PHP Compatibility Requirements

Application Security capabilities support

The following application security capabilities are supported in the PHP library, for the specified tracer version:

Application Security capabilityMinimum PHP tracer version
Threat Detection0.84.0
Threat Protection0.86.0
Customize response to blocked requests0.86.0
Software Composition Analysis (SCA)0.90.0
Code Securitynot supported
Automatic user activity event tracking0.89.0
API Security0.98.0

The minimum tracer version to get all supported ASM capabilities for PHP is 0.98.0.

If you would like to see support added for any of the unsupported capabilities, let us know! Fill out this short form to send details.

Supported deployment types

TypeThreat Detection supportSoftware Composition Analysis
Docker
Kubernetes
Amazon ECS
AWS Fargate
AWS Lambda

Language and framework compatibility

Note: It's recommended to use officially supported versions of PHP, especially 8.0, 8.1 and 8.2.
PHP VersionSupport levelPackage version
8.3.xGeneral Availability> 0.95.0+
8.2.xGeneral Availability> 0.82.0+
8.1.xGeneral Availability> 0.66.0+
8.0.xGeneral Availability> 0.52.0+
7.4.xGeneral AvailabilityAll
7.3.xGeneral AvailabilityAll
7.2.xGeneral AvailabilityAll
7.1.xGeneral AvailabilityAll
7.0.xGeneral AvailabilityAll

Application Security capabililties for PHP support the following SAPI’s:

SAPISupport type
apache2handlerFully Supported
cliFully Supported
fpm-fcgiFully Supported
cgi-fcgiFully Supported

Supported processor architectures

Application Security capabililties for PHP support the following architectures:

Processor architecturesSupport levelPackage version
Linux GNU amd64 (x86-64-linux-gnu)GAAll
Linux MUSL amd64 (x86-64-linux-musl)GAAll
Linux GNU arm64 (aarch64-linux-gnu)GA> 0.95.0
Linux MUSL arm64 (aarch64-linux-musl)GA> 0.95.0

The Datadog PHP library supports PHP version 7.0 and above on the following architectures:

  • Linux (GNU) x86-64 and arm64
  • Alpine Linux (musl) x86-64 and arm64

The library supports the use of all PHP frameworks, and also the use of no framework.

Web framework compatibility

  • Attacker source HTTP request details
  • Tags for the HTTP request (status code, method, etc)
  • Distributed Tracing to see attack flows through your applications
Application Security Capability Notes
  • Software Composition Analysis is not supported
  • Code Security is not supported

The following frameworks aren’t directly instrumented by Application Security, but indirectly supported through runtime instrumentation.

FrameworkVersionsThreat Detection supported?Threat Protection supported?
CakePHP2.x
CodeIgniter2.x
FuelPHP1.1
Laravel4.2, 5.x, 6.x
Laravel 88.x (tracer 0.52.0+)
Lumen1.9-2.29
Magento3.8+
Neos Flow3.0.x
Phalcon3.1+
Slim3.1+
Symfony 33.1+
Symfony 43.1+
Symfony 53.1+
Wordpress3.1+
Yii3.1+
Zend3.1+
Symfony 33.1+
RoadRunner2.x

Data store compatibility

Datastore tracing provides:

  • SQL attack detection
  • query info (for example, a sanitized query string)
  • error and stacktrace capturing
Application Security Capability Notes
  • Software Composition Analysis is not supported
  • Code Security is not supported
  • Threat Protection also works at the HTTP request (input) layer, and so works for all databases by default, even those not listed in the table below.
FrameworkVersionsThreat Detection supported?Threat Protection supported?
Amazon RDSAny supported PHP
EloquentLaravel supported versions
MemcachedAny supported PHP
MySQLiAny supported PHP
PDOAny supported PHP
PHPRedis3, 4, 5
Predis1.1

User Authentication Frameworks compatibility

Integrations to User Authentication Frameworks provide:

  • User login events, including the user IDs
  • Account Takeover detection monitoring for user login events
FrameworkMinimum Framework Version
Laravel4.2
Symfony3.3
Wordpress4.8