Merge pull request #3755 from DataDog/anmarchenko/dd_sca_sa

[NO TICKET] add datadog static analysis and SCA
DataDog · Jul 3, 2024 · f0e28ec · f0e28ec
2 parents 0669dbb + e1f1bab
commit f0e28ec
Show file tree

Hide file tree

Showing 5 changed files with 54 additions and 2 deletions.
diff --git a/.github/workflows/datadog-sca.yml b/.github/workflows/datadog-sca.yml
@@ -0,0 +1,25 @@
+on: [push]
+
+name: Datadog Software Composition Analysis
+
+jobs:
+  software-composition-analysis:
+    runs-on: ubuntu-latest
+    name: Datadog SBOM Generation and Upload
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+          ruby-version: "3.3"
+      - name: Check imported libraries are secure and compliant
+        id: datadog-software-composition-analysis
+        uses: DataDog/datadog-sca-github-action@main
+        with:
+          dd_api_key: ${{ secrets.DD_API_KEY }}
+          dd_app_key: ${{ secrets.DD_APP_KEY }}
+          dd_service: dd-trace-rb
+          dd_env: ci
+          dd_site: datadoghq.com
diff --git a/.github/workflows/datadog-static-analysis.yml b/.github/workflows/datadog-static-analysis.yml
@@ -0,0 +1,21 @@
+on: [push]
+
+name: Datadog Static Analysis
+
+jobs:
+  static-analysis:
+    runs-on: ubuntu-latest
+    name: Datadog Static Analyzer
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Check code meets quality and security standards
+        id: datadog-static-analysis
+        uses: DataDog/datadog-static-analyzer-github-action@v1
+        with:
+          dd_api_key: ${{ secrets.DD_API_KEY }}
+          dd_app_key: ${{ secrets.DD_APP_KEY }}
+          dd_service: dd-trace-rb
+          dd_env: ci
+          dd_site: datadoghq.com
+          cpu_count: 2
diff --git a/sig/datadog/core/environment/git.rbs b/sig/datadog/core/environment/git.rbs
@@ -2,9 +2,9 @@ module Datadog
   module Core
     module Environment
       module Git
-        @git_repository_url: String?
+        self.@git_repository_url: String?
 
-        @git_commit_sha: String?
+        self.@git_commit_sha: String?
 
         def self?.git_repository_url: () -> String?
 

diff --git a/spec/datadog/release_gem_spec.rb b/spec/datadog/release_gem_spec.rb
@@ -35,6 +35,7 @@
            |datadog\.gemspec
            |docker-compose\.yml
            |shell\.nix
+           |static-analysis\.datadog\.yml
           )
           $
         }x

diff --git a/static-analysis.datadog.yml b/static-analysis.datadog.yml
@@ -0,0 +1,5 @@
+schema-version: v1
+rulesets:
+  - ruby-code-style
+  - ruby-security
+  - ruby-best-practices