This product is not supported for your selected 
Datadog site. (
).
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Code Security scans your first-party code and open source libraries used in your applications in both your repositories and running services, providing end-to-end visibility from development to production. It encompasses the following capabilities:
Code Security helps teams implement DevSecOps throughout the organization:
- Developers: early vulnerability detection, code quality improvements, faster development as developers spend less time debugging and patching.
- Security Administrators: enhanced security posture, improved patch management in response to early vulnerability alerts, and compliance monitoring.
- Site Reliability Engineers (SREs): automated security checks throughout CI/CD workflow, security compliance, and system resilience. SAST reduces manual overhead for SREs and ensures that each release is thoroughly tested for vulnerabilities.
Static Code Analysis (SAST)
Static Code Analysis (SAST) analyzes pre-production code to identify security and quality issues. You can embed best security and development practices throughout the software development lifecycle with:
- IDE integration to flag violations in real time with deterministic suggested fixes
- In-line pull request comments with deterministic suggested fixes and incremental/diff-aware scanning
- Ability to open a pull request to fix a violation directly from Datadog
Scans can run via your CI/CD pipelines or directly in Datadog with hosted scanning.
See Static Code Analysis Setup to get started.
Static Code Analysis can also scan your pull requests at scale to detect and prevent malicious code changes. This allows Datadog to not only check for known code vulnerabilities, but also detect potentially malicious intent in PRs submitted to default branches of your repositories. Request access to the Preview.
Software Composition Analysis
Software Composition Analysis (SCA) analyzes open source libraries in both your repositories and running services. You can track and manage dependencies across the software development lifecycle with:
- IDE integration to flag vulnerabilities affecting libraries running on your services
- Ability to open a pull request to fix a library vulnerability directly from Datadog
- Runtime-informed prioritization of vulnerabilities with the Datadog severity score
SCA supports both static and runtime dependency detection.
For static scanning, you can scan via your CI/CD pipelines or directly via Datadog with hosted scanning. See static setup to get started.
For runtime vulnerability detection, you can easily enable SCA on your services instrumented with Datadog APM. See runtime setup to get started.
Runtime Code Analysis (IAST)
Runtime Code Analysis (IAST) identifies code-level vulnerabilities in your running services. It relies on inspection of legitimate application traffic as opposed to external testing that often requires extra configuration or periodic scheduling. IAST provides an up-to-date view of your attack surface area by:
- Monitoring your code’s interactions with other components of your stack (such as libraries and infrastructure)
- Providing 100% coverage of the OWASP Top 10
- Runtime-informed prioritization of vulnerabilities with the Datadog severity score
You can enable IAST on your services instrumented with Datadog APM. See IAST setup to get started.
Secret Scanning
Secret Scanning identifies and validates leaked secrets in your codebase. Request access to the Preview.
Supply Chain Security
Developers are being actively targeted with supply chain attacks. Prevent malicious packages to enter your dev environments with Datadog Supply Chain Security Firewall, which is available in GitHub. Request access to the Preview.
Further Reading