Code Security Assessments
The default landing page for Code Security in the Lacework Console is the Assessments page. To access this page, log in to the Lacework Console and select Code Security > IaC in the main sidebar menu.
The Assessments page displays the latest assessment data for each repository in an integrated organization. The dropdown in the upper right-hand corner of the page displays the organization that is currently selected. To change the organization, use the dropdown to select a different organization. Click Refresh Orgs to be directed to the code repository integration wizard. Go to Integrate Repositories for more information.
Click Add integration next to the organization drop down to integrate a new repository or organization.
Repositories
The repositories tab of the assessments page features a table with summaries for each of the repositories in your selected organization. Click the Open in new window icon next to the repository name to go to the repository.
Click the refresh icon to refresh the data in the table. Use the Contains search field to filter for repositories that contain a specific keyword such as "terraform". The Sort by dropdown enables you to sort repositories by:
- Most Violations
- Most Recent Scan
Click the reverse sort icon 
to further specify the sort by ascending/descending order.
Repository Assessment Details
Click a repository row in the table to view the assessment details for the repository. The assessment details page includes additional information such as the last commit scanned, when it was scanned, and which branch. You can also view graphs that detail the pass/fail rate, type of compliance violations, and the number of violations by severity.
Use the Contains search field to filter for violations that contain a specific keyword.
Violations and Exceptions
Following the repository assessment details are the violations that the scan returned. By default, the violations are grouped by policy. Click Group by resource to group the violations by resource, for example, violations on ECS clusters.
The violations table can be refreshed or searched, and you can also hide/display columns with the select columns icon.
For each violation, the Console displays the policy name, the number of impacted resources, and the violation severity.
Click a violation row, if grouped by policy, or resource if grouped by resource to expand the row and view the impacted resources or policies as well as where the violation was found. You can also see if Lacework has a fix available for a specific violation.
In the expanded row, click a resource or policy row to open the Violation Detail drawer. The summary tab (default) provides a description, resource name, the linked file the violation was found in, as well as the snippet of the code with the violation.
Violation Detail Drawer
The Violation Detail Drawer includes additional information about the violation found in your organization. The Summary (default) tab describes the violation, the Activity tab details user activity for a violation, the Guidelines tab provides additional information and context for the violation, and the Resolution tab allows you to add an exception and, when possible, create a pull request with a suggested code fix.
Summary
The Summary tab in the violation details drawer provides a quick description of the violation and where it was found in your code. The violation summary directs you to the resource and file where the violation is located and includes a snippet of your code.
Activity
To view activity for a specific violation, such as when an exception was added or removed, click the Activity tab in the Violation Details Drawer.
Guidelines
The Guidelines tab includes an in-depth description of the policy as well as a rationale for why it is important. The remediation guidelines provide instructions on how you may resolve a violation for a specific policy.
Some policy violations may have additional guidelines such as impact, references, notes, and instructions to audit a specific element of the policy such as nodes. You may also find information about compliance measures such as CIS and HIPAA that relate to the specific policy.
Resolution
In the violations table, click Resolve to go to the Resolution tab of the Violations Detail Drawer. For any given policy violation, you can add an exception to the violation within the repository. If the fix available column displays Yes, click Resolve to view Lacework's suggested fix for the violation.
Add Exception
In the Resolution tab of the Violations detail drawer, select Add exception to add an exception to the violation to prevent Lacework from alerting on this violation for the selected repository. You must provide a reason for creating an exception. Then click Add exception to save the exception.
Fix Issue
This option is only visible for violations with a fix available.
If Lacework has a suggested fix for the violation, you can click Fix issue in the Resolution tab to allow Lacework to create a Pull Request with the fix. To view the proposed changes,
View Branches
In the main repository table, or in the assessment details, click View branches to view assessments for your selected repository grouped by branch. In the Branch details, click View assessment to access an assessment from a previous commit.
Pipelines
The Pipelines tab on the assessments page lists your integrated CI/CD pipelines. Click the Open in new window icon to go to the CI/CD Pipeline.
Click the refresh icon to refresh the data in the table. Use the Contains search field to filter for CI/CD integrations that contain a specific keyword such as "terraform". The Sort by dropdown enables you to sort repositories by:
- Most Recent Scan
Click the reverse sort icon to further specify the sort by ascending/descending order.
To view assessed builds for a specific pipeline, click the table row of your desired pipeline to open the Builds view.
Builds View
The Builds view lists the most recent pipeline builds along with their date and time, number of violations, and a breakdown chart of the violations by severity.
If the build's details are not visible, click the build to expand the row.
Click View assessment for assessment results, such as the specific violations found in Lacework's assessment of your pipeline.
Pipeline Assessment Details
The Assessments page for a pipeline is almost identical to a repository's assessment details. Instead of View branches, the click View runs to open the Builds view.
