Skip to main content

IaC Security FAQs

Pull Requests

How do I control when pull request status checks pass or fail?

Pull request status checks will fail when all of the following are true:

  1. One or more CRITICAL or HIGH findings are found in the pull request. This can be configured. See below.
  2. The findings in the head branch of the pull request differ from the findings in the base branch.

The logic behind (1) is that you probably don't care about MEDIUM and LOW severity findings enough to block the pull request.

The logic behind (2) is that if the pull request is not altering the security posture of your code, there is not a reason to fail the pull request status check. For example, if the PR is a change to a README, there is no reason to fail the PR status check.

How do I control the pull request status check thresholds?

Place a file .lacework/config.yml in your repository.

In it, add the following:

critical: 0
high: 0
medium: 999
low: 999

You can adjust these default values to suit your needs.

When are pull request comments added?

Pull request comments are added when both of the following are true:

  1. There is a change in findings between the feature and base branch. If the pull request didn't alter the findings, there will be no comment added.
  2. The pull request commit status check was set to failed. By default, PR status checks will be set to failed status if there are one or more critical or high findings.

We are trying to minimize to total amount of noise from pull request comments. It is very helpful to have them, but can be quite irritating if there are too many.

Pull request comments can be disabled entirely.

How do I enable/disable pull request comments?

In your repo, add a file .lacework/config.yml. Inside that file set pr_comments_enabled to false:

pr_comments_enabled: false

This will disable pull request comments for this repo.

Git Providers

Do you support GitLab?

Yes. You can run iacbot with by going to

Do you support BitBucket?

Yes. You can run iacbot with by going to


Organization Not Visible

If you don't see your GitHub org in the upper right of the iacbot dashboard, you may not have the GitHub app installed in the GitHub org.

To verify this, go to:

And make sure that the app is correctly installed.

If this still does not correct the problem, you may need to go here:

Under the "Authorized OAuth Apps" tab, select "Lacework IaC Security" and verify that the GitHub organization to which you should have access is granted access.

After you have done that, you will need to sign out and sign back in to Lacework IaC Security.