From 78947ac7410154c8dd704a2246d0d5f5657d1f75 Mon Sep 17 00:00:00 2001
From: Daniel Mohedano <daniel.mohedano@datadoghq.com>
Date: Mon, 11 May 2026 10:50:58 +0200
Subject: [PATCH] security: use datadog-ci CLI installer and pin version

---
 .github/workflows/analyze-changes.yaml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/analyze-changes.yaml b/.github/workflows/analyze-changes.yaml
index 526832b607b..f62e8d789ee 100644
--- a/.github/workflows/analyze-changes.yaml
+++ b/.github/workflows/analyze-changes.yaml
@@ -107,11 +107,12 @@ jobs:
         with:
           sarif_file: 'trivy-results.sarif'
 
+      - name: Install datadog-ci
+        uses: DataDog/install-datadog-ci-github-action@6d7f0c7c5402a4b1912055b76970ca76bef71fe5 # v1.0.4
+        with:
+          version: v5.16.1
       - name: Upload results to Datadog CI Static Analysis
-        run: |
-          wget --no-verbose https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64 -O datadog-ci
-          chmod +x datadog-ci
-          ./datadog-ci sarif upload trivy-results.sarif --service dd-trace-java --env ci
+        run: datadog-ci sarif upload trivy-results.sarif --service dd-trace-java --env ci
         env:
           DD_API_KEY: ${{ secrets.DATADOG_API_KEY_PROD }}
           DD_SITE: datadoghq.com