Tanishq Dubey
7986ad2f88
Some checks failed
Datadog Software Composition Analysis / Datadog SBOM Generation and Upload (push) Successful in 21s
Datadog Secrets Scanning / Datadog Static Analyzer (push) Successful in 23s
Datadog Static Analysis / Datadog Static Analyzer (push) Failing after 1m20s
Release / publish_head (push) Successful in 1m19s
Release / build (push) Successful in 1m41s
41 lines
1.3 KiB
YAML
41 lines
1.3 KiB
YAML
on: [push]
|
|
|
|
name: Datadog Static Analysis
|
|
|
|
jobs:
|
|
static-analysis:
|
|
runs-on: ubuntu-latest
|
|
name: Datadog Static Analyzer
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
- name: Check code meets quality and security standards
|
|
id: datadog-static-analysis
|
|
uses: DataDog/datadog-static-analyzer-github-action@v1
|
|
with:
|
|
dd_api_key: ${{ secrets.DD_API_KEY }}
|
|
dd_app_key: ${{ secrets.DD_APP_KEY }}
|
|
dd_site: datadoghq.com
|
|
cpu_count: 2
|
|
- name: Run Semgrep
|
|
run: |
|
|
python3 -m pip install --break-system-package semgrep
|
|
semgrep scan -o /tmp/semgrep.sarif
|
|
cat /tmp/semgrep.sarif
|
|
# Download and install nvm:
|
|
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.2/install.sh | bash
|
|
# in lieu of restarting the shell
|
|
\. "$HOME/.nvm/nvm.sh"
|
|
# Download and install Node.js:
|
|
nvm install 22
|
|
# Verify the Node.js version:
|
|
node -v # Should print "v22.14.0".
|
|
nvm current # Should print "v22.14.0".
|
|
# Verify npm version:
|
|
npm -v # Should print "10.9.2".
|
|
npm install -g @datadog/datadog-ci
|
|
datadog-ci sarif upload /tmp/semgrep.sarif
|
|
with:
|
|
dd_api_key: ${{ secrets.DD_API_KEY }}
|
|
dd_app_key: ${{ secrets.DD_APP_KEY }}
|
|
dd_site: datadoghq.com |