CodePipeline, CodeBuild CI/CD Integration

With Lacework, you can also discover software vulnerabilities during your software build process. This is done through use of the Lacework inline scanner. The Lacework inline scanner can be integrated with many CI/CD tools including AWS CodePipeline and CodeBuild. You can see AWS CodePipeline and CodeBuild examples in the DevSecOps modules. Similar to the container registry scanning, the inline scanner can detect software vulnerabilities in OS and software packages.The inline scanner is configured in the Container Registries settings menu:

Lacework Integrates AWS ECR

  1. Navigate to Settings > Integrations > Container Registries.
  2. Click + Add New.
  3. Select Inline Scanner and click Next. Lacework Integrates AWS inline scanner
  4. Name the integration and click Next.
  5. Complete any optional settings. Check out CI/CD Policies and click Save. Lacework Integrates AWS inline scanner
  6. Click on the new inline scanner in the list.
  7. This displays a window that provides the inline scanner’s download URL and authorization token. Lacework Integrates AWS inline scanner
  8. Click the Authorization Token’s Copy to clipboard icon. This is the integration’s associated token. You need this to configure the inline scanner.

Examples of how to integrate the inline scanner with the following CI/CD tools are available: