild

AWS Foundational Best Practice, CIS v8, PCI DSS v3.2.1, CDR, ISO27001, SOC2, NIST CSF, NIST.800-53.r5,

YES

This AWS control checks whether the project contains environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.

bottom of page