---
title: GuardDog
description: Gain insights into GuardDog logs.
breadcrumbs: Docs > Integrations > GuardDog
---

# GuardDog
Supported OS Integration version1.1.0   GuardDog Rules OverviewGuardDog Scan & Ecosystem Overview - 1GuardDog Scan & Ecosystem Overview - 2
## Overview{% #overview %}

[GuardDog](https://github.com/DataDog/guarddog) is a CLI tool that allows you to identify malicious PyPI and npm packages, Go modules, and GitHub actions. It runs a set of heuristics on the package source code (through Semgrep rules) and on the package metadata.

This integration monitors configured dependency files using GuardDog scans and sends the scan output to Datadog for analysis, providing visual insights through out-of-the-box dashboards and the Log Explorer. It also helps monitor and respond to security threats with ready-to-use Cloud SIEM detection rules.

**Note:**

- **Minimum Agent version:** 7.74.0

## Setup{% #setup %}

### Installation{% #installation %}

The GuardDog check is already included with the [Datadog Agent](https://app.datadoghq.com/account/settings/agent/latest) package, so no extra installation is required. You must also install the GuardDog package (see Install GuardDog under Configuration).

### Configuration{% #configuration %}

#### Install GuardDog{% #install-guarddog %}

Note: - GuardDog requires Python version 3.10 or higher. - The Datadog Agent must have access to the GuardDog executable path.

1. Install GuardDog using pip:

   ```shell
   pip3 install guarddog
   ```

1. Run this command to find the GuardDog executable path:

   ```shell
   which guarddog
   ```

This path is required for the `guarddog_path` parameter in the `guarddog.d/conf.yaml` file.

#### Log collection{% #log-collection %}

1. Collecting logs is disabled by default in the Datadog Agent. Enable it in `datadog.yaml`:

   ```yaml
   logs_enabled: true
   ```

1. Add this configuration block to your `guarddog.d/conf.yaml` file to start monitoring dependency files using GuardDog. See the sample [guarddog.d/conf.yaml](https://github.com/DataDog/integrations-core/blob/master/guarddog/datadog_checks/guarddog/data/conf.yaml.example) for available configuration options.

   ```yaml
   logs:
     - type: integration
       service: guarddog
       source: guarddog
   
   init_config:
       ## @param guarddog_path - string - required
       ## Absolute path to the GuardDog file. Example: /usr/local/bin/guarddog
       #
       guarddog_path: <ABSOLUTE_PATH_OF_GUARDDOG>
   
   instances:
       ## @param package_ecosystem - string - required
       ## The type of package ecosystem. Supported values: pypi, npm, go and github_action
       #
     - package_ecosystem: <PACKAGE_ECOSYSTEM>
       ## @param dependency_file_path - string - required
       ## Absolute path to the dependency file you want to monitor. Example: /app/requirements.txt
       #
       dependency_file_path: <DEPENDENCY_FILE_PATH>
       ## @param min_collection_interval - number - required
       ## This changes the collection interval of the check. Default value is 86400 seconds(1 day). For more information, see:
       ## https://docs.datadoghq.com/developers/write_agent_check/#collection-interval
       #
       min_collection_interval: 86400
   ```

**Note:**

   - We recommend you do not change the `service` and `source` values, as these parameters are integral to the pipeline's operation.
   - To track more than one dependency file, add additional entries under `instances`:
     ```yaml
     instances:
       - package_ecosystem: pypi
         dependency_file_path: /app/requirements.txt
         min_collection_interval: 86400
       - package_ecosystem: npm
         dependency_file_path: /app/package.json
         min_collection_interval: 86400
       - package_ecosystem: go
         dependency_file_path: /app/go.mod
         min_collection_interval: 86400
       - package_ecosystem: github_action
         dependency_file_path: /app/action.yml
         min_collection_interval: 86400
     ```

1. Ensure the **dd-agent** user has read access to all dependency files you configure and traverse permission on every parent directory in the file path.

1. [Restart the Agent](https://docs.datadoghq.com/agent/guide/agent-commands/#start-stop-and-restart-the-agent).

### Validation{% #validation %}

[Run the Agent's status subcommand](https://docs.datadoghq.com/agent/guide/agent-commands/#agent-status-and-information) and look for `guarddog` under the Checks section.

## Data Collected{% #data-collected %}

### Logs{% #logs %}

The GuardDog integration collects scan logs.

### Metrics{% #metrics %}

The GuardDog integration does not include any metrics.

### Events{% #events %}

The GuardDog integration does not include any events.

## Troubleshooting{% #troubleshooting %}

If you see a **Permission denied** error, run the following command to give the Datadog Agent permission for the GuardDog executable:

```shell
chmod o+rx /path/to/guarddog
```

If the issue persists, ensure that the parent directories in the path are accessible to the Datadog Agent. Run the following command to grant permissions to the parent directory:

```shell
chmod o+x /path/to/parent_directory
```

For any further assistance, contact [Datadog support](https://docs.datadoghq.com/help/).