Note : This endpoint is in preview and is subject to change.
If you have any feedback, contact Datadog support .
POST https://api.ap1.datadoghq.com/api/v2/static-analysis/static-analysis-server/analyze https://api.ap2.datadoghq.com/api/v2/static-analysis/static-analysis-server/analyze https://api.datadoghq.eu/api/v2/static-analysis/static-analysis-server/analyze https://api.ddog-gov.com/api/v2/static-analysis/static-analysis-server/analyze https://api.us2.ddog-gov.com/api/v2/static-analysis/static-analysis-server/analyze https://api.datadoghq.com/api/v2/static-analysis/static-analysis-server/analyze https://api.us3.datadoghq.com/api/v2/static-analysis/static-analysis-server/analyze https://api.us5.datadoghq.com/api/v2/static-analysis/static-analysis-server/analyze
Overview Run static analysis rules against a source code file and return violations found.
OAuth apps require the code_analysis_read authorization scope to access this endpoint.
Request Body Data (required)
Expand All
The primary data object in the analysis request.
The attributes of the analysis request, containing the source code and rules to apply.
The base64-encoded source code to analyze.
The encoding of the source code file (must be utf-8).
The name of the file being analyzed.
The programming language of the source code.
The list of static analysis rules to apply during analysis.
The category of the rule (for example, BEST_PRACTICES, SECURITY).
A checksum of the rule definition.
The base64-encoded rule implementation code.
The code entity type checked by the rule, applicable when rule type is AST_CHECK.
The unique identifier of the rule.
The programming language this rule targets.
A base64-encoded regex pattern used by the rule, applicable when rule type is REGEX.
The severity of findings from this rule (for example, ERROR, WARNING).
tree_sitter_query [required ]
The base64-encoded tree-sitter query used by the rule.
The rule type indicating the detection mechanism (for example, TREE_SITTER_QUERY).
An optional identifier for the analysis request resource.
Analysis request resource type.
Allowed enum values: analysis_request
default: analysis_request
{
"data" : {
"attributes" : {
"code" : "aW1wb3J0IHN5cw==" ,
"file_encoding" : "utf-8" ,
"filename" : "test.py" ,
"language" : "python" ,
"rules" : [
{
"category" : "BEST_PRACTICES" ,
"checksum" : "abc123def456" ,
"code" : "ZnVuY3Rpb24gdmlzaXQobm9kZSkge30=" ,
"entity_checked" : "string" ,
"id" : "python-best-practices/no-exit" ,
"language" : "python" ,
"regex" : "string" ,
"severity" : "WARNING" ,
"tree_sitter_query" : "KGNhbGwgbmFtZTogKGF0dHJpYnV0ZSkpQHZhbA==" ,
"type" : "TREE_SITTER_QUERY"
}
]
},
"id" : "string" ,
"type" : "analysis_request"
}
} Response OK
The response payload from running static analysis on source code.
Expand All
The primary data object in the analysis response.
The attributes of the analysis response, containing rule results and any top-level errors.
Top-level error messages encountered during the analysis operation.
required ]
The list of results for each static analysis rule applied during analysis.
A list of error messages encountered while executing the rule.
execution_error [required ]
An error message if the rule execution failed, or null if execution succeeded.
execution_time_ms [required ]
The time taken to execute the rule, in milliseconds.
The identifier of the rule that produced this response.
The raw output produced by the rule engine during execution.
The list of violations found by this rule.
The category of the violation.
A position in source code, identified by line and column numbers.
The column number in the source file (1-based).
The line number in the source file (1-based).
The list of suggested fixes for this violation.
A human-readable description of what the fix does.
The list of edit operations that constitute the fix.
The content to insert or replace at the specified position, if applicable.
The type of code edit to apply when fixing a violation.
Allowed enum values: ADD,UPDATE,REMOVE
default: ADD
The end position of the edit, or null for pure insertions.
The column number in the source file (1-based).
The line number in the source file (1-based).
A position in source code, identified by line and column numbers.
The column number in the source file (1-based).
The line number in the source file (1-based).
A human-readable description of the violation.
The severity level of the violation.
A position in source code, identified by line and column numbers.
The column number in the source file (1-based).
The line number in the source file (1-based).
The unique identifier of the analysis response resource.
Analysis response resource type.
Allowed enum values: server_request
default: server_request
{
"data" : {
"attributes" : {
"errors" : [
[]
],
"rule_responses" : [
{
"errors" : [
[]
],
"execution_error" : null ,
"execution_time_ms" : 42 ,
"identifier" : "python-best-practices/no-exit" ,
"output" : "" ,
"violations" : [
{
"category" : "BEST_PRACTICES" ,
"end" : {
"col" : 5 ,
"line" : 10
},
"fixes" : [
{
"description" : "Replace with a safe alternative." ,
"edits" : [
{
"content" : "safe_alternative()" ,
"edit_type" : "ADD" ,
"end" : {
"col" : 5 ,
"line" : 10
},
"start" : {
"col" : 5 ,
"line" : 10
}
}
]
}
],
"message" : "Use of sys.exit() is discouraged." ,
"severity" : "WARNING" ,
"start" : {
"col" : 5 ,
"line" : 10
}
}
]
}
]
},
"id" : "abc-123" ,
"type" : "server_request"
}
} Bad Request
API error response.
Expand All
A human-readable explanation specific to this occurrence of the error.
Non-standard meta-information about the error
References to the source of the error.
A string indicating the name of a single request header which caused the error.
A string indicating which URI query parameter caused the error.
A JSON pointer to the value in the request document that caused the error.
Status code of the response.
Short human-readable summary of the error.
{
"errors" : [
{
"detail" : "Missing required attribute in body" ,
"meta" : {},
"source" : {
"header" : "Authorization" ,
"parameter" : "limit" ,
"pointer" : "/data/attributes/title"
},
"status" : "400" ,
"title" : "Bad Request"
}
]
} Unauthorized
API error response.
Expand All
A human-readable explanation specific to this occurrence of the error.
Non-standard meta-information about the error
References to the source of the error.
A string indicating the name of a single request header which caused the error.
A string indicating which URI query parameter caused the error.
A JSON pointer to the value in the request document that caused the error.
Status code of the response.
Short human-readable summary of the error.
{
"errors" : [
{
"detail" : "Missing required attribute in body" ,
"meta" : {},
"source" : {
"header" : "Authorization" ,
"parameter" : "limit" ,
"pointer" : "/data/attributes/title"
},
"status" : "400" ,
"title" : "Bad Request"
}
]
} Too many requests
{
"errors" : [
"Bad Request"
]
} Code Example Copy
## default
#
# Curl command curl -X POST "https://api.ap1.datadoghq.com "https://api.ap2.datadoghq.com "https://api.datadoghq.eu "https://api.ddog-gov.com "https://api.us2.ddog-gov.com "https://api.datadoghq.com "https://api.us3.datadoghq.com "https://api.us5.datadoghq.com /api/v2/static-analysis/static-analysis-server/analyze " \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY} " \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY} " \
-d @- << EOF
{
"data": {
"attributes": {
"code": "aW1wb3J0IHN5cw==",
"file_encoding": "utf-8",
"filename": "test.py",
"language": "python",
"rules": []
},
"type": "analysis_request"
}
}
EOF
