#aws-codebuild

[ follow ]
#cicd #devops #amazon-ecr #regex-misconfiguration #supply-chain-compromise #credential-leakage
fromInfoQ
14 hours ago

Two Missing Characters: How a Regex Flaw Exposed AWS GitHub Repos to Supply-Chain Risk

Wiz Security's research team identified that a subset of repositories configured regular expressions for AWS CodeBuild webhook filters intended to limit trusted actor IDs, but these filters were insufficient, allowing a predictably acquired actor ID to gain administrative permissions. The four affected repositories that put the AWS Console supply chain at risk were the AWS SDK for JavaScript v3, the general-purpose cryptographic library aws-lc, amazon-corretto-crypto-provider, and awslabs/open-data-registry, a repository of publicly available datasets accessible from AWS resources.
Information security
fromInfoWorld
1 week ago

Possible software supply chain attack through AWS CodeBuild service blunted

Enterprises must prevent public exposure of build environments by centralizing repository ownership and using private hosting to reduce attack surface.
Information security
fromThe Hacker News
1 week ago

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

A CodeBuild misconfiguration (CodeBreach) allowed unauthenticated attackers to hijack AWS-managed GitHub repositories, risking supply-chain and platform-wide compromise across AWS environments.
Software development
fromAmazon Web Services
1 month ago

How Kaltura Accelerates CI/CD Using AWS CodeBuild-hosted Runners | Amazon Web Services

Migrating CI/CD runners from self-managed EKS to AWS CodeBuild-hosted runners cut costs 60%, reduced DevOps overhead 90%, and sped build queues 66%.
#amazon-ecr
more#amazon-ecr
DevOps
fromInfoQ
7 months ago

AWS CodeBuild Introduces Docker Server Capability to Accelerate CI/CD Pipelines

AWS boosts CodeBuild with dedicated Docker servers, reducing image build times.
Persistent Docker servers enhance CI/CD efficiency and consistency.
[ Load more ]