Bridgecrew Policy ID: BC_GIT_53
Chekov Check ID: CKV_SECRET_53
Netlify provides a platform for building, deploying, and scaling websites whose source files are stored in the version control system Git and then generated into static web content files served via a Content Delivery Network. The platform also provides services and features of serverless computing and edge computing, offering serverless functions that are version-controlled, built, and deployed alongside frontend code.
You can generate a personal access token in your Netlify user settings for manual authentication in shell scripts or commands that use the Netlify API. If you’re making a public integration with Netlify for others to enjoy, you must use OAuth2. This allows users to authorize your application to use Netlify on their behalf without having to copy/paste API tokens or touch sensitive login info. You’ll need an application client key and a client secret to integrate with the Netlify API.
Fix - Buildtime
To revoke your user access token for Netlify CLI, go to your Netlify user Applications settings
For access granted using the netlify login command, scroll to the Authorized applications section, and find Netlify CLI. Select Options > Revoke access.
If you manually created a personal access token, you can find it in the Personal access tokens section. Select Options > Delete personal token.
Updated 4 months ago