Skip to main content

GitLab Pipeline

Beta feature

CI/CD support for GitLab Pipelines is currently in beta for select Lacework customers. Contact your Lacework Representative for more information.

Lacework IaC Security now integrates with CI/CD providers. For more information, go to the updated IaC Support Matrix.

Integrate a GitLab CI/CD Pipeline

Before you can integrate a GitLab CI/CD pipeline, you must collect your Lacework account name, LW_API_KEY and LW_API_SECRET. To view this information:

  1. Log in to the Lacework Console.
  2. Click Settings > API keys.
  3. Select or create an API key that is enabled for IaC Security.
  4. Click the download icon.
  5. Open the downloaded .json file to view your API Key, API Secret, and account name.

Then you must configure the API Key, API Secret, and account name in your GitLab project or group:

  1. Go to your group or project then Settings > CI/CD and expand the Variables section.
  2. Click Add variable for each variable (LW_ACCOUNT, LW_API_KEY, and LW_API_SECRET) and fill in the following fields:
    • Key: LW_ACCOUNT, LW_API_KEY or LW_API_SECRET.
    • Value: Enter the value you retrieved from the .json file for each variable.

For example, Key: LW_ACCOUNT Value: <account>.lacework.net.

Then configure a GitLab Pipeline similar to the following example:

Example GitLab Pipeline

stages:          # List of stages for jobs, and their order of execution
  - build
  - test

variables:
  LW_ACCOUNT: $LW_ACCOUNT
  LW_API_KEY: $LW_API_KEY
  LW_API_SECRET: $LW_API_SECRET

build-job:
  stage: build # This job runs in the build stage.
  script:
    - echo "Building..."
    - sleep 5 # We're demo'ing IaC scanning, nothing to build

iac-test-job:   # This job runs in the test stage.
  stage: test    # It only starts when the job in the build stage completes successfully.
  image: docker:latest
  services:
    - docker:dind
  script:
    - echo "Running Lacework IaC checks."
    - env | grep "GITLAB_\|LW_\|CI_" > env.list
    - echo "SCAN_COMMAND=tf-scan" >> env.list
    - echo "SCAN_DIR=terraform" >> env.list
    - echo "WORKSPACE=src" >> env.list
    - echo "EXIT_FLAG=High=2" >> env.list
    - docker run --env-file env.list -v "$(pwd):/app/src" lacework/codesec-iac:latest

Available Commands

For available commands, refer to CI/CD Usage.