GitHub Actions
Beta feature CI/CD support for GitHub Actions is currently in beta for select Lacework FortiCNAPP customers. Contact your Lacework FortiCNAPP Representative for more information. |
Integrate a GitHub Actions CI/CD Pipeline
To integrate a GitHub Actions CI/CD Pipeline, you must first collect your Lacework FortiCNAPP account name, LW_API_KEY
and LW_API_SECRET
. To view this information:
- Log in to the Lacework FortiCNAPP Console.
- Click Settings > API keys.
- Select or create an API key.
- Click the download icon.
- Open the downloaded .json file to view your API Key, API Secret, and account name.
In your GitHub repository, configure the API Key, API Secret, and account name:
- Go to your GitHub repository > Settings > Security > Secrets & Variables > Actions
- Click the Secrets tab.
For each secret (LW_ACCOUNT
, LW_API_KEY
, and LW_API_SECRET
):
- Click New repository secret.
- In the Name field, enter the name of your variable. For example,
LW_ACCOUNT
. - In the Secret field, enter the value you retrieved from the .json file for each secret. For example,
<account.lacework.net>
. - Click Add secret.
Then configure a GitHub Action similar to the following example:
Example GitHub Action
on:
# Triggers the workflow on push or pull request events but only for the "main" branch
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
permissions:
contents: read
pull-requests: write
env:
LW_ACCOUNT_NAME: ${{ secrets._LW_ACCOUNT_NAME }}
LW_API_KEY: ${{ secrets.LW_API_KEY }}
LW_API_SECRET: ${{ secrets.LW_API_SECRET }}
name: Lacework Code Analysis (PR)
jobs:
run-analysis:
runs-on: ubuntu-20.04
name: Run analysis
strategy:
matrix:
target: [new, old]
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Checkout old
if: ${{ matrix.target == 'old' }}
run: git checkout HEAD^1
- name: Analyze
uses: lacework/code-security-action@v1
with:
target: ${{ matrix.target }}
tools: sca
display-results:
runs-on: ubuntu-20.04
name: Display results
needs:
- run-analysis
steps:
- name: Results
id: code-analysis
uses: lacework/code-security-action@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
Available Commands
For available commands, refer to CI/CD Integrations.
GitHub Actions Host Runner
Lacework FortiCNAPP integrates with your on-premise CI/CD pipelines. Contact your Lacework FortiCNAPP representative for more information.