AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-12-10 · Documentation low

File: prescriptive-guidance/latest/patterns/automatically-build-and-deploy-a-java-application-to-amazon-eks-using-a-ci-cd-pipeline.md

Summary

Updated references from 'AWS Security Hub' to 'AWS Security Hub CSPM', removed deprecated CodeCommit notices, added CodeGuru Reviewer deprecation note

Security assessment

Changes primarily involve rebranding Security Hub to Security Hub CSPM and service deprecation notices. No evidence of addressing specific vulnerabilities or security weaknesses. Updates reflect product naming changes and service lifecycle updates without introducing new security content.

Diff

diff --git a/prescriptive-guidance/latest/patterns/automatically-build-and-deploy-a-java-application-to-amazon-eks-using-a-ci-cd-pipeline.md b/prescriptive-guidance/latest/patterns/automatically-build-and-deploy-a-java-application-to-amazon-eks-using-a-ci-cd-pipeline.md
index b6dd04002..0c9d6cfe3 100644
--- a//prescriptive-guidance/latest/patterns/automatically-build-and-deploy-a-java-application-to-amazon-eks-using-a-ci-cd-pipeline.md
+++ b//prescriptive-guidance/latest/patterns/automatically-build-and-deploy-a-java-application-to-amazon-eks-using-a-ci-cd-pipeline.md
@@ -40 +40 @@ AWS CLI version 2 must be configured with the same AWS Identity and Access Manag
-AWS Security Hub is enabled as part of the CloudFormation templates that are included in the code for this pattern. By default, after Security Hub is enabled, it comes with a 30–day free trial. After the trial, there is a cost associated with this AWS service. For more information about pricing, see [AWS Security Hub pricing](https://aws.amazon.com/security-hub/pricing/).
+AWS Security Hub CSPM is enabled as part of the CloudFormation templates that are included in the code for this pattern. By default, after Security Hub CSPM is enabled, it comes with a 30–day free trial. After the trial, there is a cost associated with this AWS service. For more information about pricing, see [AWS Security Hub CSPM pricing](https://aws.amazon.com/security-hub/pricing/).
@@ -63,2 +62,0 @@ AWS Security Hub is enabled as part of the CloudFormation templates that are inc
-**Notice** : AWS CodeCommit is no longer available to new customers. Existing customers of AWS CodeCommit can continue to use the service as normal. [Learn more](https://aws.amazon.com/blogs/devops/how-to-migrate-your-aws-codecommit-repository-to-another-git-provider/). However, this solution will work with any version control system (VCS) Git provider such as GitHub or GitLab with minimal changes.
-
@@ -75 +73 @@ AWS Security Hub is enabled as part of the CloudFormation templates that are inc
-  * AWS Security Hub
+  * AWS Security Hub CSPM
@@ -99,0 +98,4 @@ The diagram shows the following workflow:
+###### Note
+
+As of November 7, 2025, you can't create new repository associations in Amazon CodeGuru Reviewer. To learn about services with capabilities similar to CodeGuru Reviewer, see [Amazon CodeGuru Reviewer availability change](https://docs.aws.amazon.com/codeguru/latest/reviewer-ug/codeguru-reviewer-availability-change.html) in the CodeGuru Reviewer documentation. 
+
@@ -104 +106 @@ The diagram shows the following workflow:
-  9. The vulnerabilities detected from step 8 are uploaded to Security Hub for further analysis by developers or engineers. Security Hub provides an overview and recommendations for remediating the vulnerabilities.
+  9. The vulnerabilities detected from step 8 are uploaded to Security Hub CSPM for further analysis by developers or engineers. Security Hub CSPM provides an overview and recommendations for remediating the vulnerabilities.
@@ -127,2 +128,0 @@ The diagram shows the following workflow:
-**Notice** : AWS CodeCommit is no longer available to new customers. Existing customers of AWS CodeCommit can continue to use the service as normal. [Learn more](https://aws.amazon.com/blogs/devops/how-to-migrate-your-aws-codecommit-repository-to-another-git-provider/)
-
@@ -131,2 +130,0 @@ The diagram shows the following workflow:
-  * [Amazon CodeGuru Reviewer](https://docs.aws.amazon.com/codeguru/latest/reviewer-ug/welcome.html) uses program analysis and machine learning to detect potential defects that are difficult for developers to find and offers suggestions for improving your Java and Python code.
-
@@ -143 +141 @@ The diagram shows the following workflow:
-  * [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) provides a comprehensive view of your security state on AWS. It also helps you check your AWS environment against security industry standards and best practices.
+  * [AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) provides a comprehensive view of your security state on AWS. It also helps you check your AWS environment against security industry standards and best practices.
@@ -302 +300 @@ Task| Description| Skills required
-Turn on Aqua Security integration.| This step is required for uploading the Docker image vulnerability findings reported by Trivy to Security Hub. Because CloudFormation doesn’t support Security Hub integrations, this process must be done manually.
+Turn on Aqua Security integration.| This step is required for uploading the Docker image vulnerability findings reported by Trivy to Security Hub CSPM. Because CloudFormation doesn’t support Security Hub CSPM integrations, this process must be done manually.
@@ -304 +302 @@ Turn on Aqua Security integration.| This step is required for uploading the Dock
-  1. Open the [AWS Security Hub console](https://console.aws.amazon.com/securityhub/), and navigate to **Integrations**.
+  1. Open the [AWS Security Hub CSPM console](https://console.aws.amazon.com/securityhub/), and navigate to **Integrations**.
@@ -349 +347 @@ In this example, the pipeline doesn’t fail when Docker image vulnerabilities a
-  3. Docker image vulnerabilities reported by Aqua Security Trivy are uploaded to Security Hub. On the Security Hub console, navigate to **Findings**. Filter the findings with **Record** **State = Active** and **Product = Aqua Security**. This lists the Docker image vulnerabilities in Security Hub. It can take 15 minutes to an hour for vulnerabilities to appear in Security Hub.
+  3. Docker image vulnerabilities reported by Aqua Security Trivy are uploaded to Security Hub CSPM. On the Security Hub CSPM console, navigate to **Findings**. Filter the findings with **Record** **State = Active** and **Product = Aqua Security**. This lists the Docker image vulnerabilities in Security Hub CSPM. It can take 15 minutes to an hour for vulnerabilities to appear in Security Hub CSPM.
@@ -380,2 +377,0 @@ Validate application profiling.| After the deployment is complete and the applic
-  * AWS CodeCommit is no longer available to new customers. Existing customers of AWS CodeCommit can continue to use the service as normal. [Learn more](https://aws.amazon.com/blogs/devops/how-to-migrate-your-aws-codecommit-repository-to-another-git-provider/). This solution will also work with any version control system (VCS) Git provider such as GitHub or GitLab with minimal changes.
-
@@ -387,0 +384,4 @@ Validate application profiling.| After the deployment is complete and the applic
+###### Note
+
+As of November 7, 2025, you can't create new repository associations in Amazon CodeGuru Reviewer. To learn about services with capabilities similar to CodeGuru Reviewer, see [Amazon CodeGuru Reviewer availability change](https://docs.aws.amazon.com/codeguru/latest/reviewer-ug/codeguru-reviewer-availability-change.html) in the CodeGuru Reviewer documentation.
+