You can detect code-level vulnerabilities and monitor application security in Python applicationss running in Docker, Kubernetes, Amazon ECS, and AWS Fargate.

NOTE: Code-Level Vulnerability detection in Python is currently in beta.

Follow these steps to enable Code Security in your service:

1. Update your Datadog Agent to at least version 7.41.1.

2. Update your Datadog Tracing Library to at least the minimum version needed to turn on Code Security. For details, see Library Compatibility page.

3. Add the DD_IAST_ENABLED=true environment variable to your application configuration.

   From the command line:

   DD_IAST_ENABLED=true ddtrace-run python app.py
   

   Or one of the following methods, depending on where your application runs:

docker run [...] -e DD_IAST_ENABLED=true [...]

DD_IAST_ENABLED=true

spec:
  template:
    spec:
      containers:
        - name: <CONTAINER_NAME>
          image: <CONTAINER_IMAGE>/<TAG>
          env:
            - name: DD_IAST_ENABLED
              value: "true"

"environment": [
  ...,
  {
    "name": "DD_IAST_ENABLED",
    "value": "true"
  }
]

4. Restart your service.
5. To see Code Security in action, browse your service and find code-level vulnerabilities in the Vulnerability Explorer.

If you need additional assistance, contact Datadog support.

Further Reading

Additional helpful documentation, links, and articles:

Supported code-level vulnerabilities listDOCUMENTATION Enhance application security in production with Datadog Code SecurityBLOG Find vulnerabilities in your code with Datadog Code SecurityBLOG Datadog Code Security achieves 100 percent accuracy in OWASP Benchmark by using an IAST approachBLOG Troubleshooting Application SecurityDOCUMENTATION