Skip to content

plugin-sbom

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

plugin-sbom

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
src
src
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 

README.md

SBOM command

This command lets you upload SBOM files to the Datadog intake endpoint.

Supported Formats

  • CycloneDX 1.4
  • CycloneDX 1.5
  • CycloneDX 1.6

Usage

datadog-ci sbom upload [--env] [--no-ci-tags] [--git-repository] [--debug] <path/to/sbom.json>

Optional arguments

  • --env (default: ci): represents the environment in which you want your sbom to appear.
  • --no-ci-tags (default: false): ignore the automatic detection of continuous integration environment variables.
  • --git-repository (default: current working directory): reports git environment context from the specified repository.
  • --debug (default: false): output debug logs.

Environment variables

The following environment variables must be defined:

  • DD_SITE: the Datadog site
  • DD_APP_KEY: the App key to use
  • DD_API_KEY: the API key to use

Optional environment variables:

  • DD_SUBDOMAIN: If you have a custom sub-domain enabled for your organization, set this variable to your subdomain. This ensures that the link to the Datadog Application, which the library logs after uploading, points to the correct location.

Git context resolution

The Git context is resolved in the following order of priority:

  1. Current process location
  2. CI environment variables (can be disabled with: --no-ci-tags option)
  3. Explicitly provided Git repository (through --git-repository option)
  4. Override environment variables (DD_GIT_* variables)

Development

When developing software, you can try with the following command:

yarn launch sbom upload /path/to/sbom.json

Further reading

Additional helpful documentation, links, and articles: