Set up SCA with Azure DevOps

이 제품은 선택한 Datadog 사이트에서 지원되지 않습니다. ().
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Run a Datadog Software Composition Analysis (SCA) job in your Azure DevOps pipelines.

Datadog Software Composition Analysis CI jobs are only supported on push event triggers. Other event triggers (for example, pull_request) are not supported and can cause issues with the product.

Environment variables

Configure the following environment variables in your Azure DevOps pipeline settings.

NameDescriptionRequiredDefault
DD_API_KEYYour Datadog API key. This key is created by your Datadog organization and should be stored as a secret.Yes
DD_APP_KEYYour Datadog application key. This key is created by your Datadog organization, must include the code_analysis_read scope, and should be stored as a secret.Yes
DD_SITEThe Datadog site to send information to.Nodatadoghq.com

Set up the pipeline

To add a new pipeline in Azure DevOps, go to Pipelines > New Pipeline, select your repository, and then create or select a pipeline.

Add the following content to your Azure DevOps pipeline YAML file:

datadog-sca.yml

trigger:
  branches:
    include:
      # Optionally specify a specific branch to trigger on when merging
      - "*"

variables:
  - group: "Datadog"

jobs:
  - job: DatadogSoftwareCompositionAnalysis
    displayName: "Datadog Software Composition Analysis"
    steps:
      - script: |
          npm install -g @datadog/datadog-ci
          export DATADOG_SBOM_GENERATOR_URL="https://github.com/DataDog/datadog-sbom-generator/releases/latest/download/datadog-sbom-generator_linux_amd64.zip"
          mkdir -p /tmp/datadog-sbom-generator
          curl -L -o /tmp/datadog-sbom-generator/datadog-sbom-generator.zip $DATADOG_SBOM_GENERATOR_URL
          unzip /tmp/datadog-sbom-generator/datadog-sbom-generator.zip -d /tmp/datadog-sbom-generator
          chmod 755 /tmp/datadog-sbom-generator/datadog-sbom-generator
          /tmp/datadog-sbom-generator/datadog-sbom-generator scan --output=/tmp/sbom.json .
          datadog-ci sbom upload /tmp/sbom.json
        env:
          DD_APP_KEY: $(DD_APP_KEY)
          DD_API_KEY: $(DD_API_KEY)
          DD_SITE: datadoghq.com

The snippet uses the x86_64 Linux version of Datadog’s SBOM generator. If you’re using a different OS or architecture, update the DATADOG_SBOM_GENERATOR_URL accordingly.