Data protection

Codebuild Github or Bitbucket doesnt use OAuth

Description

Codebuild compiles the source code, runs unit tests, and generates deployable artifacts. Using personal access tokens or a user name and password could expose credentials to unintended data exposure and unauthorized access. using OAuth to grant authorization for accessing GitHub or Bitbucket repositories, is better than using personal access tokens or user name and password
  • Recommended Mitigation

    It is recommended using OAuth as a third party, instead of using a personal token, when building github or bitbucket. For more details go to: <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-codebuild-1" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-codebuild-1</a>