Enabling Software Composition Analysis using Datadog tracing libraries

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

You can use Datadog Software Composition Analysis (SCA) to monitor the open source libraries in your apps.

SCA is configured by setting the -Ddd.appsec.sca.enabled flag or the DD_APPSEC_SCA_ENABLED environment variable to true in supported languages:

  • Java
  • .NET
  • Go
  • Ruby
  • PHP
  • Node.js
  • Python

This topic explains how to set up SCA using a Java example.

Example: enabling Software Composition Analysis in Java

  1. Update your Datadog Java library to at least version 0.94.0 (at least version 1.1.4 for Software Composition Analysis detection features):

      wget -O dd-java-agent.jar 'https://dtdg.co/latest-java-tracer'

      curl -Lo dd-java-agent.jar 'https://dtdg.co/latest-java-tracer'

      ADD 'https://dtdg.co/latest-java-tracer' dd-java-agent.jar
      To check that your service’s language and framework versions are supported for ASM capabilities, see Compatibility.

    • Run your Java application with SCA enabled. From the command line:

      java -javaagent:/path/to/dd-java-agent.jar -Ddd.appsec.sca.enabled=true -Ddd.service=<MY SERVICE> -Ddd.env=<MY_ENV> -jar path/to/app.jar

      Or one of the following methods, depending on where your application runs:

      Note: Read-only file systems are not supported at this time. The application must have access to a writable /tmp directory.

        Update your configuration container for APM by adding the following argument in your docker run command:

        docker run [...] -e DD_APPSEC_SCA_ENABLED=true [...]

        Add the following environment variable value to your container Dockerfile:

        ENV DD_APPSEC_SCA_ENABLED=true

        Update your deployment configuration file for APM and add the SCA environment variable:

        spec:
  template:
    spec:
      containers:
        - name: <CONTAINER_NAME>
          image: <CONTAINER_IMAGE>/<TAG>
          env:
            - name: DD_APPSEC_SCA_ENABLED
              value: "true"

        Update your ECS task definition JSON file, by adding this in the environment section:

        "environment": [
  ...,
  {
    "name": "DD_APPSEC_SCA_ENABLED",
    "value": "true"
  }
]

        Set the -Ddd.appsec.sca.enabled flag or the DD_APPSEC_SCA_ENABLED environment variable to true in your service invocation:

        java -javaagent:dd-java-agent.jar \
     -Ddd.appsec.sca.enabled=true \
     -jar <YOUR_SERVICE>.jar \
     <YOUR_SERVICE_FLAGS>