- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Run a Datadog Software Composition Analysis job in your GitHub Action workflows. This action invokes Datadog osv-scanner on your codebase and uploads the results into Datadog.
The GitHub Action generates an inventory of libraries automatically based on the libraries that are declared in your repository.
The GitHub Action works for the following languages and following files:
package-lock.json
and yarn.lock
requirements.txt
(with version defined) and poetry.lock
pom.xml
Add DD_APP_KEY
and DD_API_KEY
as secrets in your GitHub Actions Settings. Please ensure your Datadog application key has the code_analysis_read
scope. For more information, see API and Application Keys.
Add the following code snippet in .github/workflows/datadog-sca.yml
. Make sure to replace
the dd_site
attribute with the Datadog site you are using.
on: [push]
name: Datadog Software Composition Analysis
jobs:
software-composition-analysis:
runs-on: ubuntu-latest
name: Datadog SBOM Generation and Upload
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Check imported libraries are secure and compliant
id: datadog-software-composition-analysis
uses: DataDog/datadog-sca-github-action@main
with:
dd_api_key: ${{ secrets.DD_API_KEY }}
dd_app_key: ${{ secrets.DD_APP_KEY }}
dd_site: "datadoghq.com"
Datadog Static Analysis analyzes your code and provides feedback in your IDE, GitHub PR or within the
Datadog environment. Datadog Static Analysis can be set up using the datadog-static-analyzer-github-action
GitHub action.
Additional helpful documentation, links, and articles: