Skip to main content

Integrate Repositories

To start using Lacework's Code Security, you must first integrate a code repository in the Lacework Console. Once repositories are integrated, you can enable/disable them or adjust their permissions. For more information, go to Integrated Organizations and Repositories.

Integrate a Code Repository

To integrate a code repository into Lacework:

  1. Log in to the Lacework Console.
  2. Go to Settings > Integrations > Code repositories.
  3. Click Add integration.
  4. Select an integration type:
note

If you add a new repository to your organization, the repository is not scanned by Lacework until the next daily scan.

Integrate with a Git Provider

Once you select Git provider, you must select which provider you are integrating with and then click Start integration. We currently support the following providers:

tip

The Setup guide shown on the right side of the integration wizard details important information such as prerequisites for GitHub and GitLab.

GitHub

To integrate with GitHub, you must install and configure the Lacework Code Security App:

  1. Click Go to GitHub and sign in to your desired organization.
  2. Select the organization you wish to integrate and click Configure.
  3. Select All repositories or Only select repositories.
    1. If you select Only select repositories, use the dropdown to select the repositories you would like Lacework to scan.
  4. Click Install & Authorize.
note

You must have admin-level access to all of your repositories.

GitHub automatically redirects you back to the Lacework Console to confirm the integration was successful. If it was successful, the Console displays an updated list of your organizations and repositories. Click Close to exit the integration wizard.

GitLab

Integrating Lacework with GitLab requires token-based authentication. Before you create a Group Access Token, you should decide which GitLab Groups you want Lacework to scan and choose one to start with. Visit the GitLab Documentation for help creating a Group Access Token.

note

The token you create must have both read_repository and api scopes selected.

Once you have created a Group Access Token, you can integrate with GitLab:

  1. Click Go to GitLab.
  2. Log in to your GitLab Account.
  3. Click Authorize.
  4. In the Lacework Console, enter your Group Access Token and use the dropdown the select the corresponding GitLab group.
  5. Click Test integration.

Once the test returns Integration successful, click Next. The Code Security App then scans and lists the integrated organizations and repositories. Click Close to exit the integration wizard.

Bitbucket

Integrating with Bitbucket requires the use of the Lacework Code Security App. To grant the app permission to scan your Bitbucket repositories:

  1. Click Go to Bitbucket.
  2. Log in to your Bitbucket account.
  3. Click Grant access to give the app access.
  4. Use the Authorize for workspace drop down to select a workspace.
  5. Click Grant access to install the Code Security App.
  6. Accept the Terms of Service.
  7. Click Connect Bitbucket.
  8. In the Lacework Console, use the Bitbucket workspace drop down to select the workplace you want to give IaC access to.
  9. Click Grant access.

If the Bitbucket integration is successful, the app scans and lists your organizations and repositories in the Console. Click Close to exit the integration wizard.

Integrate with a CI/CD Pipeline

To integrate with a CI/CD Pipeline, you must first select your desired CI/CD provider. Then click Start integration. We currently support the following providers:

note

For each CI/CD integration, you must create a new API key within Lacework. To create a new API key:

  1. Click Create new API key.
  2. Enter a name and description for the key.
  3. Click Create and download key.

Jenkins

After you have created a new API key in the Lacework Console, you must add LW_API_KEY and LW_API_SECRET as “Secret text” credentials in your Jenkins configuration. After you have created the secret text credentials and added them to your Jenkins configuration, you must prepare an env.list file. Click the copy to clipboard icon to copy the script and paste it into your workspace. For more information go to Jenkins Integration.

Once you have completed the Jenkins integration, go to the Lacework Console and click Done to finish integrating your Jenkins CI/CD Pipeline.

GitHub Actions

Once you have created a new API key in the Lacework Console, you must create and configure 3 new secrets (LW_ACCOUNT, LW_API_KEY, and LW_API_SECRET) in GitHub. Then, click the copy to clipboard icon in the Lacework Console and use the example to configure a new GitHub Action. For more information, consult GitHub integration or the GitHub documentation. Click Done in the Lacework Console to complete the integration.

GitLab Pipelines

After you have created a new API key in the Lacework Console, you must create 3 new variables (LW_ACCOUNT, LW_API_KEY, and LW_API_SECRET) and add them to your GitLab project or group. Once you have added the variables to GitLab, click the copy to clipboard icon in the Lacework Console to copy and paste the example pipeline into your environment. For more information, go to GitLab integration or refer to the GitLab docs. Click Done in the Lacework Console to complete the integration.

Scan Local Code on Your Workstation

Lacework's local code scanning allows you to scan code written on your workstation as it is written. To start a local code integration:

  1. Click Locally.
  2. Select Scan on my workstation.
  3. Click Start integration

To allow Lacework to scan your local code, you must install the Lacework CLI and configure the CLI with lacework configure.

Once you have installed and configured the Lacework CLI, you must install and configure the Infrastructure as Code (IaC) component.

  1. In the Lacework CLI, run: lacework component install iac.
  2. Then:
    • If the current IaC profile has not already been configured, you can start using lacework iac ....
    • If the current IaC profile has already been configured, run lacework iac config reconfig --reset.

Then click Next.

The Lacework Console will now provide you a link to your private scan results. Click the link to view your results.

note

Scan results from your workstation can only be viewed through this link. The results are not included with the other assessments for your repository.

Integrated Organizations and Repositories

You can view, edit, delete, or enable/disable integrated organization and repositories in the Lacework Console:

  1. Log in to the Lacework Console.
  2. Go to Settings > Integrations > Code repositories.

Git Organizations

Use the Git org dropdown to change groups of repositories. Click Org settings to view or edit organization details and permissions:

  • The Details tab enables you to edit organization details, such as the display name, or delete an organization from your integrated code repositories.
  • Go to the Permissions tab to view merge request and commenting permissions for each organization. Click the edit icon to change these permissions or for more information.

Repositories

Once you have selected your desired Git organization from the dropdown, a table lists your repository integrations and allows you to refresh, filter, or search the list. The table includes the following information:

  • The Repository column provides the name for each integrated repository.
  • The Provider column names the Git provider that you integrated that repository with.
  • Use the toggle in the State column to enable or disable scanning for each repository. Upon integration, each repository is set to enabled.