- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Datadog Code Security identifies code-level vulnerabilities in your services and provides actionable insights and recommended fixes.
For a list of supported services, see the Library Compatibility Requirements.
Code Security uses an Interactive Application Security Testing (IAST) approach to find vulnerabilities within your application code. IAST uses instrumentation embedded in your code like application performance monitoring (APM).
Code Security also monitors your code’s interactions with other components of your stack, such as libraries and infrastructure.
IAST enables Datadog to identify vulnerabilities using legitimate application traffic instead of relying on external tests that could require extra configuration or periodic scheduling.
Code Security’s runtime application monitoring provides an up-to-date view of your attack surface that enables you to quickly identify potential issues.
The Code Security detection rules support the following languages.
Severity | Detection Rule | Java | .NET | Node.js | Python |
---|---|---|---|---|---|
Critical | NoSQL Injection | FALSE | TRUE | TRUE | FALSE |
Critical | SQL Injection | TRUE | TRUE | TRUE | TRUE |
Critical | Server-Side Request Forgery (SSRF) | TRUE | TRUE | TRUE | TRUE |
Critical | Code Injection | FALSE | FALSE | TRUE | FALSE |
Critical | Command Injection | TRUE | TRUE | TRUE | TRUE |
High | LDAP Injection | TRUE | TRUE | TRUE | FALSE |
High | Hardcoded Secrets | TRUE | TRUE | TRUE | FALSE |
High | Hardcoded Passwords | FALSE | FALSE | TRUE | FALSE |
High | Path Traversal | TRUE | TRUE | TRUE | TRUE |
High | Trust Boundary Violation | TRUE | TRUE | FALSE | FALSE |
High | Cross-Site Scripting (XSS) | TRUE | TRUE | FALSE | FALSE |
High | Untrusted Deserialization | TRUE | FALSE | FALSE | FALSE |
High | Unvalidated Redirect | TRUE | TRUE | TRUE | FALSE |
High | XPath Injection | TRUE | TRUE | FALSE | FALSE |
High | Header Injection | TRUE | TRUE | TRUE | TRUE |
High | Directory Listing Leak | TRUE | FALSE | FALSE | FALSE |
High | Default HTML Escape Invalid | TRUE | FALSE | FALSE | FALSE |
High | Verb Tampering | TRUE | FALSE | FALSE | FALSE |
Medium | No SameSite Cookie | TRUE | TRUE | TRUE | TRUE |
Medium | Insecure Cookie | TRUE | TRUE | TRUE | TRUE |
Medium | No HttpOnly Cookie | TRUE | TRUE | TRUE | TRUE |
Medium | Weak Hashing | TRUE | TRUE | TRUE | TRUE |
Medium | Weak Cipher | TRUE | TRUE | TRUE | TRUE |
Medium | Stacktrace Leak | TRUE | TRUE | FALSE | FALSE |
Medium | Reflection Injection | TRUE | TRUE | FALSE | FALSE |
Medium | Insecure Authentication Protocol | TRUE | TRUE | FALSE | FALSE |
Medium | Hardcoded Key | FALSE | TRUE | FALSE | FALSE |
Medium | Insecure JSP Layout | TRUE | FALSE | FALSE | FALSE |
Low | HSTS Header Missing | TRUE | TRUE | TRUE | FALSE |
Low | X-Content-Type-Options Header Missing | TRUE | TRUE | TRUE | FALSE |
Low | Weak Randomness | TRUE | TRUE | TRUE | TRUE |
Low | Admin Console Active | TRUE | FALSE | FALSE | FALSE |
Low | Session Timeout | TRUE | FALSE | FALSE | FALSE |
Low | Session Rewriting | TRUE | FALSE | FALSE | FALSE |
The Vulnerability Explorer uses real-time threat data to help you understand vulnerabilities endangering your system. Vulnerabilities are ordered by severity.
To triage vulnerabilities, each vulnerability contains a brief description of the issue, including:
Each vulnerability detail includes a risk score (see screenshot below) and a severity rating: critical, high, medium, or low.
The risk score is tailored to the specific runtime context, including factors such as where the vulnerability is deployed and whether the service is targeted by active attacks.
Datadog Code Security automatically provides the information teams need to identify where a vulnerability is in an application, from the affected filename down to the exact method and line number.
When the GitHub integration is enabled, Code Security shows the first impacted version of a service, the commit that introduced the vulnerability, and a snippet of the vulnerable code. This information gives teams insight into where and when a vulnerability occurred and helps to prioritize their work.
Detailed remediation steps are provided for each detected vulnerability.
Recommendations enable you to change the status of a vulnerability, assign it to a team member for review, and create a Jira issue for tracking.
Note: To create Jira issues for vulnerabilities, you must configure the Jira integration, and have the manage_integrations
permission. For detailed instructions, see the Jira integration documentation, as well as the Role Based Access Control documentation.
To enable Code Security, you can use Single Step Instrumentation or configure the Datadog Tracing Library. Detailed instructions for both methods can be found in the Security > Application Security > Settings section.
If you need additional help, contact Datadog support.
추가 유용한 문서, 링크 및 기사: