How do I control when pull request status checks pass or fail?
Pull request status checks will fail when all of the following are true:
- One or more
HIGHfindings are found in the pull request. This can be configured. See below.
- The findings in the head branch of the pull request differ from the findings in the base branch.
The logic behind (1) is that you probably don't care about
LOW severity findings enough to block the pull request.
The logic behind (2) is that if the pull request is not altering the security posture of your code, there is not a reason to fail the pull request status check. For example, if the PR is a change to a README, there is no reason to fail the PR status check.
How do I control the pull request status check thresholds?
Create a file called
.lacework/config.yml in your repository.
In it, add the following:
You can adjust these default values to suit your needs.
When are pull request comments added?
Pull request comments are added when both of the following are true:
- There is a change in findings between the feature and base branch. If the pull request didn't alter the findings, there will be no comment added.
- The pull request commit status check was set to failed. By default, PR status checks will be set to failed if there are one or more
We are trying to minimize to total amount of noise from pull request comments. It is very helpful to have them, but can be quite irritating if there are too many.
Pull request comments can be disabled entirely.
How do I enable/disable pull request comments?
In your repository, add a file
.lacework/config.yml. Inside that file, set
This will disable pull request comments for this repo.
Do you support GitLab?
Yes. You can run iacbot with gitlab.com by integrating the iacbot through Soluble.
Do you support Bitbucket?
Yes. You can run iacbot with Bitbucket.org by integrating the iacbot through Soluble.
Organization Not Visible
If you don't see your GitHub organization in the upper right of the iacbot dashboard, you may not have the GitHub app installed in the GitHub org.
To verify this, go to the GitHub iacbot App
And make sure that the app is correctly installed.
If this still does not correct the problem, you may need to go to the GitHub Application Settings.
Under the "Authorized OAuth Apps" tab, select "Lacework IaC Security" and verify that the GitHub organization is granted access.
Click Grant next to your Organization(as shown above). After you have done that, you will need to sign out and sign back in to Lacework IaC Security.