CodeBuild Project Contains Plain Text Credentials

Tenacity Id

Risk Level

Categories

codebuild-001

5

Last Updated:

April 21, 2022

CodeBuild Project contains AWS_ACCESS_KEY_ID or AWS_SECRET_ACCESS_KEY as a plain text environment value. This should be an encrypted field or referenced via a Key Vault such as AWS Secrets Manager.