- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Run a Datadog Static Analysis job in your GitHub Action workflows. This action wraps the Datadog Static Analyzer, invokes it against your codebase, and uploads the results to Datadog.
Create a file in .github/workflows
to run a Datadog Static Analysis job.
The following is a sample workflow file.
on: [push]
jobs:
check-quality:
runs-on: ubuntu-latest
name: Datadog Static Analyzer
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Check code meets quality standards
id: datadog-static-analysis
uses: DataDog/datadog-static-analyzer-github-action@v1
with:
dd_app_key: ${{ secrets.DD_APP_KEY }}
dd_api_key: ${{ secrets.DD_API_KEY }}
dd_site: "datadoghq.com"
cpu_count: 2
enable_performance_statistics: false
You must set your Datadog API and application keys as secrets in your GitHub repository whether at the organization or repository level. Ensure that you add the code_analysis_read
scope to your Datadog application key. For more information, see API and Application Keys.
Make sure to replace dd_site
with the Datadog site you are using3.
You can set the following parameters for Static Analysis.
Name | Description | Required | Default |
---|---|---|---|
dd_api_key | Your Datadog API key. This key is created by your Datadog organization and should be stored as a secret. | Yes | |
dd_app_key | Your Datadog application key. This key is created by your Datadog organization and should be stored as a secret. | Yes | |
dd_site | The Datadog site to send information to. | No | datadoghq.com |
cpu_count | Set the number of CPUs used to by the analyzer. | No | 2 |
enable_performance_statistics | Get the execution time statistics for analyzed files. | No | false |
debug | Lets the analyzer print additional logs useful for debugging. To enable, set to yes . | No | no |
subdirectory | A subdirectory pattern or glob (or space-delimited subdirectory patterns) that the analysis should be limited to. For example: “src” or “src packages”. | false | |
architecture | The CPU architecture to use for the analyzer. Supported values are x86_64 and aarch64 . | No | x86_64 |
diff_aware | Enable diff-aware scanning mode. | No | true |
secrets_enabled | Enable secrets detection (in private beta) | No | false |
diff_aware
parameter to false
.The following action inputs have been deprecated and no longer have any effect. Passing these in will emit a warning.
dd_service
dd_env
By default, Datadog Static Analyzer detects the languages of your codebase and uses the default rulesets to analyze your codebase.
To specify and customize the rulesets, add a static-analysis.datadog.yml
file to your repository’s root directory to define which rulesets to use.
rulesets:
- <ruleset-name>
- <ruleset-name>
Refer to the Datadog documentation for a complete list of rulesets.
Here is an example for Python-based repositories:
rulesets:
- python-code-style
- python-best-practices
- python-inclusive
Datadog Software Composition Analysis (SCA) also offers the ability to scan your dependencies
and detect vulnerabilities and licenses. You can use this product with the datadog-sca-github-action
.
Additional helpful documentation, links, and articles: