💼 [CodeBuild.1] CodeBuild Bitbucket source repository URLs should not contain sensitive credentials

Contextual name: 💼 [CodeBuild.1] CodeBuild Bitbucket source repository URLs should not contain sensitive credentials
ID: /frameworks/aws-fsbp-v1.0.0/codebuild/01
Located in: 💼 CodeBuild

Description

Sign-in credentials shouldn't be stored or transmitted in clear text or appear in the source repository URL. Instead of personal access tokens or sign-in credentials, you should access your source provider in CodeBuild, and change your source repository URL to contain only the path to the Bitbucket repository location. Using personal access tokens or sign-in credentials could result in unintended data exposure or unauthorized access.

Similar

AWS Security Hub
- https://docs.aws.amazon.com/securityhub/latest/userguide/codebuild-controls.html#codebuild-1
Internal
- ID: dec-c-cd4be6a9

Similar Sections (Give Policies To)

Section	Sub Sections	Policies
💼 NIST SP 800-53 Revision 5 → 💼 SA-3 System Development Life Cycle	3	4
💼 PCI DSS v3.2.1 → 💼 8.2.1 Using strong cryptography, render all authentication credentials unreadable during transmission and storage on all system components.		14
💼 PCI DSS v4.0.1 → 💼 8.3.2 Strong cryptography is used to render all authentication factors unreadable during transmission and storage on all system components.		14

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (1)

Policy	Logic Count	Flags
📝 AWS CodeBuild Project Bitbucket Source Location URL contains credentials 🟢	1	🟢 x6

Internal Rules

Rule	Policies	Flags
✉️ dec-x-cc74149f	1

Description​

Similar​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​

Internal Rules​