IaC Security and GitHub Actions

이 제품은 선택한 Datadog 사이트에서 지원되지 않습니다. ().
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

IaC Security with GitHub Actions is not supported for the site.

The datadog-iac-scanner-github-action runs the Datadog IaC Scanner in your GitHub Action workflows on every push. It detects misconfigurations in Terraform and Kubernetes files, then uploads the results to IaC Security.

Supported platforms

OSArchitecture
Linuxx86_64, arm64
macOSx86_64, arm64
Windowsx86_64

Prerequisites

Before you begin, make sure you have:

Setup

To add IaC scanning to your GitHub Actions workflow, create a .github/workflows/datadog-iac-scanning.yml file in your repository with the following content:

on: [push]

name: Datadog IaC Scan

jobs:
  iac-scan:
    runs-on: ubuntu-latest
    name: Datadog IaC Scanner
    steps:
    - name: Checkout
      uses: actions/checkout@v4
    - name: Check the Infrastructure as Code configuration
      id: datadog-iac-scan
      uses: DataDog/datadog-iac-scanner-github-action@v1
      with:
        dd_api_key: ${{ secrets.DD_API_KEY }}
        dd_app_key: ${{ secrets.DD_APP_KEY }}
        dd_site: datadoghq.com

Optional inputs

In addition to the required dd_api_key, dd_app_key, and dd_site inputs, you can set the following optional parameters in your workflow file:

NameDescriptionDefault
pathsComma-separated list of directories and files to scan..
extra_argsAdditional arguments passed to the IaC scanner.
datadog_ci_extra_argsAdditional arguments passed to the datadog-ci upload command.

Examples

Scan specific directories and files

- uses: DataDog/datadog-iac-scanner-github-action@v1
  with:
    paths: prepare,deploy,configs/config1.yaml
    dd_api_key: ${{ secrets.DD_API_KEY }}
    dd_app_key: ${{ secrets.DD_APP_KEY }}

Upload results to a different Datadog site

- uses: DataDog/datadog-iac-scanner-github-action@v1
  with:
    dd_site: datadoghq.eu
    dd_api_key: ${{ secrets.DD_API_KEY }}
    dd_app_key: ${{ secrets.DD_APP_KEY }}

Further reading

추가 유용한 문서, 링크 및 기사:

IaC SecurityDOCUMENTATION more more Set up IaC SecurityDOCUMENTATION more more IaC Security RulesDOCUMENTATION more more