Codebuild project with public visibility

Data at risk

Codebuild project with public visibility

Risk Level

Hazardous (3)

Platform(s)

Compliance Frameworks

Orca Best Practices

Description

Codebuild generates deployable artifacts by compiling the source code, running unit tests, and generating deployable artifacts. It was detected that the Codebuild project {AwsCodebuildProject} is enabled for public build access. As a result, all of the project's build results, logs, and artifacts, including builds that were run when the project was private, are available to the public. Moreover, environment variables, source code, and other sensitive information may have been output to the build logs and artifacts. Also, a malicious user may use public builds to distribute malicious artifacts.

Recommended Mitigation

It is recommended to make your project's build results private, by clearing 'Enable public build access' option. For more information: https://docs.aws.amazon.com/codebuild/latest/userguide/change-project-console.html#change-project-console.public-builds

Codebuild project with public visibility

Description

Need help?