Join the Preview!
Code Analysis is in Preview.
Code Analysis is not available for the site.
Overview
If you don’t use GitHub Actions, you can run the Datadog CLI directly in your CI pipeline platform.
Prerequisites:
Configure the following environment variables:
Name | Description | Required | Default |
---|
DD_API_KEY | Your Datadog API key. This key is created by your Datadog organization and should be stored as a secret. | Yes | |
DD_APP_KEY | Your Datadog application key. This key, created by your Datadog organization, should include the code_analysis_read scope and be stored as a secret. | Yes | |
DD_SITE | The Datadog site to send information to. Your Datadog site is . | No | datadoghq.com |
Provide the following inputs:
Name | Description | Required | Default |
---|
service | The name of the service to tag the results with. | Yes | |
env | The environment to tag the results with. ci is a helpful value for this input. | No | none |
subdirectory | The subdirectory path the analysis should be limited to. The path is relative to the root directory of the repository. | No | |
# Set the Datadog site to send information to
export DD_SITE="
"
# Install dependencies
npm install -g @datadog/datadog-ci
# Download the latest Datadog OSV Scanner:
# https://github.com/DataDog/osv-scanner/releases
DATADOG_OSV_SCANNER_URL=https://github.com/DataDog/osv-scanner/releases/latest/download/osv-scanner_linux_amd64.zip
# Install OSV Scanner
mkdir /osv-scanner
curl -L -o /osv-scanner/osv-scanner.zip $DATADOG_OSV_SCANNER_URL
unzip /osv-scanner/osv-scanner.zip -d /osv-scanner
chmod 755 /osv-scanner/osv-scanner
# Run OSV Scanner and scan your dependencies
/osv-scanner/osv-scanner --skip-git -r --experimental-only-packages --format=cyclonedx-1-5 --paths-relative-to-scan-dir --output=/tmp/sbom.json /path/to/repository
# Upload results to Datadog
datadog-ci sbom upload /tmp/sbom.json
Further Reading
Additional helpful documentation, links, and articles: