Checks/Aws/Test-CodebuildProjectNoSecretsInVariables.ps1
|
function Test-CodebuildProjectNoSecretsInVariables { <# .SYNOPSIS CodeBuild project has no sensitive credentials in plaintext environment variables .DESCRIPTION **AWS CodeBuild projects** are inspected for **plaintext environment variables** (`PLAINTEXT`) that resemble **secrets** (keys, tokens, passwords). Such values indicate sensitive data is stored directly in environment variables instead of being sourced securely. .PARAMETER Check CIEMCheck object containing check metadata. #> [CmdletBinding()] [OutputType([PSCustomObject[]])] param( [Parameter(Mandatory)] [CIEMCheck]$Check ) $ErrorActionPreference = 'Stop' # TODO: Implement check logic based on Prowler check: codebuild_project_no_secrets_in_variables [CIEMScanResult]::Create($Check, 'MANUAL', 'This check requires manual implementation. See Prowler check codebuild_project_no_secrets_in_variables for reference.', 'N/A', 'codebuild Resources') } |