Set up SCA with GitHub Actions

This product is not supported for your selected Datadog site. ().
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Run a Datadog Software Composition Analysis (SCA) job in your GitHub Actions workflows. The action invokes Datadog’s recommended SBOM tool, Datadog SBOM Generator, on your codebase and uploads the results to Datadog.

Datadog Software Composition Analysis CI jobs are only supported on push event triggers. Other event triggers (for example, pull_request) are not supported and can cause issues with the product.

Inputs

You can set the following parameters for Software Composition Analysis.

NameDescriptionRequiredDefault
dd_api_keyYour Datadog API key. This key is created by your Datadog organization and should be stored as a secret.Yes
dd_app_keyYour Datadog application key. This key is created by your Datadog organization, should include the code_analysis_read scope, and should be stored as a secret.Yes
dd_siteThe Datadog site to send information to.Nodatadoghq.com

Set up the workflow

Create a file at .github/workflows/datadog-sca.yml with the following content. Replace the dd_site attribute with the Datadog site you are using.

datadog-sca.yml

on: [push]

name: Datadog Software Composition Analysis

jobs:
  software-composition-analysis:
    runs-on: ubuntu-latest
    name: Datadog SBOM Generation and Upload
    steps:
    - name: Checkout
      uses: actions/checkout@v3
    - name: Check imported libraries are secure and compliant
      id: datadog-software-composition-analysis
      uses: DataDog/datadog-sca-github-action@main
      with:
        dd_api_key: ${{ secrets.DD_API_KEY }}
        dd_app_key: ${{ secrets.DD_APP_KEY }}
        dd_site: "datadoghq.com"

To analyze first-party code, use Datadog Static Code Analysis (SAST) with the datadog-static-analyzer-github-action.