Merge pull request #350 from DataDog/juli1/STAL-2007-support-gitlab-p… #587
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: push | |
| name: Software Composition Analysis | |
| jobs: | |
| software-composition-analysis: | |
| runs-on: ubuntu-latest | |
| name: Datadog SBOM Generation and Upload | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Install Stable + Rustfmt + Clippy | |
| uses: actions-rs/toolchain@v1 | |
| with: | |
| toolchain: stable | |
| components: clippy | |
| override: true | |
| default: true | |
| - name: cargo install sbom | |
| run: cargo install --version 0.8.4 cargo-sbom | |
| - name: cargo generate sbom | |
| run: | | |
| cargo sbom --cargo-package static-analysis-kernel --output-format cyclone_dx_json_1_4 > static-analysis-kernel.json | |
| cargo sbom --cargo-package bins --output-format cyclone_dx_json_1_4 > bins.json | |
| cargo sbom --cargo-package cli --output-format cyclone_dx_json_1_4 > cli.json | |
| cargo sbom --cargo-package static-analysis-server --output-format cyclone_dx_json_1_4 > static-analysis-server.json | |
| - name: Generate SBOM and Upload | |
| id: software-composition-analysis | |
| uses: DataDog/datadog-sca-github-action@main | |
| with: | |
| dd_api_key: ${{ secrets.DD_API_KEY }} | |
| dd_app_key: ${{ secrets.DD_APP_KEY }} | |
| dd_service: datadog-static-analyzer | |
| dd_env: github-action | |
| dd_site: ${{ vars.DD_SITE }} | |