Generic CI Providers

Code Analysis is not available for the site.

Try the Beta!

Code Analysis is in public beta.


If you don’t use CircleCI Orbs or GitHub Actions, you can run the Datadog CLI directly in your CI pipeline platform.


  • unzip
  • Node.js 14 or later

Configure the following environment variables:

DD_API_KEYYour Datadog API key. This key is created by your Datadog organization and should be stored as a secret.Yes
DD_APP_KEYYour Datadog application key. This key is created by your Datadog organization and should be stored as a secret.Yes
DD_SITEThe Datadog site to send information to. Your Datadog site is

Provide the following inputs:

serviceThe name of the service to tag the results with.Yes
envThe environment to tag the results with. ci is a helpful value for this input.Nonone
cpu_countSet the number of CPUs used by the analyzer. Defaults to the number of CPUs available.No
subdirectoryThe subdirectory path the analysis should be limited to. The path is relative to the root directory of the repository.No
Add a `--performance-statistics` flag to your static analysis command to get execution time statistics for analyzed files.

Select an analyzer for your architecture and OS:


Add the following to your CI pipeline:

The following example uses the x86_64 Linux version of Datadog's static analyzer. If you're using a different OS or architecture, you should select it from the table above and update the DATADOG_STATIC_ANALYZER_URL value below. You can view all releases on our GitHub Releases page.
# Set the Datadog site to send information to
export DD_SITE=""

# Install dependencies
npm install -g @datadog/datadog-ci 

# Download the latest Datadog static analyzer:
unzip /tmp/ -d /tmp
mv /tmp/datadog-static-analyzer /usr/local/datadog-static-analyzer

# Run Static Analysis
/usr/local/datadog-static-analyzer -i . -o /tmp/report.sarif -f sarif

# Upload results
datadog-ci sarif upload /tmp/report.sarif --service <service> --env <env>

Diff-aware scanning

Diff-aware scanning is a feature that enables Datadog Static Analysis to only scan the files modified by a commit in a feature branch. It accelerates scan time significantly by not having the analysis run on every file in the repository for every scan. To enable diff-aware scanning in your CI pipeline, follow these steps:

  1. Make sure your DD_APP_KEY, DD_SITE and DD_API_KEY variables are set in your CI pipeline.
  2. Add a call to datadog-ci git-metadata upload before invoking the static analyzer. This command ensures that Git metadata is available to the Datadog backend. Git metadata is required to calculate the number of files to analyze.
  3. Ensure that the datadog-static-analyzer is invoked with the flag --diff-aware.

Example of commands sequence:

datadog-ci git-metadata upload

datadog-static-analyzer -i /path/to/directory -g -o sarif.json -f sarif –diff-aware <...other-options...>

Note: These commands must be invoked in your Git repository.

Further Reading

Additional helpful documentation, links, and articles: