GitHub Actions

GitHub Actions

Beta feature CI/CD support for GitHub Actions is currently in beta for select Lacework FortiCNAPP customers. Contact your Lacework FortiCNAPP Representative for more information.

Integrate a GitHub Actions CI/CD Pipeline

To integrate a GitHub Actions CI/CD Pipeline, you must first collect your Lacework FortiCNAPP account name, LW_API_KEY and LW_API_SECRET. To view this information:

Log in to the Lacework FortiCNAPP Console.
Click Settings > API keys.
Select or create an API key.
Click the download icon.
Open the downloaded .json file to view your API Key, API Secret, and account name.

In your GitHub repository, configure the API Key, API Secret, and account name:

Go to your GitHub repository > Settings > Security > Secrets & Variables > Actions
Click the Secrets tab.

For each secret (LW_ACCOUNT, LW_API_KEY, and LW_API_SECRET):

Click New repository secret.
In the Name field, enter the name of your variable. For example, LW_ACCOUNT.
In the Secret field, enter the value you retrieved from the .json file for each secret. For example, <account.lacework.net>.
Click Add secret.

Then configure a GitHub Action similar to the following example:

Example GitHub Action

on:

 # Triggers the workflow on push or pull request events but only for the "main" branch

 push:

   branches: [ "main" ]

 pull_request:

   branches: [ "main" ]

 # Allows you to run this workflow manually from the Actions tab

 workflow_dispatch:

permissions:
  contents: read
  pull-requests: write

env:
  LW_ACCOUNT_NAME: ${{ secrets._LW_ACCOUNT_NAME }}
  LW_API_KEY: ${{ secrets.LW_API_KEY }}
  LW_API_SECRET: ${{ secrets.LW_API_SECRET }}

name: Lacework Code Analysis (PR)
jobs:
  run-analysis:
    runs-on: ubuntu-20.04
    name: Run analysis
    strategy:
      matrix:
        target: [new, old]
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
        with:
          fetch-depth: 2
      - name: Checkout old
        if: ${{ matrix.target == 'old' }}
        run: git checkout HEAD^1
      - name: Analyze
        uses: lacework/code-security-action@v1
        with:
          target: ${{ matrix.target }}
          tools: sca 
  display-results:
    runs-on: ubuntu-20.04
    name: Display results
    needs:
      - run-analysis
    steps:
      - name: Results
        id: code-analysis
        uses: lacework/code-security-action@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

Available Commands

For available commands, refer to CI/CD Integrations.

GitHub Actions Host Runner

Lacework FortiCNAPP integrates with your on-premise CI/CD pipelines. Contact your Lacework FortiCNAPP representative for more information.

GitHub Actions

Beta feature CI/CD support for GitHub Actions is currently in beta for select Lacework FortiCNAPP customers. Contact your Lacework FortiCNAPP Representative for more information.

Integrate a GitHub Actions CI/CD Pipeline

To integrate a GitHub Actions CI/CD Pipeline, you must first collect your Lacework FortiCNAPP account name, LW_API_KEY and LW_API_SECRET. To view this information:

Log in to the Lacework FortiCNAPP Console.
Click Settings > API keys.
Select or create an API key.
Click the download icon.
Open the downloaded .json file to view your API Key, API Secret, and account name.

In your GitHub repository, configure the API Key, API Secret, and account name:

Go to your GitHub repository > Settings > Security > Secrets & Variables > Actions
Click the Secrets tab.

For each secret (LW_ACCOUNT, LW_API_KEY, and LW_API_SECRET):

Click New repository secret.
In the Name field, enter the name of your variable. For example, LW_ACCOUNT.
In the Secret field, enter the value you retrieved from the .json file for each secret. For example, <account.lacework.net>.
Click Add secret.

Then configure a GitHub Action similar to the following example:

Example GitHub Action

on:

 # Triggers the workflow on push or pull request events but only for the "main" branch

 push:

   branches: [ "main" ]

 pull_request:

   branches: [ "main" ]

 # Allows you to run this workflow manually from the Actions tab

 workflow_dispatch:

permissions:
  contents: read
  pull-requests: write

env:
  LW_ACCOUNT_NAME: ${{ secrets._LW_ACCOUNT_NAME }}
  LW_API_KEY: ${{ secrets.LW_API_KEY }}
  LW_API_SECRET: ${{ secrets.LW_API_SECRET }}

name: Lacework Code Analysis (PR)
jobs:
  run-analysis:
    runs-on: ubuntu-20.04
    name: Run analysis
    strategy:
      matrix:
        target: [new, old]
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
        with:
          fetch-depth: 2
      - name: Checkout old
        if: ${{ matrix.target == 'old' }}
        run: git checkout HEAD^1
      - name: Analyze
        uses: lacework/code-security-action@v1
        with:
          target: ${{ matrix.target }}
          tools: sca 
  display-results:
    runs-on: ubuntu-20.04
    name: Display results
    needs:
      - run-analysis
    steps:
      - name: Results
        id: code-analysis
        uses: lacework/code-security-action@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

Available Commands

For available commands, refer to CI/CD Integrations.

GitHub Actions Host Runner

Lacework FortiCNAPP integrates with your on-premise CI/CD pipelines. Contact your Lacework FortiCNAPP representative for more information.

Administration Guide

GitHub Actions

Integrate a GitHub Actions CI/CD Pipeline

Example GitHub Action

Available Commands

GitHub Actions Host Runner

GitHub Actions

GitHub Actions

Integrate a GitHub Actions CI/CD Pipeline

Example GitHub Action

Available Commands

GitHub Actions Host Runner