- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Before setting up Code Security, ensure the following prerequisites are met:
type:web
) are being received by Datadog.There are two main approaches to enable Code Security on your tracing libraries: Single-Step Instrumentation and Datadog Tracing Libraries.
Run a one-line install command to install the Datadog Agent, and enable Code Security with Single-Step Instrumentation.
Add an environment variable or a new argument to your Datadog Tracing Library configuration.
By following these steps, you’ll successfully set up Code Security for your application or service, ensuring comprehensive monitoring and identification of code-level vulnerabilities at runtime.
x86_64
and arm64
architectures, and Python (support available in Preview).If you install or update a Datadog Agent with the Enable Code Security option selected, the Agent is installed and configured to enable detection of code-level vulnerabilities in your applications. This allows you to automatically instrument your application, without any additional installation or configuration steps. Restart services for this instrumentation to take effect.
The following examples show how it works on each infrastructure type.
With one command, you can install, configure, and start the Agent, while also instrumenting your services with Application Security options.
For an Ubuntu host:
Run the one-line installation command:
DD_API_KEY=<YOUR_DD_API_KEY> DD_SITE="<YOUR_DD_SITE>" DD_APM_INSTRUMENTATION_ENABLED=host DD_IAST_ENABLED=true bash -c "$(curl -L https://install.datadoghq.com/scripts/install_script_agent7.sh)"
a. Replace <YOUR_DD_API_KEY>
with your Datadog API key.
b. Replace <YOUR_DD_SITE>
with your Datadog site.
Exit your current shell session.
Start a new shell session.
Restart the services on the host or VM.
Explore the performance observability of your services in Datadog.
Note: To configure single-step for both Code Security and Threat Protection, add both the DD_IAST_ENABLED=true
and DD_APPSEC_ENABLED=true
environment variables to your one-line installation command.
By default, enabling APM on your server installs support for Java, Node.js, .NET Core, and Python services. If you only have services implemented in some of these languages, set DD_APM_INSTRUMENTATION_LIBRARIES
in your one-line installation command:
DD_APM_INSTRUMENTATION_LIBRARIES="java:1.25.0,python" DD_API_KEY=<YOUR_DD_API_KEY> DD_SITE="<YOUR_DD_SITE>" DD_APM_INSTRUMENTATION_ENABLED=host DD_IAST_ENABLED=true DD_ENV=staging bash -c "$(curl -L https://install.datadoghq.com/scripts/install_script_agent7.sh)"
You can optionally provide a version number for the tracing library by placing a colon after the language name and specifying the tracing library version. If you don’t specify a version, it defaults to the latest version. Language names are comma-separated.
Supported languages include:
java
)js
)dotnet
)python
)Note: For the Node.js tracing library, different versions of Node.js are compatible with different versions of the Node.js tracing library. See DataDog/dd-trace-js: JavaScript APM Tracer for more information.
Set DD_ENV
in your one-line installation command for Linux to automatically tag instrumented services and other telemetry that pass through the Agent with a specific environment. For example, if the Agent is installed in your staging environment, set DD_ENV=staging
to associate your observability data with staging
.
For example:
DD_API_KEY=<YOUR_DD_API_KEY> DD_SITE="<YOUR_DD_SITE>" DD_APM_INSTRUMENTATION_ENABLED=host DD_IAST_ENABLED=true DD_ENV=staging bash -c "$(curl -L https://install.datadoghq.com/scripts/install_script_agent7.sh)"
For a Docker Linux container:
Install the library injector:
DD_IAST_ENABLED=true DD_APM_INSTRUMENTATION_ENABLED=docker DD_NO_AGENT_INSTALL=true bash -c "$(curl -L https://install.datadoghq.com/scripts/install_script_agent7.sh)"
Configure the Agent in Docker:
docker run -d --name dd-agent \
-e DD_API_KEY=${YOUR_DD_API_KEY} \
-e DD_SITE=${YOUR_DD_SITE} \
-e DD_APM_ENABLED=true \
-e DD_APM_NON_LOCAL_TRAFFIC=true \
-e DD_APM_RECEIVER_SOCKET=/var/run/datadog/apm.socket \
-e DD_DOGSTATSD_SOCKET=/var/run/datadog/dsd.socket \
-v /var/run/datadog:/var/run/datadog \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v /proc/:/host/proc/:ro \
-v /sys/fs/cgroup/:/host/sys/fs/cgroup:ro \
-v /var/lib/docker/containers:/var/lib/docker/containers:ro \
gcr.io/datadoghq/agent:7
a. Replace <YOUR_DD_API_KEY>
with your Datadog API.
b. Replace <YOUR_DD_SITE>
with your Datadog site.
Restart the Docker containers.
Explore the performance observability of your services in Datadog.
By default, enabling APM on your server installs support for Java, Python, Node.js, and .NET services. If you only have services implemented in some of these languages, set DD_APM_INSTRUMENTATION_LIBRARIES
when running the installation script.
For example, to install support for only v1.25.0 of the Java tracing library and the latest Python tracing library, add the following to the installation command:
DD_APM_INSTRUMENTATION_LIBRARIES="java:1.25.0,python" DD_IAST_ENABLED=true DD_APM_INSTRUMENTATION_ENABLED=docker DD_NO_AGENT_INSTALL=true bash -c "$(curl -L https://install.datadoghq.com/scripts/install_script_agent7.sh)"
You can optionally provide a version number for the tracing library by placing a colon after the language name and specifying the tracing library version. If you don’t specify a version, it defaults to the latest version. Language names are comma-separated.
Supported languages include:
java
)js
)dotnet
)python
)Note: For the Node.js tracing library, different versions of Node.js are compatible with different versions of the Node.js tracing library. See DataDog/dd-trace-js: JavaScript APM Tracer for more information.
Set DD_ENV
in the library injector installation command for Docker to automatically tag instrumented services and other telemetry that pass through the Agent with a specific environment. For example, if the Agent is installed in your staging environment, set DD_ENV=staging
to associate your observability data with staging
.
For example:
docker run -d --name dd-agent \
-e DD_API_KEY=${YOUR_DD_API_KEY} \
-e DD_APM_ENABLED=true \
-e DD_ENV=staging \
-e DD_APM_NON_LOCAL_TRAFFIC=true \
-e DD_DOGSTATSD_NON_LOCAL_TRAFFIC=true \
-e DD_APM_RECEIVER_SOCKET=/opt/datadog/apm/inject/run/apm.socket \
-e DD_DOGSTATSD_SOCKET=/opt/datadog/apm/inject/run/dsd.socket \
-v /opt/datadog/apm:/opt/datadog/apm \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
gcr.io/datadoghq/agent:7
You can enable APM by installing the Agent with the Datadog Helm chart. This deploys the Datadog Agent across all nodes in your Linux-based Kubernetes cluster with a DaemonSet.
To enable single step instrumentation with Helm:
Add the Helm Datadog repo:
helm repo add datadog https://helm.datadoghq.com
helm repo update
Create a Kubernetes Secret to store your Datadog API key:
kubectl create secret generic datadog-secret --from-literal api-key=$DD_API_KEY
Create datadog-values.yaml
and add the following configuration:
datadog:
apiKeyExistingSecret: datadog-secret
site: <DATADOG_SITE>
apm:
instrumentation:
enabled: true
asm:
iast:
enabled: true
Replace <DATADOG_SITE>
with your Datadog site.
Run the following command:
helm install datadog-agent -f datadog-values.yaml datadog/datadog
Do a rolling restart on your applications for instrumentation to take effect.
For more information on Kubernetes single step instrumentation, see the following:
If you don’t want to collect trace data for a particular service, host, VM, or container, complete the follow steps:
Run the following commands and restart the service to stop injecting the library into the service and stop producing traces from that service.
Add the DD_INSTRUMENT_SERVICE_WITH_APM
environment variable to the service startup command:
DD_INSTRUMENT_SERVICE_WITH_APM=false <service_start_command>
Restart the service.
To disable Code Security, remove the DD_IAST_ENABLED=true
environment variable from your application configuration, and restart your service.
Add the DD_INSTRUMENT_SERVICE_WITH_APM
environment variable to the service startup command:
docker run -e DD_INSTRUMENT_SERVICE_WITH_APM=false <service_start_command>
Restart the service.
To disable Code Security, remove the DD_IAST_ENABLED=true
environment variable from your application configuration, and restart your service.
Set the admission.datadoghq.com/enabled:
label to "false"
for the pod spec:
spec:
template:
metadata:
labels:
admission.datadoghq.com/enabled: "false"
DD_IAST_ENABLED=false
environment variable to your deployments.To stop producing traces, remove library injectors and restart the infrastructure:
dd-host-install --uninstall
dd-container-install --uninstall
systemctl restart docker
Under apm:
, remove instrumentation:
and all following configuration in datadog-values.yaml
.
Under asm:
, remove iast:
and all following configuration indatadog-values.yaml
.
Run the following command:
helm upgrade datadog-agent -f datadog-values.yaml datadog/datadog
Select your application language for details on how to enable Code Security for your language and infrastructure types.