- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
If you experience issues setting up or configuring Datadog Code Analysis, use this page to start troubleshooting. If you continue to have trouble, contact Datadog Support.
For issues with the Datadog Static Analyzer, include the following information in a bug report to Support as well as your Customer Success Manager.
static-analysis.datadog.yml
fileIf you are experiencing performance issues, you can enable the --performance-statistics
flag when running the static analysis tool from the command line.
For performance issues, include the following information:
static-analysis.datadog.yml
fileNote: If you are using Static Analysis and GitHub Actions, set the enable_performance_statistics
parameter to true.
If you are experiencing issues unrelated to performance or if the Datadog Static Analyzer fails to exit, run the Datadog Static Analyzer with the --debug true --performance-statistics
flag.
Ensure that the following variables are correctly specified: DD_APP_KEY
, DD_API_KEY
, and DD_SITE
when running the analyzer and datadog-ci
.
When uploading results from third-party static analysis tools to Datadog, ensure that they are in the interoperable Static Analysis Results Interchange Format (SARIF) Format. Node.js version 14 or later is required.
To upload a SARIF report, follow the steps below:
Ensure the DD_API_KEY
and DD_APP_KEY
variables are defined.
Optionally, set a DD_SITE
variable (this default to datadoghq.com
).
Install the datadog-ci
utility:
npm install -g @datadog/datadog-ci
Run the third-party static analysis tool on your code and output the results in the SARIF format.
Upload the results to Datadog:
datadog-ci sarif upload $OUTPUT_LOCATION
GLIBC_X.YY not found
error messageIf you run the static analyzer in your CI pipeline and get an error message similar to the following line:
version `GLIBC_X.YY' not found
It means that you are either:
If you are running Code Analysis on a non-GitHub repository, ensure that the first scan is ran on your default branch (for example, a branch name like
master
, main
, prod
, or production
). After you commit on your default branch, non-default branches are analyzed. You can always configure your default branch in-app under Repository Settings.
If you are using Datadog’s analyzer, diff-aware scanning is enabled by default. If you running the tool within your CI pipeline, make sure that datadog-ci
runs at the root of the repository being analyzed.
For issues with Datadog Software Composition Analysis, include the following information in a bug report to Support as well as your Customer Success Manager.
package-lock.json
, requirements.txt
, or pom.xml
)While the Datadog SBOM generator is recommended, Datadog supports the ingestion of any SBOM files. Please ensure your files adhere to either the Cyclone-DX 1.4 or Cyclone-DX 1.5 formats.
Ingestion of SBOM files is verified for the following third-party tools:
To ingest your SBOM file into Datadog, follow the steps below:
datadog-ci
CLI (requires that Node.js is installed).DD_SITE
, DD_API_KEY
and DD_APP_KEY
environment variables are set.# Install datadog-ci
npm install -g @datadog/datadog-ci
# Upload SBOM file
datadog-ci sbom upload /path/to/sbom-file.json
If you are running Code Analysis on a non-GitHub repository, ensure that the first scan is ran on your default branch (for example, a branch name like
master
, main
, prod
, or production
). After you commit on your default branch, non-default branches are analyzed.
You can always configure your default branch in-app under Repository Settings.
Our SBOM generator, (osv-scanner
), extracts dependencies from a packages.lock.json
file. If you do not have
this file, you can update your project definition to generate it. Follow these instructions to update your project definition to generate a packages.lock.json
file.
The generated lock file is used by osv-scanner
to extract dependencies and generate an SBOM.