chore: add CODEOWNERS entry for .github/chainguard by watson · Pull Request #7668 · DataDog/dd-trace-js

watson · 2026-03-04T12:36:33Z

What does this PR do?

Adds a CODEOWNERS entry for .github/chainguard/, assigning @DataDog/sdlc-security as the owner.

Motivation

The .github/chainguard/ directory contains octo-sts trust policy files that grant scoped GitHub token permissions to specific CI workflows (e.g. releasing, dependabot automation, yarn deduplication). These are security-sensitive files and should be reviewed by the SDLC Security team. The pattern of using @DataDog/sdlc-security for this path is already established in other DataDog repos such as homebrew-tap.

Assigns @DataDog/sdlc-security as the owner of the Chainguard octo-sts trust policy files, which define scoped token permissions for CI workflows.

watson · 2026-03-04T12:36:48Z

chore: add CODEOWNERS entry for .github/chainguard #7668 👈 (View in Graphite)
master

This stack of pull requests is managed by Graphite. Learn more about stacking.

github-actions · 2026-03-04T12:37:12Z

Overall package size

Self size: 4.89 MB
Deduped: 5.74 MB
No deduping: 5.74 MB

Dependency sizes

| name | version | self size | total size | |------|---------|-----------|------------| | import-in-the-middle | 2.0.6 | 81.92 kB | 816.75 kB | | dc-polyfill | 0.1.10 | 26.73 kB | 26.73 kB |

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

codecov · 2026-03-04T12:37:16Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.25%. Comparing base (0a08693) to head (29d449b).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #7668      +/-   ##
==========================================
- Coverage   80.29%   80.25%   -0.04%     
==========================================
  Files         738      738              
  Lines       31897    31897              
==========================================
- Hits        25611    25600      -11     
- Misses       6286     6297      +11

Flag	Coverage Δ
aiguard-macos	`38.93% <ø> (-0.10%)`	⬇️
aiguard-ubuntu	`39.04% <ø> (-0.10%)`	⬇️
aiguard-windows	`38.78% <ø> (-0.10%)`	⬇️
apm-capabilities-tracing-macos	`48.83% <ø> (ø)`
apm-capabilities-tracing-ubuntu	`48.87% <ø> (ø)`
apm-capabilities-tracing-windows	`48.61% <ø> (ø)`
apm-integrations-child-process	`38.51% <ø> (-0.10%)`	⬇️
apm-integrations-couchbase-18	`37.29% <ø> (-0.24%)`	⬇️
apm-integrations-couchbase-eol	`37.91% <ø> (+0.04%)`	⬆️
apm-integrations-oracledb	`37.74% <ø> (-0.10%)`	⬇️
appsec-express	`55.35% <ø> (-0.08%)`	⬇️
appsec-fastify	`51.67% <ø> (-0.07%)`	⬇️
appsec-graphql	`51.86% <ø> (-0.07%)`	⬇️
appsec-kafka	`44.34% <ø> (-0.08%)`	⬇️
appsec-ldapjs	`44.03% <ø> (-0.08%)`	⬇️
appsec-lodash	`43.68% <ø> (-0.08%)`	⬇️
appsec-macos	`58.35% <ø> (-0.07%)`	⬇️
appsec-mongodb-core	`48.85% <ø> (-0.08%)`	⬇️
appsec-mongoose	`49.53% <ø> (-0.08%)`	⬇️
appsec-mysql	`50.89% <ø> (-0.07%)`	⬇️
appsec-node-serialize	`43.20% <ø> (-0.08%)`	⬇️
appsec-passport	`47.65% <ø> (-0.09%)`	⬇️
appsec-postgres	`50.64% <ø> (-0.07%)`	⬇️
appsec-sourcing	`42.60% <ø> (-0.08%)`	⬇️
appsec-template	`43.37% <ø> (-0.08%)`	⬇️
appsec-ubuntu	`58.43% <ø> (-0.07%)`	⬇️
appsec-windows	`58.21% <ø> (-0.07%)`	⬇️
instrumentations-instrumentation-bluebird	`32.31% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-body-parser	`40.48% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-child_process	`37.83% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-cookie-parser	`34.31% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-express	`34.64% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-express-mongo-sanitize	`34.44% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-express-session	`40.11% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-fs	`31.92% <ø> (-0.11%)`	⬇️
instrumentations-instrumentation-generic-pool	`29.73% <ø> (ø)`
instrumentations-instrumentation-http	`?`
instrumentations-instrumentation-knex	`32.31% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-mongoose	`33.45% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-multer	`40.23% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-mysql2	`38.30% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-passport	`44.02% <ø> (-0.09%)`	⬇️
instrumentations-instrumentation-passport-http	`43.69% <ø> (-0.09%)`	⬇️
instrumentations-instrumentation-passport-local	`44.23% <ø> (-0.09%)`	⬇️
instrumentations-instrumentation-pg	`37.73% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-promise	`32.24% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-promise-js	`32.24% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-q	`32.29% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-url	`32.21% <ø> (-0.11%)`	⬇️
instrumentations-instrumentation-when	`32.26% <ø> (-0.10%)`	⬇️
llmobs-ai	`41.96% <ø> (-0.10%)`	⬇️
llmobs-anthropic	`40.30% <ø> (-0.09%)`	⬇️
llmobs-bedrock	`39.25% <ø> (-0.09%)`	⬇️
llmobs-google-genai	`39.83% <ø> (-0.09%)`	⬇️
llmobs-langchain	`39.76% <ø> (-0.08%)`	⬇️
llmobs-openai	`44.14% <ø> (-0.09%)`	⬇️
llmobs-vertex-ai	`40.09% <ø> (-0.09%)`	⬇️
platform-core	`31.53% <ø> (ø)`
platform-esbuild	`34.48% <ø> (ø)`
platform-instrumentations-misc	`43.94% <ø> (ø)`
platform-shimmer	`37.63% <ø> (ø)`
platform-unit-guardrails	`32.95% <ø> (ø)`
plugins-azure-event-hubs	`25.71% <ø> (ø)`
plugins-azure-service-bus	`25.07% <ø> (ø)`
plugins-bullmq	`43.65% <ø> (-0.18%)`	⬇️
plugins-cassandra	`37.78% <ø> (-0.10%)`	⬇️
plugins-cookie	`26.77% <ø> (ø)`
plugins-cookie-parser	`26.56% <ø> (ø)`
plugins-crypto	`26.79% <ø> (ø)`
plugins-dd-trace-api	`38.37% <ø> (-0.10%)`	⬇️
plugins-express-mongo-sanitize	`26.70% <ø> (ø)`
plugins-express-session	`26.51% <ø> (ø)`
plugins-fastify	`42.23% <ø> (-0.09%)`	⬇️
plugins-fetch	`38.33% <ø> (-0.10%)`	⬇️
plugins-fs	`38.61% <ø> (-0.10%)`	⬇️
plugins-generic-pool	`25.75% <ø> (ø)`
plugins-google-cloud-pubsub	`45.37% <ø> (-0.09%)`	⬇️
plugins-grpc	`40.93% <ø> (-0.09%)`	⬇️
plugins-handlebars	`26.75% <ø> (ø)`
plugins-hapi	`40.12% <ø> (-0.10%)`	⬇️
plugins-hono	`40.38% <ø> (-0.10%)`	⬇️
plugins-ioredis	`38.42% <ø> (-0.10%)`	⬇️
plugins-knex	`26.39% <ø> (ø)`
plugins-ldapjs	`24.24% <ø> (ø)`
plugins-light-my-request	`26.12% <ø> (ø)`
plugins-limitd-client	`32.60% <ø> (-0.10%)`	⬇️
plugins-lodash	`25.84% <ø> (ø)`
plugins-mariadb	`39.48% <ø> (-0.10%)`	⬇️
plugins-memcached	`38.17% <ø> (-0.10%)`	⬇️
plugins-microgateway-core	`39.16% <ø> (-0.10%)`	⬇️
plugins-moleculer	`40.50% <ø> (-0.10%)`	⬇️
plugins-mongodb	`39.26% <ø> (-0.02%)`	⬇️
plugins-mongodb-core	`39.03% <ø> (-0.10%)`	⬇️
plugins-mongoose	`38.85% <ø> (-0.10%)`	⬇️
plugins-multer	`26.51% <ø> (ø)`
plugins-mysql	`39.16% <ø> (-0.10%)`	⬇️
plugins-mysql2	`39.26% <ø> (-0.10%)`	⬇️
plugins-node-serialize	`26.81% <ø> (ø)`
plugins-opensearch	`37.62% <ø> (-0.10%)`	⬇️
plugins-passport-http	`26.57% <ø> (ø)`
plugins-postgres	`35.71% <ø> (-0.09%)`	⬇️
plugins-process	`26.79% <ø> (ø)`
plugins-pug	`26.77% <ø> (ø)`
plugins-redis	`38.89% <ø> (-0.10%)`	⬇️
plugins-router	`42.96% <ø> (-0.10%)`	⬇️
plugins-sequelize	`25.35% <ø> (ø)`
plugins-test-and-upstream-amqp10	`38.49% <ø> (-0.10%)`	⬇️
plugins-test-and-upstream-amqplib	`43.82% <ø> (-0.10%)`	⬇️
plugins-test-and-upstream-apollo	`39.02% <ø> (-0.09%)`	⬇️
plugins-test-and-upstream-avsc	`38.70% <ø> (-0.10%)`	⬇️
plugins-test-and-upstream-bunyan	`33.88% <ø> (-0.10%)`	⬇️
plugins-test-and-upstream-connect	`40.78% <ø> (-0.10%)`	⬇️
plugins-test-and-upstream-graphql	`40.13% <ø> (-0.10%)`	⬇️
plugins-test-and-upstream-koa	`40.36% <ø> (-0.10%)`	⬇️
plugins-test-and-upstream-protobufjs	`38.93% <ø> (-0.10%)`	⬇️
plugins-test-and-upstream-rhea	`44.01% <ø> (-0.13%)`	⬇️
plugins-undici	`39.11% <ø> (-0.09%)`	⬇️
plugins-url	`26.79% <ø> (ø)`
plugins-valkey	`38.08% <ø> (-0.10%)`	⬇️
plugins-vm	`26.79% <ø> (ø)`
plugins-winston	`34.07% <ø> (-0.10%)`	⬇️
plugins-ws	`41.87% <ø> (-0.10%)`	⬇️
profiling-macos	`39.83% <ø> (-0.10%)`	⬇️
profiling-ubuntu	`39.95% <ø> (-0.10%)`	⬇️
profiling-windows	`41.16% <ø> (-0.47%)`	⬇️
serverless-azure-functions-client	`25.43% <ø> (ø)`
serverless-azure-functions-eventhubs	`25.43% <ø> (ø)`
serverless-azure-functions-servicebus	`25.43% <ø> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

pr-commenter · 2026-03-04T12:51:23Z

Benchmarks

Benchmark execution time: 2026-03-04 12:51:19

Comparing candidate commit 29d449b in PR branch watson/chainguard with baseline commit 0a08693 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 228 metrics, 32 unstable metrics.

Assigns @DataDog/sdlc-security as the owner of the Chainguard octo-sts trust policy files, which define scoped token permissions for CI workflows.

chore: add CODEOWNERS entry for .github/chainguard

29d449b

Assigns @DataDog/sdlc-security as the owner of the Chainguard octo-sts trust policy files, which define scoped token permissions for CI workflows.

watson requested a review from a team as a code owner March 4, 2026 12:36

watson self-assigned this Mar 4, 2026

watson added the semver-patch label Mar 4, 2026

watson requested a review from a team March 4, 2026 12:37

BridgeAR approved these changes Mar 5, 2026

View reviewed changes

BridgeAR merged commit 8cfdef9 into master Mar 5, 2026
843 of 846 checks passed

BridgeAR deleted the watson/chainguard branch March 5, 2026 10:36

dd-octo-sts bot pushed a commit that referenced this pull request Mar 5, 2026

chore: add CODEOWNERS entry for .github/chainguard (#7668)

9729049

Assigns @DataDog/sdlc-security as the owner of the Chainguard octo-sts trust policy files, which define scoped token permissions for CI workflows.

dd-octo-sts bot mentioned this pull request Mar 5, 2026

v5.88.0 proposal #7586

Merged

juan-fernandez pushed a commit that referenced this pull request Mar 5, 2026

chore: add CODEOWNERS entry for .github/chainguard (#7668)

5b37816

Assigns @DataDog/sdlc-security as the owner of the Chainguard octo-sts trust policy files, which define scoped token permissions for CI workflows.

crysmags pushed a commit that referenced this pull request Mar 6, 2026

chore: add CODEOWNERS entry for .github/chainguard (#7668)

ed82c20

Assigns @DataDog/sdlc-security as the owner of the Chainguard octo-sts trust policy files, which define scoped token permissions for CI workflows.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: add CODEOWNERS entry for .github/chainguard#7668

chore: add CODEOWNERS entry for .github/chainguard#7668
BridgeAR merged 1 commit intomasterfrom
watson/chainguard

watson commented Mar 4, 2026

Uh oh!

watson commented Mar 4, 2026

Uh oh!

github-actions bot commented Mar 4, 2026

Uh oh!

codecov bot commented Mar 4, 2026 •

edited

Loading

Uh oh!

pr-commenter bot commented Mar 4, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

watson commented Mar 4, 2026

What does this PR do?

Motivation

Uh oh!

watson commented Mar 4, 2026

Uh oh!

github-actions bot commented Mar 4, 2026

Overall package size

Uh oh!

codecov bot commented Mar 4, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

pr-commenter bot commented Mar 4, 2026

Benchmarks

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

codecov bot commented Mar 4, 2026 •

edited

Loading