Codebuild Github or Bitbucket doesnt use OAuth

Data protection

Codebuild Github or Bitbucket doesnt use OAuth

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

AWS Foundational Security Best Practices Controls
CCPA
CPRA
HITRUST
ISO/IEC 27001
Mitre ATT&CK
mpa
New Zealand Information Security Manual
NIST 800-53
PDPA

Description

Codebuild compiles the source code, runs unit tests, and generates deployable artifacts. Using personal access tokens or a user name and password could expose credentials to unintended data exposure and unauthorized access. using OAuth to grant authorization for accessing GitHub or Bitbucket repositories, is better than using personal access tokens or user name and password

Recommended Mitigation

It is recommended using OAuth as a third party, instead of using a personal token, when building github or bitbucket. For more details go to: <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-codebuild-1" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-codebuild-1</a>

Codebuild Github or Bitbucket doesnt use OAuth

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS