Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: CodeBuild GitHub or Bitbucket Source Repository URLs Should Use OAuth

This rule ensures that CodeBuild projects use OAuth for GitHub or Bitbucket source repository URLs.

RuleCodeBuild GitHub or Bitbucket source repository URLs should use OAuth
FrameworkSOC 2
Severity
Critical

Rule Description:

The rule states that CodeBuild source repository URLs for GitHub or Bitbucket should use OAuth for SOC 2 compliance. This means that instead of using personal access tokens or other credentials for authentication, OAuth should be utilized to securely authenticate and authorize access to the source code repositories.

Troubleshooting Steps:

If you encounter any issues or errors related to CodeBuild source repository URLs not using OAuth, you can follow these troubleshooting steps:

  1. 1.

    Verify OAuth Integration: Double-check if the OAuth integration with the chosen source repository (GitHub or Bitbucket) has been properly set up. Ensure that the required permissions are granted to CodeBuild for accessing the repository.

  2. 2.

    Review OAuth Configuration: Review the OAuth configuration settings for CodeBuild and make sure they align with the best practices and guidelines provided by the source repository provider. Confirm that the necessary redirect URIs and client IDs have been configured correctly.

  3. 3.

    Check OAuth Token Expiration: Examine the OAuth tokens being used by CodeBuild and validate their expiration dates. If the tokens have expired, refresh them by following the appropriate steps provided by the source repository provider.

  4. 4.

    Review OAuth Scopes: Verify that the OAuth scopes granted to CodeBuild are appropriate and limit access only to the required resources. Avoid excess permissions that could compromise the security of the source repository.

  5. 5.

    Confirm OAuth Two-Factor Authentication: Ensure that two-factor authentication (2FA) is enabled for the OAuth integration with the source repository. This adds an additional layer of security and helps prevent unauthorized access.

  6. 6.

    Review CodeBuild IAM Roles: Confirm that the IAM roles assigned to CodeBuild have the necessary permissions to interact with the source repository using OAuth. Rectify any missing or incorrect permissions.

Necessary Codes:

There are no specific codes associated with this rule. The implementation of OAuth in CodeBuild for GitHub or Bitbucket source repositories is primarily configuration-based rather than code-based.

Step-by-Step Guide for Remediation:

Follow these step-by-step instructions to remediate CodeBuild source repository URLs not using OAuth for SOC 2 compliance:

Step 1: Verify OAuth Integration

  1. 1.
    Access the chosen source repository provider's OAuth settings.
  2. 2.
    Review the integration setup and ensure it aligns with best practices and guidelines.
  3. 3.
    Confirm that the required permissions are granted to CodeBuild for accessing the repository.

Step 2: Review OAuth Configuration

  1. 1.
    Review the OAuth configuration settings in CodeBuild.
  2. 2.
    Cross-check the configuration against the source repository provider's documentation.
  3. 3.
    Make sure the redirect URIs and client IDs are accurately configured.

Step 3: Check OAuth Token Expiration

  1. 1.
    Monitor the expiration dates of OAuth tokens used by CodeBuild.
  2. 2.
    If any tokens have expired or near expiration, follow the appropriate steps provided by the source repository provider to refresh them.

Step 4: Review OAuth Scopes

  1. 1.
    Validate the OAuth scopes granted to CodeBuild.
  2. 2.
    Ensure that the scopes limit access only to the necessary resources.
  3. 3.
    Remove any excess permissions to maintain a secure environment.

Step 5: Confirm OAuth Two-Factor Authentication

  1. 1.
    Enable two-factor authentication (2FA) for the OAuth integration with the chosen source repository.
  2. 2.
    Follow the steps provided by the source repository provider to set up and configure 2FA.

Step 6: Review CodeBuild IAM Roles

  1. 1.
    Verify the IAM roles assigned to CodeBuild.
  2. 2.
    Ensure that the roles have the correct permissions for interacting with the source repository using OAuth.
  3. 3.
    Make any necessary adjustments or additions to the IAM roles.

By following these steps, you can ensure that CodeBuild source repository URLs for GitHub or Bitbucket use OAuth, aligning with SOC 2 compliance requirements.

Is your System Free of Underlying Vulnerabilities?
Find Out Now