Updated on 2025-08-25 GMT+08:00

Project Parameter Encryption Check

Rule Details

Table 1 Rule details

Parameter

Description

Rule Name

cloudbuildserver-encryption-parameter-check

Identifier

Project Parameter Encryption Check

Description

If encryption is not enabled for custom parameters in a CodeArts project, this project is non-compliant.

Tag

codeartsbuild

Trigger Type

Configuration change

Filter Type

codeartsbuild.CloudBuildServer

Rule Parameters

None

Application Scenarios

You can set whether a parameter is private in the Parameters tab on the page for configuring the build task. If a parameter is private, the system encrypts the parameter for storage and only decrypts it for usage. Private parameters are not displayed in run logs. For details, see Configuring Parameters.

If a string-value parameter is not set to private, sensitive data (such as AK/SK and database passwords) may be disclosed.

Solution

Set parameters to private.

Rule Logic

  • If all custom string-value parameters are set to private, the check result is compliant.
  • If any custom string-value parameter is not private, the check result is non-compliant.