[K9VULN-5717] Add steps for SCA (#29937)

rjcoulter22 · joepeeples · web-flow · commit 210dccec3eba · 2025-06-13T12:59:35.000-04:00
* Add steps for SCA

* Update content/en/security/code_security/dev_tool_int/github_pull_requests/_index.md

Co-authored-by: Joe Peeples &lt;joe.peeples@datadoghq.com&gt;

* Update content/en/security/code_security/dev_tool_int/github_pull_requests/_index.md

Co-authored-by: Joe Peeples &lt;joe.peeples@datadoghq.com&gt;

---------

Co-authored-by: Joe Peeples &lt;joe.peeples@datadoghq.com&gt;
diff --git a/content/en/security/code_security/dev_tool_int/github_pull_requests/_index.md b/content/en/security/code_security/dev_tool_int/github_pull_requests/_index.md
@@ -68,10 +68,11 @@ Configure PR comment settings globally for all repositories or tailor them indiv
 To configure PR comments for all repositories:
 
 1. In Datadog, navigate to [**Security** > **Code Security** > **Settings**][7].
-1. In **Repository Settings**, click **Global PR Comment Configuration**. 
+1. In **Repository Settings**, click **Global PR Comment Configuration**.
 1. Configure the settings:
     - **Enable PR comments for all scan types and severities**: Enable this to apply PR comments across all types and severities.
     - **Enable for Static Analysis (SAST)**: Toggle this option to enable PR comments for SAST. If enabled, specify a minimum severity threshold. Additionally, select **Exclude PR comments if violations are detected in test files** to prevent comments on issues found in test files.
+    - **Enable for Software Composition Analysis (SCA)**: Toggle this option to enable PR comments for SCA. If enabled, specify a minimum severity threshold. Additionally, select **Exclude PR comments if violations are detected in test or dev dependencies** to prevent comments on issues found in dependencies existing only in development or test environments.
     - **Enable for Infrastructure-as-Code (IaC)**: Toggle this option to enable PR comments for IaC. If enabled, specify a minimum severity threshold.
 1. Click **Save**.
 
@@ -82,6 +83,7 @@ To configure PR comments for a single repository:
 1. Configure the settings:
     - **Enable PR comments for all scan types and severities**: Enable this to apply PR comments across all types and severities.
     - **Enable for Static Analysis (SAST)**: Toggle this option to enable PR comments for SAST. If enabled, specify a minimum severity threshold. Additionally, select **Exclude PR comments if violations are detected in test files** to prevent comments on issues found in test files.
+    - **Enable for Software Composition Analysis (SCA)**: Toggle this option to enable PR comments for SCA. If enabled, specify a minimum severity threshold. Additionally, select **Exclude PR comments if violations are detected in test or dev dependencies** to prevent comments on issues found in dependencies existing only in development or test environments.
     - **Enable for Infrastructure-as-Code (IaC)**: Toggle this option to enable PR comments for IaC. If enabled, specify a minimum severity threshold.
     - **Block all comments in this repository**: Enable this to disable all comments for this repository, overriding global settings.
 1. Click **Save Configuration**.
