/datadog-static-analyzer-test

Datadog Static Analyzer

Primary LanguageRustApache License 2.0Apache-2.0

datadog-static-analyzer

datadog-static-analyzer is the static analyzer that powers Datadog static analysis product.

You can use it in your CI/CD pipeline using our integration:

If you use it in your own CI/CD pipeline, you can integrate the tool directly: see the Datadog documentation for more information.

Download

Download the latest release for your system and architecture from the release page.

To get the static analyzer via shell:

curl -L -O http://www.github.com/DataDog/datadog-static-analyzer/releases/latest/download/datadog-static-analyzer-<target>.zip

Example to get the x86_64 binary for Linux:

curl -L -O http://www.github.com/DataDog/datadog-static-analyzer/releases/latest/download/datadog-static-analyzer-x86_64-unknown-linux-gnu.zip

Usage

datadog-static-analyzer -i <directory> -o <output-file>

For the tool to work, you must have a <directory>/static-analysis.datadog.yml file that defines the configuration of the analyzer. This file will indicate the rules you will use for your project.

You can get more information about the configuration on Datadog documentation.

Mac OS X users

The binary cannot be executed as is. You need to flag the binary as safe to execute using the following command.

xattr -dr com.apple.quarantine datadog-static-analyzer

Options

  • -f or --format: format of the output file. -f sarif produces a SARIF-compliant file
  • -r or --rules: provides a file that contains all rules (rules can be put in a file using datadog-export-rulesets)
  • -c or --cpus: number of cores used to analyze (count about 1GB of RAM usage per core)
  • -o or --output: output file
  • -p or --ignore-path: path (pattern/glob) to ignore; accepts multiple
  • -x or --performance-statistics: show performance statistics for the analyzer
  • -g or --add-git-info: add Git-related information (sha, etc) into the SARIF report when using -f sarif

Configuration

For the tool to work, the following variables must be configured:

  • DD_APP_KEY: the application key from Datadog
  • DD_API_KEY: the API key from Datadog
  • DD_SITE: the Datadog site to use (see list here)

Configuration file

The static analyzer can be configured using a static-analysis.datadog.yml file at the root directory of the repository. This is a YAML file with the following entries:

  • rulesets: the rulesets to use (see Datadog Documentation for a full list)
  • ignore-paths: list of paths (glob) to ignore
  • ignore-gitignore: a boolean to indicate if files in .gitignore should be ignored (default: false)
  • max-file-size-kb: all files above this size are ignored (default: 200KB)

Example of configuration:

rulesets:
  - python-code-style
  - python-best-practices
  - python-inclusive
ignore-paths:
  - tests
ignore-gitignore: false
max-file-size-kb: 100

Other Tools

datadog-export-rulesets

Export rulesets from the API into a file

cargo run --bin datadog-export-rulesets -- -r <ruleset> -o <file-to-export>

Contribute

See file CONTRIBUTING.md for more information as well as DEVELOPMENT.md for all details about testing and coding guidelines.

More information