Skip to main content

Get Started with IaC Security

To get started with Lacework IaC Security, connect the iacbot to your git provider.

Get Started with GitHub

Prerequisites

To install iacbot, you need admin-level access to all the repositories you plan to integrate. You can select some or all of the repositories for monitoring. You can also install iacbot directly from the GitHub marketplace.

Ensure that the GitHub iacbot application is installed for each organization. To verify this, go to the GitHub iacbot App and make sure that the app is correctly installed.

Permissions

To ensure you have the correct permissions and authorization needed to configure the iacbot, go to the GitHub Application Settings.

Under the "Authorized OAuth Apps" tab, select "Lacework IaC Security" and verify that the GitHub organization is granted access.

Grant OAuth permissions

Click Grant next to your Organization (as shown above). After you have done that, you will need to sign out and sign back in to Lacework IaC Security.

Configure the iacbot with GitHub

  1. Go to the Lacework IaC Security page.

  2. Select GitHub as your provider.

  3. Go to https://github.com/apps/iacbot and click Configure.

    Install iacbot

  4. Select the Organization for which you want to install the iacbot.

    Where do you want to install iacbot

    1. Ensure you have assigned each organization the correct permissions.
  5. Review and authorize iacbot for a selected few or all repositories.

    Install and authorize iacbot

  6. Accept the Terms of Service.

At this point, iacbot is analyzing your repos. It looks for Terraform, CloudFormation, Kubernetes, and other IaC Languages (see Language Support for details). When it finds IaC source code, it initiates a static analysis of your code.

As soon as the first assessment is complete, you should see this message:

You successfully imported your GitHub repositories into Lacework IaC Security

Get Started with GitLab

Prerequisites

To install iacbot, you need a service account with an Owner or Maintainer role and the scopes api, read_repository, openid, read_user and email.

Configure the iacbot with GitLab

  1. Go to the Lacework IaC Security page.

  2. Select GitLab as your provider.

  3. Log in to GitLab.

    GitLab login

  4. Accept the Terms of Service.

  5. Each Group in GitLab corresponds to an organization in Lacework IaC. Select a group from the dropdown to change which organization is being integrated.

    Connect GitLab

  6. Create the Service Account token with the required roles and scopes mentioned in the prerequisites for the GitLab group which you want us to scan. Configure the service account access token and click CONNECT GITLAB.

    Connect GitLab

At this point, iacbot is analyzing your repos. It looks for Terraform, CloudFormation, Kubernetes and other IaC Languages (see Language Support for details). When it finds IaC source code, it initiates a static analysis of your code.

As soon as the first assessment is complete, you should see the following message:

You successfully imported your GitLab repositories into Lacework IaC Security

note

If you require an IaC Security integration with on-premise tools (for example, GitLab or GitHub), contact your Lacework representative.

Get Started with Bitbucket

Prerequisites

To install iacbot, you need admin-level access to all of your integrated organization's repositories.

Configure iacbot with Bitbucket

  1. Go to the Lacework IaC Security page.

  2. Select Bitbucket as your provider and continue.

  3. Log in to Bitbucket.

    Bitbucket login

  4. Confirm iacbot access to your Bitbucket account.

    Confirm IaCBot with Bitbucket access

  5. Select the workspace to install the Lacework IaC Security app.

    Lacework IaC Security app installation

  6. Accept the Terms of Service.

    Lacework IaC ToS Page

  7. Connect your Bitbucket account with Lacework IaC.

    Connect Bitbucket

At this point, iacbot is analyzing your repos. It looks for Terraform, CloudFormation, Kubernetes and other IaC Languages (see Language Support for details). When it finds IaC source code, it initiates a static analysis of your code.

As soon as the first assessment is complete, you should see this message:

You successfully imported your Bitbucket repositories into Lacework IaC Security