- 필수 기능
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- 디지털 경험
- 소프트웨어 제공
- 보안
- 로그 관리
- 관리
- 인프라스트럭처
- ci
- containers
- csm
- ndm
- otel_guides
- overview
- slos
- synthetics
- tests
- 워크플로
Run a Datadog Software Composition Analysis job in your GitHub Action workflows.
The GitHub Action generates an inventory of libraries automatically based on the libraries that are declared in your repository.
The GitHub Action works for the following languages and following files:
package-lock.json
and yarn.lock
requirements.txt
(with version defined) and poetry.lock
pom.xml
Add DD_APP_KEY
and DD_API_KEY
as secrets in your GitHub Actions Settings.
Add the following code snippet in .github/workflows/datadog-sca.yml
.
on: [push]
name: Datadog Software Composition Analysis
jobs:
software-composition-analysis:
runs-on: ubuntu-latest
name: Datadog SBOM Generation and Upload
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Check imported libraries are secure and compliant
id: datadog-software-composition-analysis
uses: DataDog/datadog-sca-github-action@main
with:
dd_api_key: ${{ secrets.DD_API_KEY }}
dd_app_key: ${{ secrets.DD_APP_KEY }}
dd_service: my-app
dd_env: ci
dd_site:
Additional helpful documentation, links, and articles: