Set up SCA with GitHub Actions

Este producto no es compatible con el sitio Datadog seleccionado. ().
Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Run a Datadog Software Composition Analysis (SCA) job in your GitHub Actions workflows. The action invokes Datadog’s recommended SBOM tool, Datadog SBOM Generator, on your codebase and uploads the results to Datadog.

Datadog Software Composition Analysis CI jobs are only supported on push event triggers. Other event triggers (for example, pull_request) are not supported and can cause issues with the product.

Inputs

You can set the following parameters for Software Composition Analysis.

NameDescriptionRequiredDefault
dd_api_keyYour Datadog API key. This key is created by your Datadog organization and should be stored as a secret.Yes
dd_app_keyYour Datadog application key. This key is created by your Datadog organization, should include the code_analysis_read scope, and should be stored as a secret.Yes
dd_siteThe Datadog site to send information to.Nodatadoghq.com

Set up the workflow

Create a file at .github/workflows/datadog-sca.yml with the following content. Replace the dd_site attribute with the Datadog site you are using.

datadog-sca.yml

on: [push]

name: Datadog Software Composition Analysis

jobs:
  software-composition-analysis:
    runs-on: ubuntu-latest
    name: Datadog SBOM Generation and Upload
    steps:
    - name: Checkout
      uses: actions/checkout@v3
    - name: Check imported libraries are secure and compliant
      id: datadog-software-composition-analysis
      uses: DataDog/datadog-sca-github-action@main
      with:
        dd_api_key: ${{ secrets.DD_API_KEY }}
        dd_app_key: ${{ secrets.DD_APP_KEY }}
        dd_site: "datadoghq.com"

To analyze first-party code, use Datadog Static Code Analysis (SAST) with the datadog-static-analyzer-github-action.