aws-codebuild-run-build icon indicating copy to clipboard operation
aws-codebuild-run-build copied to clipboard

Published 20 hours ago verified publisher icon aws-actions

Prevent build spec override

Open jaidisido opened this issue 2 years ago • 1 comments

We are interested in leveraging this Github action to trigger CB projects when a PR is created in our repo, however we are not comfortable with the idea that the buildspec can be overridden. A malicious user could modify the spec to perform actions beyond those allowed. Is there a way to prevent this behaviour via an IAM condition or any other way?

jaidisido avatar Jul 14 '23 16:07 jaidisido