💼 [CodeBuild.1] CodeBuild Bitbucket source repository URLs should not contain sensitive credentials

ID: /frameworks/aws-fsbp-v1.0.0/codebuild/01

Description

Sign-in credentials shouldn't be stored or transmitted in clear text or appear in the source repository URL. Instead of personal access tokens or sign-in credentials, you should access your source provider in CodeBuild, and change your source repository URL to contain only the path to the Bitbucket repository location. Using personal access tokens or sign-in credentials could result in unintended data exposure or unauthorized access.

Similar

AWS Security Hub
- https://docs.aws.amazon.com/securityhub/latest/userguide/codebuild-controls.html#codebuild-1
Internal
- ID: dec-c-cd4be6a9

Similar Sections (Give Policies To)

Section	Sub Sections	Policies	Compliance
💼 NIST SP 800-53 Revision 5 → 💼 SA-3 System Development Life Cycle	3	4	no data
💼 PCI DSS v3.2.1 → 💼 8.2.1 Using strong cryptography, render all authentication credentials unreadable during transmission and storage on all system components.		14	no data
💼 PCI DSS v4.0.1 → 💼 8.3.2 Strong cryptography is used to render all authentication factors unreadable during transmission and storage on all system components.		14	no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ AWS CodeBuild Project Bitbucket Source Location URL contains credentials🟢	1	🟢 x6	no data

Internal Rules

Rule	Policies	Flags
✉️ dec-x-cc74149f	1

Description​

Similar​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​

Internal Rules​