This script enriches Checkmarx Cloud Insights with Sysdig detections.
Please note that it is limited to Kubernetes deployments for now.
- Download the file
lambda_function.pycontaining the Lambda code for the integration. - Navigate to the AWS Lambda Console.
- Click on Create function.
- Fill in the function details:
- Function name: (Give your function a name)
- Runtime: Select Python 3.12 from the dropdown.
- Click Create function > Code section.
- Paste the code directly into the editor (Aternatively you can zip the
lambda_function.pyfile and upload as zip). - Once uploaded or pasted, click Deploy.
- From your Lambda function’s details page, click on the Configuration tab.
- Select Environment variables > Edit.
- Add the required key-value pairs (environment variables).
sysdig_token="<SYSDIG_TOKEN>"
sysdig_url="<SYSDIG_URL>"
checkmarx_url="<CHECKMARX_URL>"
checkmarx_tenant="<CHECKMARX_TENANT>"
checkmarx_token="<CHECKMARX_TOKEN>"
checkmarx_extid="<CHECKMARX_EXTID>"- Once done, click Save.
- In the Lambda console, go to your function’s Configuration tab.
- Select Triggers on the left menu > Add trigger.
- In the Select a source dropdown, choose EventBridge (CloudWatch Events).
- Select Create a new rule > Rule type: Scheduled expression.
- Use the following cron expression to schedule the function daily at midnight:
(If you prefer, you can also use a rate expression such as
cron(0 0 * * ? *)
rate(1 day) - Click Add to save the trigger.
- Trigger it manually if you want to validate the integration and review CloudWatch logs.
- You can set CloudWatch alarms to monitor that your Lambda function schedule is working properly.
-
Set env vars (read above).
-
python-lambda-local -t 15 -f lambda_handler lambda_function.py