The Snyk integration allows Datadog Continuous Profiler to report on vulnerabilities in your code. The Vulnerability Analysis (Common Vulnerabilities and Exposures) is performed using Snyk's Intel Vulnerability DB.
- A Free Snyk account is required to create the Snyk token. Sign up for a free Snyk account
- The Snyk integration is only available for Datadog Continuous Profiler customers.
One action must be added for each service to run the Vulnerability Analysis on.
To use Datadog Vulnerability Analysis in your workflow use:
jobs:
vulnerability_analysis:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Setup Node
uses: actions/setup-node@v1
with:
node-version: 12.x
- uses: datadog/github-action-vulnerability-analysis@master
with:
build-file: 'app/build.gradle'
service: 'app-name'
version: 'v2.1'
datadog-api-key: ${{ secrets.DATADOG_API_KEY }}
datadog-app-key: ${{ secrets.DATADOG_APP_KEY }}
snyk-token: ${{ secrets.SNYK_TOKEN }}
Name | Requirement | Default | Description |
---|---|---|---|
file |
required | The build file of the service. Example: app/build.gradle or app/pom.xml |
|
service |
required | The service name. Example: app-name |
|
version |
required | The version of the application. Example: v2.1 |
|
datadog-api-key |
required | The Datadog API key. A 32-character hexadecimal string. This key is created by your Datadog organization and should be stored as a secret. | |
datadog-app-key |
required | The Datadog APP key. A 40-character hexadecimal string. This key is created by your Datadog organization and should be stored as a secret. | |
snyk-token |
required | The Snyk token. Ex: a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6 . This key is created from your Snyk account and should be stored as a secret. |
|
site |
optional | datadoghq.com |
The Datadog site. Needs to be set to datadoghq.eu for Datadog EU users. Ex: datadoghq.com or datadoghq.eu |
The Snyk integration only applies to Java applications, with support for more languages coming soon.
The Snyk integration is only available for Datadog Continuous Profiler customers.
The service
and version
must follow the same conventions as in unified service tagging