Created
October 31, 2025 13:17
-
-
Save dmsysop/03c7266000338ccc6b6baa24f9bb0962 to your computer and use it in GitHub Desktop.
Datadog pipeline steps
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| stages: | |
| - static_analysis | |
| - software_composition_analysis | |
| - .post | |
| variables: | |
| # ===================================================== | |
| # Datadog API Configuration | |
| # ===================================================== | |
| DD_SITE: "datadoghq.com" | |
| DD_APP_KEY: "$DD_APP_KEY" | |
| DD_API_KEY: "$DD_API_KEY" | |
| # ===================================================== | |
| # Static Application Security Testing (SAST) | |
| # ===================================================== | |
| datadog_static_analysis: | |
| stage: static_analysis | |
| image: node:lts | |
| allow_failure: true | |
| when: always | |
| variables: | |
| DD_SITE: "datadoghq.com" | |
| DD_APP_KEY: "$DD_APP_KEY" | |
| DD_API_KEY: "$DD_API_KEY" | |
| script: | |
| - echo "🔍 Starting Datadog Static Analysis..." | |
| - echo "Protected branch? $CI_COMMIT_REF_PROTECTED" | |
| - apt-get update && apt-get install -y curl unzip | |
| - npm install -g @datadog/datadog-ci | |
| - export DATADOG_STATIC_ANALYZER_URL="https://github.com/DataDog/datadog-static-analyzer/releases/latest/download/datadog-static-analyzer-x86_64-unknown-linux-gnu.zip" | |
| - curl -sSL $DATADOG_STATIC_ANALYZER_URL -o /tmp/ddog-static-analyzer.zip | |
| - unzip -q /tmp/ddog-static-analyzer.zip -d /tmp | |
| - mv /tmp/datadog-static-analyzer /usr/local/bin/datadog-static-analyzer | |
| - chmod +x /usr/local/bin/datadog-static-analyzer | |
| - datadog-static-analyzer -i . -o report.sarif -f sarif | |
| - datadog-ci sarif upload report.sarif | |
| artifacts: | |
| when: always | |
| expire_in: 2 days | |
| paths: | |
| - report.sarif | |
| rules: | |
| - if: '$CI_COMMIT_REF_PROTECTED == "true"' | |
| when: on_success | |
| - when: never | |
| # ===================================================== | |
| # Software Composition Analysis (SCA) | |
| # ===================================================== | |
| datadog_software_composition_analysis: | |
| stage: software_composition_analysis | |
| image: node:lts | |
| allow_failure: true | |
| when: always | |
| variables: | |
| DD_SITE: "datadoghq.com" | |
| DD_APP_KEY: "$DD_APP_KEY" | |
| DD_API_KEY: "$DD_API_KEY" | |
| script: | |
| - echo "📦 Starting Datadog Software Composition Analysis..." | |
| - echo "Protected branch? $CI_COMMIT_REF_PROTECTED" | |
| - apt-get update && apt-get install -y curl unzip | |
| - npm install -g @datadog/datadog-ci | |
| - export DATADOG_SBOM_GENERATOR_URL="https://github.com/DataDog/datadog-sbom-generator/releases/latest/download/datadog-sbom-generator_linux_amd64.zip" | |
| - mkdir -p /datadog-sbom-generator | |
| - curl -sSL -o /datadog-sbom-generator/datadog-sbom-generator.zip $DATADOG_SBOM_GENERATOR_URL | |
| - unzip -q /datadog-sbom-generator/datadog-sbom-generator.zip -d /datadog-sbom-generator | |
| - chmod +x /datadog-sbom-generator/datadog-sbom-generator | |
| - /datadog-sbom-generator/datadog-sbom-generator scan --output=sbom.json . | |
| - datadog-ci sbom upload sbom.json | |
| artifacts: | |
| when: always | |
| expire_in: 2 days | |
| paths: | |
| - sbom.json | |
| rules: | |
| - if: '$CI_COMMIT_REF_PROTECTED == "true"' | |
| when: on_success | |
| - when: never |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment