From 78947ac7410154c8dd704a2246d0d5f5657d1f75 Mon Sep 17 00:00:00 2001 From: Daniel Mohedano Date: Mon, 11 May 2026 10:50:58 +0200 Subject: [PATCH 1/2] security: use datadog-ci CLI installer and pin version --- .github/workflows/analyze-changes.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/analyze-changes.yaml b/.github/workflows/analyze-changes.yaml index 526832b607b..f62e8d789ee 100644 --- a/.github/workflows/analyze-changes.yaml +++ b/.github/workflows/analyze-changes.yaml @@ -107,11 +107,12 @@ jobs: with: sarif_file: 'trivy-results.sarif' + - name: Install datadog-ci + uses: DataDog/install-datadog-ci-github-action@6d7f0c7c5402a4b1912055b76970ca76bef71fe5 # v1.0.4 + with: + version: v5.16.1 - name: Upload results to Datadog CI Static Analysis - run: | - wget --no-verbose https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64 -O datadog-ci - chmod +x datadog-ci - ./datadog-ci sarif upload trivy-results.sarif --service dd-trace-java --env ci + run: datadog-ci sarif upload trivy-results.sarif --service dd-trace-java --env ci env: DD_API_KEY: ${{ secrets.DATADOG_API_KEY_PROD }} DD_SITE: datadoghq.com From 2d4d1daebe8d79d5b842a8cbcad79a95f8c83045 Mon Sep 17 00:00:00 2001 From: Daniel Mohedano Date: Tue, 19 May 2026 16:22:27 +0200 Subject: [PATCH 2/2] chore: upgrade to 5.17 --- .github/workflows/analyze-changes.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/analyze-changes.yaml b/.github/workflows/analyze-changes.yaml index f62e8d789ee..aa10fd7af6f 100644 --- a/.github/workflows/analyze-changes.yaml +++ b/.github/workflows/analyze-changes.yaml @@ -110,7 +110,7 @@ jobs: - name: Install datadog-ci uses: DataDog/install-datadog-ci-github-action@6d7f0c7c5402a4b1912055b76970ca76bef71fe5 # v1.0.4 with: - version: v5.16.1 + version: v5.17.0 - name: Upload results to Datadog CI Static Analysis run: datadog-ci sarif upload trivy-results.sarif --service dd-trace-java --env ci env: