Datadog Software Composition Analysis (SCA) detects open source libraries and their vulnerabilities in your code. You can exclude specific paths from Static SCA analysis. Configure this setting under the sca key in the Code Security configuration, either in Datadog or in a code-security.datadog.yaml file.

The sca key requires schema-version: v1.1 and supports the following field:

Example:

schema-version: v1.1
sca:
  ignore-paths:
    - "vendor/"
    - "**/node_modules/**"
    - "third_party/"

For more information on configuration locations, precedence, and merging, see Code Security Configuration Reference.

Further Reading

Additional helpful documentation, links, and articles:

Software Composition AnalysisDOCUMENTATION Code Security Configuration ReferenceDOCUMENTATION