Enable Encryption | Vulnerability Database

CodeBuild Project artifacts encryption should not be disabled

All artifacts produced by your CodeBuild project pipeline should always be encrypted

Impact

Recommended Actions

Follow the appropriate remediation steps below to resolve the issue.

Enable encryption for CodeBuild project artifacts

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24


Resources:
  GoodProject:
    Type: AWS::CodeBuild::Project
    Properties:
      Artifacts:
        ArtifactIdentifier: String
        EncryptionDisabled: false
        Location: String
        Name: String
        NamespaceType: String
        OverrideArtifactName: false
        Packaging: String
        Path: String
        Type: String
      SecondaryArtifacts:
        - ArtifactIdentifier: String
          EncryptionDisabled: false
          Location: String
          Name: String
          NamespaceType: String
          OverrideArtifactName: false
          Packaging: String
          Path: String
          Type: String

Enable encryption for CodeBuild project artifacts

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31


resource "aws_codebuild_project" "good_example" {
  // other config

  artifacts {
    // other artifacts config

    encryption_disabled = false
  }
}

resource "aws_codebuild_project" "good_example" {
  // other config

  artifacts {
    // other artifacts config
  }
}

resource "aws_codebuild_project" "codebuild" {
  // other config

  secondary_artifacts {
    // other artifacts config

    encryption_disabled = false
  }

  secondary_artifacts {
    // other artifacts config
  }
}

Remediation Links

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codebuild_project#encryption_disabled