Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Git Hooks #24455

Merged
merged 4 commits into from
Aug 5, 2024
Merged

Add Git Hooks #24455

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
92e5704
add git hooks
juli1 Aug 2, 2024
5f1fafe
fix two spaces
juli1 Aug 2, 2024
c784e4d
update image
juli1 Aug 2, 2024
a3c83ab
Apply suggestions from code review
juli1 Aug 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 9 additions & 4 deletions config/_default/menus/main.en.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4146,16 +4146,21 @@ menu:
parent: code_analysis
identifier: code_analysis_ide_plugins
weight: 5
- name: Git Hooks
url: code_analysis/git_hooks
parent: code_analysis
identifier: code_analysis_git_hooks
weight: 6
- name: Troubleshooting
url: code_analysis/troubleshooting
parent: code_analysis
identifier: code_analysis_troubleshooting
weight: 6
weight: 7
- name: Frequently Asked Questions
url: code_analysis/faq
parent: code_analysis
identifier: code_analysis_faq
weight: 7
weight: 8
- name: Quality Gates
url: quality_gates/
pre: ci
Expand Down Expand Up @@ -5169,7 +5174,7 @@ menu:
url: security/application_security/software_composition_analysis/setup/compatibility/
parent: application_security_software_composition_analysis_setup
identifier: appsec_compat_sca
weight: 2
weight: 2
- name: Code Security
url: security/application_security/code_security/
parent: application_security
Expand All @@ -5184,7 +5189,7 @@ menu:
url: security/application_security/code_security/setup/compatibility/
parent: application_security_code_security_setup
identifier: appsec_compat_code_security
weight: 2
weight: 2
- name: Threat Management
url: security/application_security/threats/
parent: application_security
Expand Down
70 changes: 70 additions & 0 deletions content/en/code_analysis/git_hooks/_index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
---
title: Git Hooks
description: Prevent the merging of code with errors
further_reading:
- link: "/code_analysis/"
tag: "Documentation"
text: "Learn about Code Analysis"
- link: "/code_analysis/static_analysis/"
tag: "Documentation"
text: "Learn about Static Analysis"
- link: "/code_analysis/software_composition_analysis/"
tag: "Documentation"
text: "Learn about Software Composition Analysis"
---

## Overview

A [Git hook](https://git-scm.com/docs/githooks) is a program executed before a user commits code to a repository
or pushes code to a remote location. A Git hook is generally used to run verifications
and enforce requirements on the code before it is pushed to the remote branch.

Datadog Code Analysis provides a Git hook to check for static analysis
violations or secrets before code is pushed or committed. The Datadog Code Analysis Git hook
checks the code from the latest commit and the default branch and surfaces
any errors it detects.

The Datadog Git hook warns developers before they push any code
containing coding errors, vulnerabilities, or secrets. When you commit code with an
error, a prompt like the following appears in the user terminal:

{{< img src="code_analysis/git_hooks/git_hook.png" alt="Datadog Git Hook detecting vulnerabilities" style="width:100%;">}}

## Setup

1. Download the `datadog-git-hook` program from the release page or the [Datadog Static Analyzer
releases](https://github.com/DataDog/datadog-static-analyzer/releases).
2. Install the program on your computer.
3. Add a `.git/hooks/pre-push` file in the repository with the script below. **Note:** The script assumes the `datadog-static-analyzer-git-hook` binary is in `/usr/local/bin/datadog-static-analyzer-git-hook`.

```shell
#!/bin/sh

# Get the repo root path
repo_path=$(git rev-parse --show-toplevel)

# Make sure the user can provide some input
exec < /dev/tty

/usr/local/bin/datadog-static-analyzer-git-hook -r $repo_path --secrets --confirmation --default-branch <default-branch>

if [ $? -eq 0 ]; then
echo "datadog-static-analyzer check passed"
exit 0
else
echo "datadog-static-analyzer check failed"
exit 1
fi
```

The program accepts the following parameters:

- `--confirmation`: Ask the user for confirmation to override the Git hook check
- `--default-branch`: Specify the name of the default branch.
- `--secrets`: Enable secrets detection (private beta).
- `--output <file>`: Export the findings found in the commit into a SARIF file.

## Further reading

Check warning on line 67 in content/en/code_analysis/git_hooks/_index.md

View workflow job for this annotation

GitHub Actions / vale

Datadog.headings 

'Further reading' should use sentence-style capitalization.

{{< partial name="whats-next/whats-next.html" >}}

Binary file added static/images/code_analysis/git_hooks/git_hook.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading