Lacework
+
Buildkite

Protect your software supply chain by integrating Lacework's security scanning into your Buildkite CI/CD pipelines.

Start accelerating secure software delivery with Lacework and Buildkite.

GitHub IconView Lacework plugin

Lacework is a comprehensive multi-cloud security platform designed to automate threat detection and risk identification from development to runtime. It empowers teams to treat security as a team sport and enables them to be more efficient in detecting and prioritizing findings without slowing down innovation.

Partnering with Buildkite, Lacework enhances continuous integration and deployment (CI/CD) pipelines by embedding security directly into the software development process—from the beginning. This combination allows teams to identify and mitigate vulnerabilities, misconfigurations, and weaknesses in code prior to being deployed without sacrificing development speed. Findings during the build are shared in the Lacework platform and pipeline, making it easy for all teams to be involved.

You add Lacework to your CI/CD pipelines in Buildkite using the Lacework plugin. The plugin supports:

  • Software composition analysis (SCA)
  • Scanning infrastructure as code (IaC)
  • Scanning containers
  • Running static application security testing (SAST)

Software composition analysis

SCA provides a comprehensive inventory of all code components within your applications. It identifies known vulnerabilities and licenses associated with open-source and third-party libraries. This allows you to evaluate risk exposure and remediate issues before they can be exploited.

Lacework's SCA capability helps you:

  • Identify all third-party code dependencies.
  • Automatically prioritize and remediate associated vulnerabilities.
  • Detect risk and non-compliance associated with open-source licenses.

You also get a comprehensive view of your software supply chain through the generated software bill of materials (SBOM).

Scan infrastructure as code

While infrastructure-as-code (IaC) has been a game-changer for automating deployments at scale, it's also opened up a new frontier for potential security issues. If there is one little misconfiguration in your IaC templates, you might inadvertently leave your cloud assets more exposed.

Lacework solves that problem with its IaC security scanning capabilities. By integrating its scanners directly into your Buildkite pipelines, you can automatically audit your IaC files for misconfigurations and compliance issues before they manifest in your live cloud environments.

Scan containers

Lacework's container scanning helps you find and address vulnerabilities before they reach production. It cross-references your container images against a massive database of known CVEs and best-practice security policies, flags any issues, and provides prioritized remediation advice based on the severity of the risk.

Run static application security testing

Static Application Security Testing (SAST) scans your source code or compiled binaries to find any potential security flaws before they make it into the wild. With Lacework SAST, you get:

  • Detection of most OWASP vulnerabilities.
  • Smart prioritization of findings based on risk severity and exploit likelihood.
  • Fast scans that can process millions of lines of code in minutes.

Sign up for free, and start liking CI/CD again

Every new signup gets a free 30-day trial of the Pro plan