CodeBuild Project artifacts encryption should not be disabled
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | codebuild |
| Provider | AWS |
| Vulnerability Type | misconfiguration |
Description#
The CodeBuild project is configured with artifact encryption disabled, causing build outputs to be stored in an unencrypted state. This exposes sensitive build artifacts to unauthorized access if storage is compromised.
Impact#
Unencrypted CodeBuild artifacts can be accessed or tampered with by anyone who gains access to the storage location, potentially leading to exposure of proprietary code, credentials, or other sensitive information, and increasing the risk of data breaches or supply chain attacks.
Resolution#
Enable encryption for CodeBuild project artifacts