--- title: Analyze code description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Security Monitoring --- # Analyze code{% #analyze-code %} Copy pageCopied {% tab title="v2" %} **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). | Datadog site | API endpoint | | ----------------- | ---------------------------------------------------------------------------------------- | | ap1.datadoghq.com | POST https://api.ap1.datadoghq.com/api/v2/static-analysis/static-analysis-server/analyze | | ap2.datadoghq.com | POST https://api.ap2.datadoghq.com/api/v2/static-analysis/static-analysis-server/analyze | | app.datadoghq.eu | POST https://api.datadoghq.eu/api/v2/static-analysis/static-analysis-server/analyze | | app.ddog-gov.com | POST https://api.ddog-gov.com/api/v2/static-analysis/static-analysis-server/analyze | | us2.ddog-gov.com | POST https://api.us2.ddog-gov.com/api/v2/static-analysis/static-analysis-server/analyze | | app.datadoghq.com | POST https://api.datadoghq.com/api/v2/static-analysis/static-analysis-server/analyze | | us3.datadoghq.com | POST https://api.us3.datadoghq.com/api/v2/static-analysis/static-analysis-server/analyze | | us5.datadoghq.com | POST https://api.us5.datadoghq.com/api/v2/static-analysis/static-analysis-server/analyze | ### Overview Run static analysis rules against a source code file and return violations found. OAuth apps require the `code_analysis_read` authorization [scope](https://docs.datadoghq.com/api/latest/scopes.md#security-monitoring) to access this endpoint. ### Request #### Body Data (required) {% tab title="Model" %} | Parent field | Field | Type | Description | | ------------ | ----------------------------------- | -------- | -------------------------------------------------------------------------------------- | | | data [*required*] | object | The primary data object in the analysis request. | | data | attributes [*required*] | object | The attributes of the analysis request, containing the source code and rules to apply. | | attributes | code [*required*] | string | The base64-encoded source code to analyze. | | attributes | file_encoding [*required*] | string | The encoding of the source code file (must be `utf-8`). | | attributes | filename [*required*] | string | The name of the file being analyzed. | | attributes | language [*required*] | string | The programming language of the source code. | | attributes | rules [*required*] | [object] | The list of static analysis rules to apply during analysis. | | rules | category [*required*] | string | The category of the rule (for example, `BEST_PRACTICES`, `SECURITY`). | | rules | checksum [*required*] | string | A checksum of the rule definition. | | rules | code [*required*] | string | The base64-encoded rule implementation code. | | rules | entity_checked | string | The code entity type checked by the rule, applicable when rule type is `AST_CHECK`. | | rules | id [*required*] | string | The unique identifier of the rule. | | rules | language [*required*] | string | The programming language this rule targets. | | rules | regex | string | A base64-encoded regex pattern used by the rule, applicable when rule type is `REGEX`. | | rules | severity [*required*] | string | The severity of findings from this rule (for example, `ERROR`, `WARNING`). | | rules | tree_sitter_query [*required*] | string | The base64-encoded tree-sitter query used by the rule. | | rules | type [*required*] | string | The rule type indicating the detection mechanism (for example, `TREE_SITTER_QUERY`). | | data | id | string | An optional identifier for the analysis request resource. | | data | type [*required*] | enum | Analysis request resource type. Allowed enum values: `analysis_request` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "code": "aW1wb3J0IHN5cw==", "file_encoding": "utf-8", "filename": "test.py", "language": "python", "rules": [ { "category": "BEST_PRACTICES", "checksum": "abc123def456", "code": "ZnVuY3Rpb24gdmlzaXQobm9kZSkge30=", "entity_checked": "string", "id": "python-best-practices/no-exit", "language": "python", "regex": "string", "severity": "WARNING", "tree_sitter_query": "KGNhbGwgbmFtZTogKGF0dHJpYnV0ZSkpQHZhbA==", "type": "TREE_SITTER_QUERY" } ] }, "id": "string", "type": "analysis_request" } } ``` {% /tab %} ### Response {% tab title="200" %} OK {% tab title="Model" %} The response payload from running static analysis on source code. | Parent field | Field | Type | Description | | -------------- | ----------------------------------- | -------- | ------------------------------------------------------------------------------------------------ | | | data [*required*] | object | The primary data object in the analysis response. | | data | attributes [*required*] | object | The attributes of the analysis response, containing rule results and any top-level errors. | | attributes | errors [*required*] | [string] | Top-level error messages encountered during the analysis operation. | | attributes | rule_responses [*required*] | [object] | The list of results for each static analysis rule applied during analysis. | | rule_responses | errors [*required*] | [string] | A list of error messages encountered while executing the rule. | | rule_responses | execution_error [*required*] | string | An error message if the rule execution failed, or null if execution succeeded. | | rule_responses | execution_time_ms [*required*] | int64 | The time taken to execute the rule, in milliseconds. | | rule_responses | identifier [*required*] | string | The identifier of the rule that produced this response. | | rule_responses | output [*required*] | string | The raw output produced by the rule engine during execution. | | rule_responses | violations [*required*] | [object] | The list of violations found by this rule. | | violations | category [*required*] | string | The category of the violation. | | violations | end [*required*] | object | A position in source code, identified by line and column numbers. | | end | col [*required*] | int64 | The column number in the source file (1-based). | | end | line [*required*] | int64 | The line number in the source file (1-based). | | violations | fixes [*required*] | [object] | The list of suggested fixes for this violation. | | fixes | description [*required*] | string | A human-readable description of what the fix does. | | fixes | edits [*required*] | [object] | The list of edit operations that constitute the fix. | | edits | content [*required*] | string | The content to insert or replace at the specified position, if applicable. | | edits | edit_type [*required*] | enum | The type of code edit to apply when fixing a violation. Allowed enum values: `ADD,UPDATE,REMOVE` | | edits | end [*required*] | object | The end position of the edit, or null for pure insertions. | | end | col [*required*] | int64 | The column number in the source file (1-based). | | end | line [*required*] | int64 | The line number in the source file (1-based). | | edits | start [*required*] | object | A position in source code, identified by line and column numbers. | | start | col [*required*] | int64 | The column number in the source file (1-based). | | start | line [*required*] | int64 | The line number in the source file (1-based). | | violations | message [*required*] | string | A human-readable description of the violation. | | violations | severity [*required*] | string | The severity level of the violation. | | violations | start [*required*] | object | A position in source code, identified by line and column numbers. | | start | col [*required*] | int64 | The column number in the source file (1-based). | | start | line [*required*] | int64 | The line number in the source file (1-based). | | data | id [*required*] | string | The unique identifier of the analysis response resource. | | data | type [*required*] | enum | Analysis response resource type. Allowed enum values: `server_request` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "errors": [ [] ], "rule_responses": [ { "errors": [ [] ], "execution_error": null, "execution_time_ms": 42, "identifier": "python-best-practices/no-exit", "output": "", "violations": [ { "category": "BEST_PRACTICES", "end": { "col": 5, "line": 10 }, "fixes": [ { "description": "Replace with a safe alternative.", "edits": [ { "content": "safe_alternative()", "edit_type": "ADD", "end": { "col": 5, "line": 10 }, "start": { "col": 5, "line": 10 } } ] } ], "message": "Use of sys.exit() is discouraged.", "severity": "WARNING", "start": { "col": 5, "line": 10 } } ] } ] }, "id": "abc-123", "type": "server_request" } } ``` {% /tab %} {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} API error response. | Parent field | Field | Type | Description | | ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- | | | errors [*required*] | [object] | A list of errors. | | errors | detail | string | A human-readable explanation specific to this occurrence of the error. | | errors | meta | object | Non-standard meta-information about the error | | errors | source | object | References to the source of the error. | | source | header | string | A string indicating the name of a single request header which caused the error. | | source | parameter | string | A string indicating which URI query parameter caused the error. | | source | pointer | string | A JSON pointer to the value in the request document that caused the error. | | errors | status | string | Status code of the response. | | errors | title | string | Short human-readable summary of the error. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ { "detail": "Missing required attribute in body", "meta": {}, "source": { "header": "Authorization", "parameter": "limit", "pointer": "/data/attributes/title" }, "status": "400", "title": "Bad Request" } ] } ``` {% /tab %} {% /tab %} {% tab title="401" %} Unauthorized {% tab title="Model" %} API error response. | Parent field | Field | Type | Description | | ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- | | | errors [*required*] | [object] | A list of errors. | | errors | detail | string | A human-readable explanation specific to this occurrence of the error. | | errors | meta | object | Non-standard meta-information about the error | | errors | source | object | References to the source of the error. | | source | header | string | A string indicating the name of a single request header which caused the error. | | source | parameter | string | A string indicating which URI query parameter caused the error. | | source | pointer | string | A JSON pointer to the value in the request document that caused the error. | | errors | status | string | Status code of the response. | | errors | title | string | Short human-readable summary of the error. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ { "detail": "Missing required attribute in body", "meta": {}, "source": { "header": "Authorization", "parameter": "limit", "pointer": "/data/attributes/title" }, "status": "400", "title": "Bad Request" } ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \## default # \# Curl command curl -X POST "https://api.datadoghq.com/api/v2/static-analysis/static-analysis-server/analyze" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "code": "aW1wb3J0IHN5cw==", "file_encoding": "utf-8", "filename": "test.py", "language": "python", "rules": [] }, "type": "analysis_request" } } EOF {% /tab %}