This product is not supported for your selected
Datadog site. (
).
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
By default, Datadog Secret Scanning scans enabled repositories with all rules in the Secrets & Credentials category of Sensitive Data Scanner. You can customize which rules run, modify default rules, and create custom rules on the Code configuration page in SDS.
Scanning groups
There are two scanning groups that configure Secret Scanning rules.
Managed scanning group
The managed scanning group is managed by Datadog’s security team. It automatically receives new rules and updates to rules, and is enabled by default for all organizations.
Custom rule scanning group
The custom scanning group is managed by user orgs. You can create and test custom regex rules or add rules from the SDS rules library.
Configuring rules
Customizing default rules
To customize the severity and keywords of a managed default rule, hover over the rule and click the pencil icon on the right.
The edit dialog opens.
After editing the rule and clicking Update at the bottom right, the modified rule appears as Customized in the managed scanning group.
Customized rules do not automatically receive severity/default keyword updates from Datadog's security team. To restore a rule to its managed state, hover over a customized rule and click the restore icon at the right.
Creating custom rules
To create a custom rule, go to the custom scanning group and click Add scanning rule at the bottom or Add rule at the top right. Create your regex rule, then configure the severity and keywords. After they’re enabled, your repositories are scanned with the new rules on the next commit.
To update a custom rule, hover over the rule and click the pencil icon on the right.
Disabling rules
Disable a rule by clicking the blue toggle on the right.
After a specific rule is disabled, existing findings from that rule are auto-closed in Secret Scanning on the next commit.