Vulnerability Analysis Github Action

The Snyk integration allows Datadog Continuous Profiler to report on vulnerabilities in your code. The Vulnerability Analysis (Common Vulnerabilities and Exposures) is performed using Snyk's Intel Vulnerability DB.

Table of Contents

Requirements

  • A Free Snyk account is required to create the Snyk token. Sign up for a free Snyk account
  • The Snyk integration is only available for Datadog Continuous Profiler customers.

Usage

One action must be added for each service to run the Vulnerability Analysis on.

To use Datadog Vulnerability Analysis in your workflow use:

jobs:
  vulnerability_analysis:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout repository
      uses: actions/checkout@v2
    - name: Setup Node
      uses: actions/setup-node@v1
      with:
        node-version: 12.x
    - uses: datadog/github-action-vulnerability-analysis@master
      with:
        build-file: 'app/build.gradle'
        service: 'app-name'
        version: 'v2.1'
        datadog-api-key: ${{ secrets.DATADOG_API_KEY }}
        datadog-app-key: ${{ secrets.DATADOG_APP_KEY }}
        snyk-token: ${{ secrets.SNYK_TOKEN }}

Inputs

Name Requirement Default Description
file required The build file of the service. Example: app/build.gradle or app/pom.xml
service required The service name. Example: app-name
version required The version of the application. Example: v2.1
datadog-api-key required The Datadog API key. A 32-character hexadecimal string. This key is created by your Datadog organization and should be stored as a secret.
datadog-app-key required The Datadog APP key. A 40-character hexadecimal string. This key is created by your Datadog organization and should be stored as a secret.
snyk-token required The Snyk token. Ex: a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6. This key is created from your Snyk account and should be stored as a secret.
site optional datadoghq.com The Datadog site. Needs to be set to datadoghq.eu for Datadog EU users. Ex: datadoghq.com or datadoghq.eu

The Snyk integration only applies to Java applications, with support for more languages coming soon.

The Snyk integration is only available for Datadog Continuous Profiler customers.

The service and version must follow the same conventions as in unified service tagging