Integrations

Fits into your stack.
Not the other way around.

codelake connects with the tools your team already uses. From git providers and CI/CD pipelines to notification channels and compliance platforms — security becomes part of your workflow, not a separate one.

Set up in minutes. No agents to install. No infrastructure to manage. Just connect your repositories and let codelake do the rest.

Start free — no credit card View API docs

Source Code

Every major git provider. Native integration.

Connect your repositories with a single click. codelake uses native app integrations for the deepest possible access — automatic scanning on push, pull request comments, and branch-level insights.

code

GitHub

Native App

First-class GitHub App integration with OAuth authentication and webhook-driven scanning. Automatic PR comments with findings, status checks, and branch protection integration.

  • GitHub App + OAuth authentication
  • Webhook-triggered scans on push
  • PR comments with inline findings
  • Status checks & branch protection
  • GitHub Enterprise Server support
code

GitLab

Native

Native GitLab integration with OAuth-based access. Merge request annotations, pipeline integration, and support for both GitLab.com and self-managed instances.

  • OAuth authentication
  • Merge request annotations
  • Pipeline status integration
  • Group & project-level access
  • Self-managed instance support
code

Bitbucket

Native

Full Bitbucket Cloud and Server integration. Automatic scanning on pull request creation and updates, with build status reporting and workspace-level management.

  • OAuth 2.0 authentication
  • Pull request comments
  • Build status reporting
  • Workspace-level management
  • Bitbucket Server support
cloud

Azure DevOps

Native

Full Azure DevOps integration with Azure AD authentication. Supports Azure Repos, pull request annotations, and pipeline integration within your Azure ecosystem.

  • Azure AD / Entra authentication
  • Azure Repos support
  • Pull request annotations
  • Pipeline task integration
  • Organization-level policies
dns

Self-Hosted Git

Enterprise

Connect any self-hosted git server using SSH keys or personal access tokens. Supports Gitea, Gogs, and standard git servers with webhook-based scanning triggers.

  • SSH key authentication
  • Personal access tokens
  • Webhook-based scan triggers
  • Gitea & Gogs support
  • On-premise deployment option
add_circle

More coming soon

We're always adding new git providers. Request yours on our roadmap.

CI/CD Pipelines

Security scanning in every pipeline run.

Add codelake to your CI/CD pipeline with a single line. Scans run automatically on every push, with configurable quality gates that can block merges when critical issues are found.

play_circle

GitHub Actions

Official codelake Action available on the GitHub Marketplace. Add to your workflow YAML in seconds. Supports all scan types with configurable severity thresholds.

play_circle

GitLab CI

Native GitLab CI template with SAST artifact integration. Include as a CI template or add the codelake stage directly to your .gitlab-ci.yml file.

play_circle

Bitbucket Pipelines

Bitbucket Pipe for effortless integration. Just add the pipe reference to your bitbucket-pipelines.yml and configure your API token as a secure variable.

play_circle

Azure Pipelines

Azure DevOps extension with native task integration. Works with both YAML and classic pipelines. Results flow directly into Azure Boards.

play_circle

Jenkins

Jenkins plugin with Jenkinsfile DSL support. Configure quality gates, scan types, and reporting directly in your pipeline definition or Jenkins UI.

.github/workflows/security.yml

# GitHub Actions example

name:

Security Scan

on:

[push, pull_request]

 

jobs:

  scan:

    runs-on:

ubuntu-latest

    steps:

      - uses:

actions/checkout@v4

 

      - uses:

codelake/scan-action@v1

        with:

          token:

${{ secrets.CODELAKE_TOKEN }}

          fail-on:

critical,high

          scan-types:

sast,sca,secrets

Three lines. That's all it takes.

Notifications

Get alerted where your team already works.

Route security findings to the right channel based on severity. Critical findings go to PagerDuty and on-call. High findings post to Slack. Weekly digests arrive via email. You control the rules.

tag

Slack

Real-time notifications in your Slack channels. Rich message formatting with severity badges, finding details, and direct links to triage.

  • Channel routing by severity
  • Thread-based discussions
  • Slash commands
groups

Microsoft Teams

Adaptive Card notifications in Teams channels. Interactive cards let team members triage findings directly from the notification.

  • Adaptive Card formatting
  • Interactive triage buttons
  • Team-level routing
notifications_active

PagerDuty

Trigger PagerDuty incidents for critical findings. Automatic escalation policies ensure the right on-call engineer is notified immediately.

  • Incident creation
  • Severity-based routing
  • Auto-resolve on fix
email

Email

Configurable email digests and instant alerts. Weekly security summaries for leadership, instant alerts for critical findings to security teams.

  • Instant critical alerts
  • Weekly/daily digests
  • Per-user preferences

Compliance & Issue Tracking

Close the loop from detection to resolution.

Push findings directly into your issue tracker and sync compliance evidence automatically with your GRC platform. No more manual copy-paste between tools.

task_alt

Jira

Create Jira issues directly from findings. codelake maps severity to priority, adds reproduction steps, links related findings, and tracks resolution status bidirectionally.

  • One-click issue creation
  • Severity-to-priority mapping
  • Bidirectional status sync
  • Custom field mapping
  • Bulk issue creation
verified

Vanta

Automatically push compliance evidence to Vanta. codelake maps scan results and policy data to Vanta controls, keeping your compliance posture up-to-date in real time.

  • Automatic evidence collection
  • Control mapping (SOC 2, ISO 27001)
  • Real-time status sync
  • Test evidence upload
  • Audit-ready exports
shield

Drata

Sync compliance evidence directly to Drata. codelake acts as a connected data source, automatically providing vulnerability management evidence for your compliance program.

  • Connected data source
  • Vulnerability management evidence
  • Framework-specific mapping
  • Continuous monitoring
  • Automated test results

Custom Integrations

Build anything with webhooks.

For everything else, codelake provides a powerful webhook system. Subscribe to any event — new findings, scan completions, status changes, compliance updates — and receive real-time HTTP callbacks to your own systems.

  • Subscribe to 30+ event types
  • HMAC-SHA256 signature verification
  • Automatic retries with exponential backoff
  • Delivery logs and replay capability
  • Filter by severity, project, or scan type
Explore webhook API docs arrow_forward
webhook payload 
{
  "event": "finding.created",
  "severity": "critical",
  "finding": {
    "id": "f8c2e1a9-...",
    "title": "SQL Injection via user input",
    "file": "src/api/users.ts",
    "line": 42,
    "narrative": "User input flows..."
  },
  "project": "acme/web-app",
  "scan_id": "b4a7d3f1-..."
}

Ready to connect codelake with your stack?

Set up integrations in minutes. Start scanning your repositories today with the tools you already use.

Start free — no credit card Talk to sales