Setting Up Software Composition Analysis
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Join the Preview!
Code Analysis is in Preview.
Code Analysis is not available for the site.
Overview
To set up Datadog Software Composition Analysis, navigate to Software Delivery > Code Analysis.
Select where to run Software Composition Analysis scans
Scan with Datadog-hosted scanning
SCA scans can be run directly on Datadog’s infrastructure. To get started, navigate to the Code Analysis page.
Scan in CI pipelines
SCA can be run in your CI pipelines using the datadog-ci
CLI. Configure your Datadog API and application keys (requires the code_analysis_read
scope) and run SCA jobs in the respective CI provider.
See the documentation for your CI provider:
Select your source code management provider
Datadog SCA supports all source code management providers, with native support for GitHub.
Set up the GitHub integration
If GitHub is your source code management provider, you must configure a GitHub App using the GitHub integration tile and set up the source code integration to see inline code snippets and enable pull request comments.
When installing a GitHub App, the following permissions are required to enable certain features:
Content: Read
, which allows you to see code snippets displayed in Datadog.Pull Request: Read & Write
, which allows Datadog to add feedback for violations directly in your pull requests using pull request comments.
Other source code management providers
If you are using another source code management provider, configure SCA to run in your CI pipelines using the datadog-ci
CLI tool and upload the results to Datadog.
You must run an analysis of your repository on the default branch before results can begin appearing on the Code Analysis page.
Further Reading