@datadog/datadog-ci
Use Datadog from your CI.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:simple-git | AI (phantom-deps): simple-git is declared as a direct dep and used transitively; phantom-dep heuristic fires but it is a legitimate dependency. | ai | |
| phantom-deps | phantom-dep:@datadog/datadog-ci-plugin-synthetics | AI (phantom-deps): Same-org monorepo plugin loaded at runtime; not a direct import by design. | ai | |
| phantom-deps | phantom-dep:@datadog/datadog-ci-plugin-sbom | AI (phantom-deps): Same-org plugin loaded dynamically; stable pattern for this monorepo package. | ai | |
| phantom-deps | phantom-dep:@datadog/datadog-ci-plugin-junit | AI (phantom-deps): Same-org plugin loaded dynamically; stable pattern for this monorepo package. | ai | |
| phantom-deps | phantom-dep:@datadog/datadog-ci-plugin-sarif | AI (phantom-deps): Same-org plugin loaded dynamically; stable pattern for this monorepo package. | ai | |
| phantom-deps | phantom-dep:@datadog/datadog-ci-plugin-dora | AI (phantom-deps): Same-org plugin loaded dynamically; stable pattern for this monorepo package. | ai | |
| phantom-deps | phantom-dep:@datadog/datadog-ci-plugin-deployment | AI (phantom-deps): Same-org plugin loaded dynamically; stable pattern for this monorepo package. | ai | |
| phantom-deps | phantom-dep:typanion | AI (phantom-deps): CLI validation library used transitively via clipanion; phantom-dep is a false positive here. | ai | |
| phantom-deps | phantom-dep:@datadog/datadog-ci-plugin-coverage | AI (phantom-deps): Same-org plugin loaded dynamically; stable pattern for this monorepo package. | ai | |
| phantom-deps | phantom-dep:@datadog/datadog-ci-plugin-gate | AI (phantom-deps): Same-org plugin loaded dynamically; stable pattern for this monorepo package. | ai |
Versions (showing 19 of 19)
| Version | Deps | Published |
|---|---|---|
| 5.16.1 | 0 / 11 | |
| 5.15.0 | 0 / 11 | |
| 5.13.0 | 0 / 11 | |
| 5.12.1 | 10 / 3 | |
| 5.12.0 | 10 / 3 | |
| 5.11.0 | 10 / 3 | |
| 5.10.0 | 10 / 3 | |
| 5.9.1 | 11 / 2 | |
| 5.9.0 | 11 / 2 | |
| 5.8.0 | 15 / 4 | |
| 5.7.0 | 15 / 4 | |
| 5.6.0 | 15 / 4 | |
| 5.5.0 | 15 / 4 | |
| 5.4.0 | 15 / 4 | |
| 5.3.0 | 15 / 4 | |
| 4.2.1 | 18 / 5 | |
| 4.1.2 | 18 / 5 | |
| 4.1.1 | 18 / 5 | |
| 4.1.0 | 18 / 5 |
v5.16.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.15.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.13.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.12.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.12.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.11.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.10.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.9.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.9.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.8.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.7.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.6.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.4.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.2.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.1.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.