CodeBuild Not Encrypted
- Query id: a1423864-2fbc-4f46-bfe1-fbbf125c71c9
- Query name: CodeBuild Not Encrypted
- Platform: Ansible
- Severity: Medium
- Category: Encryption
- CWE: 311
- URL: Github
Description¶
CodeBuild Project should be encrypted
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: My project
community.aws.aws_codebuild:
description: My nice little project v2
service_role: "arn:aws:iam::123123:role/service-role/code-build-service-role"
source:
type: CODEPIPELINE
buildspec: ''
artifacts:
namespaceType: NONE
packaging: NONE
type: CODEPIPELINE
name: my_project
environment:
computeType: BUILD_GENERAL1_SMALL
privilegedMode: "true"
image: "aws/codebuild/docker:17.09.0"
type: LINUX_CONTAINER
region: us-east-1
state: present
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: My project v2
community.aws.aws_codebuild:
description: My nice little project
service_role: arn:aws:iam::123123:role/service-role/code-build-service-role
source:
type: CODEPIPELINE
buildspec: ''
artifacts:
namespaceType: NONE
packaging: NONE
type: CODEPIPELINE
name: my_project
environment:
computeType: BUILD_GENERAL1_SMALL
privilegedMode: 'true'
image: aws/codebuild/docker:17.09.0
type: LINUX_CONTAINER
encryption_key: arn:aws:kms:us-east-1:123123:alias/aws/s3
region: us-east-1
state: present