Benchmark: 6.3.a Examine written software-development processes to verify that the processes are based on industry standards and/or best practices
Description
Without the inclusion of security during the requirements definition, design, analysis, and testing phases of software development, security vulnerabilities can be inadvertently or maliciously introduced into the production environment. Understanding how sensitive data is handled by the application—including when stored, transmitted, and when in memory—can help identify where data needs to be protected.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 6.3.a Examine written software-development processes to verify that the processes are based on industry standards and/or best practices.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v321_requirement_6_3_a
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v321_requirement_6_3_a --share
Controls
- CodeBuild project environments should not have privileged mode enabled
- CodeBuild project plaintext environment variables should not contain sensitive AWS values
- CodeBuild GitHub or Bitbucket source repository URLs should use OAuth