- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Datadog Software Composition Analysis (SCA) helps you leverage open source with confidence. The capabilities of SCA include vulnerability detection, business risk (library inventory and licensing information), and quality evaluation of the open source libraries in your services.
What makes Datadog SCA unique is its end-to-end coverage of your software development lifecycle: from the code that your developers commit, to the production applications already running in your Datadog deployment.
Datadog SCA uses a curated proprietary database. The database is sourced from Open Source Vulnerabilities (OSV), National Vulnerability Database (NVD), GitHub advisories, and other language ecosystem advisories. Additionally, the Datadog Security research team evaluates vulnerabilities and malware findings. For more information, see the GuardDog GitHub project.
Check the ASM Compatibility for each ASM product to see if your service is supported.
The Datadog SCA Library Inventory helps you understand the list of libraries and its versions that compose your application. To access the Library Explorer, navigate to Security > Application Security > Catalog > Libraries.
With Datadog SCA spanning your software development lifecycle from code to production, it detects libraries throughout the lifecycle of an application and alerts you to vulnerabilities, risks, licenses, and more.
The Vulnerability Explorer shows a complete list of the open source libraries detected by Datadog SCA and reports security vulnerabilities associated with them.
Datadog SCA leverages two techniques to analyze your services:
Combining both techniques monitors open source libraries end-to-end, from the code repository commit (static point of view), to the applications running in production (runtime point of view).
To switch to the code repository commit point of view, select Static. The static view shows vulnerabilities from the source code in your repositories.
To switch to the real-time point of view for the applications already running, select Runtime. The runtime view is the live view of the services monitored by Datadog.
Select a specific vulnerability to see its details, including the affected services, severity breakdown score, and recommended remediation steps.
On the Details Explorer for a vulnerability, you can view impacted infrastructure. This view gives you better insights to your overall attack exposure.
Each vulnerability has a defined base severity score. To assist in prioritizing remediation, Datadog modifies the base CVSS score into the Datadog Severity Score by considering evidence of suspicious requests or attacks, the business sensitivity or internet exposure of the environment, and the risk of a successful exploit.
Four score modifiers may apply to a base score. Two are provided by runtime context:
Two are provided by CVE context:
Datadog shows how the base CVSS score is adjusted to the Datadog Severity Score based on the factors above.
See Getting Started with Software Composition Analysis for more information on the adjusted vulnerability score.
The Vulnerability Explorer offers remediation recommendations for detected vulnerabilities. Recommendations enable you to change the status of a vulnerability, assign it to a team member for review, and create a Jira issue for tracking. They also include a collection of links and references to websites or information sources to help you understand the context behind each vulnerability.
Note: To create Jira issues for SCA vulnerabilities, you must configure the Jira integration, and have the manage_integrations
permission. For detailed instructions, see the Jira integration documentation, as well as the Role Based Access Control documentation.
Software Composition Analysis (SCA) contains additional capabilities to allow you to scan for vulnerabilities in your CI pipelines by using Code Analysis. With SCA for Code Analysis, you can identify vulnerable open source libraries that have been imported into your codebase.
To configure vulnerabilities in your CI pipelines, navigate to Security -> Application Security -> Settings.
In Software Composition Analysis (SCA), click Get Started to enable Software Composition Analysis, and select your repositories and services.
See Getting Started with Software Composition Analysis for more detailed instructions.
Software Composition Analysis enriches the information APM is already collecting, and flags libraries that match with current vulnerability advisories. Potentially vulnerable services are highlighted directly in the Security view embedded in the APM Service Catalog.
For information on disabling Software Composition Analysis, see Disabling Software Composition Analysis.
추가 유용한 문서, 링크 및 기사: