Skip to content

Add documentation for Code Security configuration file #35307

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jasonforal wants to merge 1 commit into
base: master
Choose a base branch
from
+270 −293
Open

Add documentation for Code Security configuration file #35307

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion content/en/ide_plugins/vscode/_index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -242,7 +242,7 @@ Do you use [Cursor][17], or another fork of VS Code? Find the extension on the [
[7]: /tests/explorer/
[8]: /continuous_integration/static_analysis/?tab=githubactions
[9]: /security/code_security/static_analysis/static_analysis_rules/
[10]: /security/code_security/static_analysis/setup/
[10]: https://github.com/DataDog/datadog-static-analyzer/blob/main/doc/legacy_config.md
Copy link
Contributor

@domalessi domalessi Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This link isn't working for me.

Also, this link is used on line 175: When you start editing a source file, the extension checks for [static-analysis.datadog.yml][10] at your source repository's root. It prompts you to create it if necessary.

I want to confirm that what we're linking to is still indeed a static-analysis.datadog.yaml file

[11]: /tracing/error_tracking/exception_replay
[12]: https://www.datadoghq.com/legal/eula/
[13]: https://www.datadoghq.com/legal/privacy/
Expand Down
11 changes: 7 additions & 4 deletions content/en/security/code_security/static_analysis/custom_rules/tutorial.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,17 +99,20 @@ function visit(query, filename, code) {
## Step 3: Use the rule

To use the rule, do one of the following:
- Create a `static-analysis.datadog.yaml` file at the root of your repository with the ruleset.
- Create a `code-security.datadog.yaml` file at the root of your repository with the ruleset.
- Add the rule in [your settings][3], either for the org-wide or repo-level configuration.

A valid configuration for using this ruleset (and no other ruleset) look like this:
Copy link
Contributor

@domalessi domalessi Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
A valid configuration for using this ruleset (and no other ruleset) look like this:
A valid configuration for using this ruleset (and no other ruleset) looks like the following:


```yaml
rulesets:
- tutorial
schema-version: v1.0
sast:
use-default-rulesets: false
use-rulesets:
- tutorial
```
{{< img src="/security/code_security/custom_rule_tutorial_configuration.png" alt="Configuration with Custom Rule" style="width:100%;" >}}
{{< img src="/security/code_security/custom_rule_tutorial_configuration2.png" alt="Configuration with Custom Rule" style="width:100%;" >}}
[1]: https://app.datadoghq.com/ci/code-analysis/static-analysis/custom-rulesets
[2]: https://tree-sitter.github.io/tree-sitter/using-parsers/queries/index.html
Expand Down
22 changes: 14 additions & 8 deletions content/en/security/code_security/static_analysis/github_actions.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,12 +69,15 @@ You can set the following parameters for Static Code Analysis.
By default, [Datadog Static Analyzer][8] detects the languages of your codebase and uses the default rulesets to analyze
your codebase.

To specify and customize the rulesets, add a `static-analysis.datadog.yml` file to your repository's root directory to define which rulesets to use.
To specify and customize the rulesets, add a `code-security.datadog.yaml` file to your repository's root directory to define which rulesets to use.
Copy link
Contributor

@domalessi domalessi Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

First phrase is redundant with "to define which rulesets to use"

Suggested change
To specify and customize the rulesets, add a `code-security.datadog.yaml` file to your repository's root directory to define which rulesets to use.
Add a `code-security.datadog.yaml` file to your repository's root directory to define which rulesets to use. For example:


```yaml
rulesets:
- <ruleset-name>
- <ruleset-name>
schema-version: v1.0
sast:
use-default-rulesets: false
use-rulesets:
- <ruleset-name>
- <ruleset-name>
```

Refer to the [Datadog documentation][6] for a complete list of rulesets.
Expand All @@ -84,10 +87,13 @@ Refer to the [Datadog documentation][6] for a complete list of rulesets.
Here is an example for Python-based repositories:

```yaml
rulesets:
- python-code-style
- python-best-practices
- python-inclusive
schema-version: v1.0
sast:
use-default-rulesets: false
use-rulesets:
- python-code-style
- python-best-practices
- python-inclusive
```


Expand Down
Loading
Loading