Rule: CodeBuild GitHub or Bitbucket Source Repository URLs Should Use OAuth

This rule ensures that CodeBuild GitHub or Bitbucket source repository URLs are using OAuth for secure authentication.

Rule	CodeBuild GitHub or Bitbucket source repository URLs should use OAuth
Framework	PCI v3.2.1
Severity	✔ Critical

Rule Description:

The CodeBuild project requires that GitHub or Bitbucket source repository URLs use OAuth for Payment Card Industry Data Security Standard (PCI DSS) version 3 compliance.

Troubleshooting Steps:

If the CodeBuild project is not configured to use OAuth for GitHub or Bitbucket source repository URLs, you might encounter issues related to PCI compliance. To troubleshoot and resolve these issues, follow the steps provided below.

1.
Verify OAuth Integration:
- Check if the CodeBuild project has OAuth integration enabled for the chosen repository provider (GitHub or Bitbucket). If not, you will need to configure OAuth integration.

2.
Update Repository URLs:
- Update the repository URLs used by the CodeBuild project to use the OAuth integration URL. This ensures secure and compliant communication between CodeBuild and the repository.

Necessary Codes:

To enforce the use of OAuth for the GitHub or Bitbucket source repository URLs in your CodeBuild project, you need to modify the CodeBuild project configuration using the AWS Command Line Interface (CLI) or AWS CloudFormation.

Below is an example of a CloudFormation code snippet that can be used to configure the CodeBuild project:

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  MyCodeBuildProject:
    Type: AWS::CodeBuild::Project
    Properties:
      ...
      Source:
        Type: GITHUB
        Location: https://github.com/your-repo-url
        GitCloneDepth: 1
        Auth:
          Type: OAUTH
      ...

Replace

https://github.com/your-repo-url

with the actual URL of your GitHub or Bitbucket repository.

Step-by-Step Guide for Remediation:

Follow the step-by-step guide below to remediate the CodeBuild GitHub or Bitbucket source repository URLs to use OAuth:

1.

Open the AWS Management Console and navigate to the CodeBuild service.

2.

Select the relevant CodeBuild project that needs to be updated.

3.

Click on "Edit" to modify the project settings.

4.

In the "Source" section, locate the repository URL settings.

5.

Verify if the repository URL is already configured with OAuth integration. If not, follow the next step.

6.

Update the repository URL to use the OAuth integration URL provided by the chosen repository provider (GitHub or Bitbucket).

7.

Save the changes to update the CodeBuild project configuration.

By following the above steps, you have successfully remediated the CodeBuild project to use OAuth for GitHub or Bitbucket source repository URLs, ensuring compliance with PCI DSS version 3.

Rule: CodeBuild GitHub or Bitbucket Source Repository URLs Should Use OAuth

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Codes:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step-by-Step Guide for Remediation:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Troubleshooting Steps:

Necessary Codes:

Step-by-Step Guide for Remediation:

Is your System Free of Underlying Vulnerabilities?
Find Out Now