Skip to content

iejzh/datadog-static-analyzer

 
 

Repository files navigation

Datadog Static Analyzer

Tip

Datadog supports open source projects. Learn more on Datadog for Open Source Projects.

datadog-static-analyzer is the static analyzer engine for Datadog static analysis.

How to use Datadog Static Analysis Tool

Create a static-analysis.datadog.yml file

First, make sure you follow the documentation and create a static-analysis.datadog.yml file at the root of your project with the rulesets you want to use.

Example of YAML file

rulesets:
  - python-code-style
  - python-best-practices
  - python-inclusive
ignore-paths:
  - tests

CI/CD Integration

You can use it in your CI/CD pipeline using our integration:

If you use it in your own CI/CD pipeline, you can integrate the tool directly: see the Datadog documentation for more information.

IntelliJ JetBrains products

The Datadog IntelliJ extension allows you to use the static analyzer directly from all JetBrains products. Create a static-analysis.datadog.yml file, download the extension and you can start using it. You can see below an example of a suggestion to add a timeout when fetching data with Python with the requests module.

Datadog Static Analysis JetBrains

VS Code

The Datadog VS Code extension allows you to use the static analyzer directly from VS Code. Create a static-analysis.datadog.yml file, download the extension and you can start using it.

Datadog Static Analysis JetBrains

List of rulesets

When you onboard on the Datadog product, you can select the ruleset you want/need. If you are not using Datadog directly, there is the list of common used rulesets available in the Datadog static analysis product per language.

The complete list is available in our documentation.

The list of rulesets is available in RULESETS.md.

Download

Download the latest release for your system and architecture from the release page.

To get the static analyzer via shell:

curl -L -O http://www.github.com/DataDog/datadog-static-analyzer/releases/latest/download/datadog-static-analyzer-<target>.zip

Example to get the x86_64 binary for Linux:

curl -L -O http://www.github.com/DataDog/datadog-static-analyzer/releases/latest/download/datadog-static-analyzer-x86_64-unknown-linux-gnu.zip

Usage

datadog-static-analyzer -i <directory> -o <output-file>

For the tool to work, you must have a <directory>/static-analysis.datadog.yml file that defines the configuration of the analyzer. This file will indicate the rules you will use for your project.

You can get more information about the configuration on Datadog documentation.

Mac OS X users

The binary cannot be executed as is. You need to flag the binary as safe to execute using the following command.

xattr -dr com.apple.quarantine datadog-static-analyzer

Options

  • -f or --format: format of the output file. -f sarif produces a SARIF-compliant file
  • -r or --rules: provides a file that contains all rules (rules can be put in a file using datadog-export-rulesets)
  • -c or --cpus: number of cores used to analyze (count about 1GB of RAM usage per core)
  • -o or --output: output file
  • -p or --ignore-path: path (pattern/glob) to ignore; accepts multiple
  • -x or --performance-statistics: show performance statistics for the analyzer
  • -g or --add-git-info: add Git-related information (sha, etc) into the SARIF report when using -f sarif

Configuration

Set the following variables to configure an analysis:

  • DD_SITE: the Datadog site parameter used to fetch rules (view list) (default: datadoghq.com)

Configuration file

The static analyzer can be configured using a static-analysis.datadog.yml file at the root directory of the repository. This is a YAML file with the following entries:

  • rulesets: the rulesets to use (see Datadog Documentation for a full list)
  • ignore-paths: list of paths (glob) to ignore
  • ignore-gitignore: a boolean to indicate if files in .gitignore should be ignored (default: false)
  • max-file-size-kb: all files above this size are ignored (default: 200KB)

Example of configuration:

rulesets:
  - python-code-style
  - python-best-practices
  - python-inclusive
ignore-paths:
  - tests
ignore-gitignore: false
max-file-size-kb: 100

Other Tools

datadog-export-rulesets

Export rulesets from the API into a file

cargo run --bin datadog-export-rulesets -- -r <ruleset> -o <file-to-export>

Contribute

See file CONTRIBUTING.md for more information as well as DEVELOPMENT.md for all details about testing and coding guidelines.

More information

Releases

No releases published

Packages

No packages published

Languages

  • Rust 94.0%
  • Python 3.2%
  • Shell 1.8%
  • JavaScript 1.0%