Set up SCA with Generic CI Providers

이 제품은 선택한 Datadog 사이트에서 지원되지 않습니다. ().
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Use the customizable script below to install and run the scanner manually in generic CI environments, then upload results to Datadog. For GitHub Actions, GitLab CI/CD, and Azure DevOps, see the provider-specific setup instructions.

For non-GitHub repositories, if you use a custom branch name (not master, main, default, stable, source, prod, or develop), upload once, then set the default branch in Repository Settings.

Environment variables

NameDescriptionRequiredDefault
DD_API_KEYYour Datadog API key. This key is created by your Datadog organization and should be stored as a secret.Yes
DD_APP_KEYYour Datadog application key. This key is created by your Datadog organization, must include the code_analysis_read scope, and should be stored as a secret.Yes
DD_SITEThe Datadog site to send information to.Nodatadoghq.com

Prerequisites

  • Unzip
  • Node.js 14 or later

Install and run the scanner

# Set the Datadog site to send information to
export DD_SITE=""

# Install dependencies
npm install -g @datadog/datadog-ci

# Download the latest Datadog SBOM Generator:
# https://github.com/DataDog/datadog-sbom-generator/releases
DATADOG_SBOM_GENERATOR_URL=https://github.com/DataDog/datadog-sbom-generator/releases/latest/download/datadog-sbom-generator_linux_amd64.zip

# Install Datadog SBOM Generator
mkdir /datadog-sbom-generator
curl -L -o /datadog-sbom-generator/datadog-sbom-generator.zip $DATADOG_SBOM_GENERATOR_URL
unzip /datadog-sbom-generator/datadog-sbom-generator.zip -d /datadog-sbom-generator
chmod 755 /datadog-sbom-generator/datadog-sbom-generator

# Run Datadog SBOM Generator to scan your dependencies
/datadog-sbom-generator/datadog-sbom-generator scan --output=/tmp/sbom.json /path/to/repository

# Upload results to Datadog
datadog-ci sbom upload /tmp/sbom.json

The snippet uses the x86_64 Linux version of Datadog’s SBOM generator. If you’re using a different OS or architecture, update the DATADOG_SBOM_GENERATOR_URL accordingly. See all releases here.