IaC Security and GitHub Actions

Ce produit n'est pas pris en charge par le site Datadog que vous avez sélectionné. ().
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

IaC Security with GitHub Actions is not supported for the site.

The datadog-iac-scanner-github-action runs the Datadog IaC Scanner in your GitHub Action workflows on every push. It detects misconfigurations in Terraform and Kubernetes files, then uploads the results to IaC Security.

Supported platforms

OSArchitecture
Linuxx86_64, arm64
macOSx86_64, arm64
Windowsx86_64

Prerequisites

Before you begin, make sure you have:

Setup

To add IaC scanning to your GitHub Actions workflow, create a .github/workflows/datadog-iac-scanning.yml file in your repository with the following content:

on: [push]

name: Datadog IaC Scan

jobs:
  iac-scan:
    runs-on: ubuntu-latest
    name: Datadog IaC Scanner
    steps:
    - name: Checkout
      uses: actions/checkout@v4
    - name: Check the Infrastructure as Code configuration
      id: datadog-iac-scan
      uses: DataDog/datadog-iac-scanner-github-action@v1
      with:
        dd_api_key: ${{ secrets.DD_API_KEY }}
        dd_app_key: ${{ secrets.DD_APP_KEY }}
        dd_site: datadoghq.com

Optional inputs

In addition to the required dd_api_key, dd_app_key, and dd_site inputs, you can set the following optional parameters in your workflow file:

NameDescriptionDefault
pathsComma-separated list of directories and files to scan..
extra_argsAdditional arguments passed to the IaC scanner.
datadog_ci_extra_argsAdditional arguments passed to the datadog-ci upload command.

Examples

Scan specific directories and files

- uses: DataDog/datadog-iac-scanner-github-action@v1
  with:
    paths: prepare,deploy,configs/config1.yaml
    dd_api_key: ${{ secrets.DD_API_KEY }}
    dd_app_key: ${{ secrets.DD_APP_KEY }}

Upload results to a different Datadog site

- uses: DataDog/datadog-iac-scanner-github-action@v1
  with:
    dd_site: datadoghq.eu
    dd_api_key: ${{ secrets.DD_API_KEY }}
    dd_app_key: ${{ secrets.DD_APP_KEY }}

Further reading

Documentation, liens et articles supplémentaires utiles:

IaC SecurityDOCUMENTATION more more Set up IaC SecurityDOCUMENTATION more more IaC Security RulesDOCUMENTATION more more