Skip to content

docs(sca): add SCA developer reference docs#11455

Draft
jandro996 wants to merge 2 commits into
masterfrom
alejandro.gonzalez/docs-sca
Draft

docs(sca): add SCA developer reference docs#11455
jandro996 wants to merge 2 commits into
masterfrom
alejandro.gonzalez/docs-sca

Conversation

@jandro996
Copy link
Copy Markdown
Member

@jandro996 jandro996 commented May 25, 2026

Summary

  • Adds docs/sca/gradle-setup.md: canonical WriteProperties Gradle pattern for embedding pom.properties in JARs so DependencyResolver reports the artifact in SCA telemetry. Covers sourcesJar dependency, srcDirs plural, deferred version via providers.provider {}, and fileTree.builtBy() ordering.
  • Adds docs/sca/reachability.md: architecture constraints for SCA Reachability -- three-condition gate, ClassFileTransformer contract, dual periodic-action model and the duplicate-per-heartbeat invariant, version matching with ComparableVersion, class-level vs method-level symbol risk, and hard constraints (no java.nio.* in premain, no blocking I/O in transform(), etc.).
  • Adds docs/sca/AGENTS.md as index.
  • Updates top-level AGENTS.md with SCA entry.

No functional code changes.

Test plan

  • Docs-only PR - no tests required

@datadog-official

This comment has been minimized.

Sign in to view
@jandro996
docs(sca): add SCA developer reference docs
3a07186 
Adds docs/sca/ with two reference documents: gradle-setup.md covering the
WriteProperties pattern for embedding pom.properties in JARs, and
reachability.md covering ClassFileTransformer invariants, the three-condition
gate, version matching with ComparableVersion, and the dual periodic-action
telemetry model.
@jandro996 jandro996 force-pushed the alejandro.gonzalez/docs-sca branch from b97a646 to 3a07186 Compare May 25, 2026 12:09
@dd-octo-sts
Copy link
Copy Markdown
Contributor

dd-octo-sts Bot commented May 25, 2026
edited
Loading

🟢 Java Benchmark SLOs — All performance SLOs passed

Suite Status
Startup 🟢 pass

SLO thresholds are defined here based on automatically generated metrics. A warning is raised when results are within 5% of the threshold.

PR vs. master results

Startup Time

Scenario This PR master Change
insecure-bank / iast 13,960 ms 13,948 ms +0.1%
insecure-bank / tracing 12,907 ms 12,997 ms -0.7%
petclinic / appsec 16,444 ms 16,395 ms +0.3%
petclinic / iast 16,567 ms 16,590 ms -0.1%
petclinic / profiling 15,392 ms 16,416 ms -6.2%
petclinic / tracing 15,737 ms 15,959 ms -1.4%

Commit: 67eb4b43 · CI Pipeline · Benchmarking Platform UI

Load and DaCapo benchmarks can be triggered manually in the GitLab pipeline. Results will appear in the Benchmarking Platform UI after completion.

@jandro996
docs(sca): remove reachability.md based on unmerged PR #11352
67eb4b4 
SCA Reachability content will be added once PR #11352 is merged.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jandro996