Enable Encryption | Vulnerability Database

CodeBuild Project artifacts encryption should not be disabled

All artifacts produced by your CodeBuild project pipeline should always be encrypted

Impact

CodeBuild project artifacts are unencrypted

Recommended Actions

Follow the appropriate remediation steps below to resolve the issue.

Enable encryption for CodeBuild project artifacts

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25


Resources:
  GoodProject:
    Type: AWS::CodeBuild::Project
    Properties:
      Artifacts:
        ArtifactIdentifier: "String"
        EncryptionDisabled: false
        Location: "String"
        Name: "String"
        NamespaceType: "String"
        OverrideArtifactName: false
        Packaging: "String"
        Path: "String"
        Type: "String"
      SecondaryArtifacts:
        - ArtifactIdentifier: "String"
          EncryptionDisabled: false
          Location: "String"
          Name: "String"
          NamespaceType: "String"
          OverrideArtifactName: false
          Packaging: "String"
          Path: "String"
          Type: "String"

Enable encryption for CodeBuild project artifacts

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32


 resource "aws_codebuild_project" "good_example" {
 	// other config
 
 	artifacts {
 		// other artifacts config
 
 		encryption_disabled = false
 	}
 }
 
 resource "aws_codebuild_project" "good_example" {
 	// other config
 
 	artifacts {
 		// other artifacts config
 	}
 }
 
 resource "aws_codebuild_project" "codebuild" {
 	// other config
 
 	secondary_artifacts {
 		// other artifacts config
 
 		encryption_disabled = false
 	}
 
 	secondary_artifacts {
 		// other artifacts config
 	}
 }
 

Remediation Links

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codebuild_project#encryption_disabled