WARNING: This work is under development and not ready for any production use.
The datadog-sca-github-action is a GitHub Action to generate SBOM and upload them to Datadog.
The GitHub action generates the SBOM automatically based on dependencies declared in your repository.
The GitHub Action works for the following languages and following files:
- JavaScript/Typescript:
package-lock.jsonandyarn.lock - Python:
requirements.txt(with version defined) andpoetry.lock
Add DD_APP_KEY and DD_API_KEY in your GitHub actions secrets.
Add the following code snippet in .github/workflows/datadog-sca.yml.
on: push
name: Software Composition Analysis
jobs:
software-composition-analysis:
runs-on: ubuntu-latest
name: Datadog SBOM Generation and Upload
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Generate SBOM and Upload
id: software-composition-analysis
uses: DataDog/datadog-sca-github-action@main
with:
dd_api_key: ${{ secrets.DD_API_KEY }}
dd_app_key: ${{ secrets.DD_APP_KEY }}
dd_service: <enter-service>
dd_env: <enter-env>
dd_site: <enter-site>