ASM Risk Management offers built-in detection capabilities that warn you about the vulnerabilities detected in your services’ open source dependencies. Details of that information are shown in the Vulnerability Explorer, identifying the severity, affected services, potentially vulnerable infrastructure, and remediation instructions to solve the surfaced risks.
Risk Management is available with the following APM tracing libraries:
| Language | Minimum Datadog Tracing Library Version |
|---|---|
| Java | 1.1.4 |
| .NET | 2.16.0 |
| NodeJS | 2.23.0 for NodeJS 12+, or 3.10.0 for NodeJS 14+ |
| Python | 1.5.0 |
Join the beta! If you already use Application security, enroll from the Application Security home page. If you’re new to Application Security, visit the Application Security landing page for an overview and to get started.
Alternatively, when you view a service details page in APM, the Security tab also provides an Enable ASM link where you can join the Risk Management beta.
The Vulnerability Explorer shows a complete list of vulnerabilities detected by ASM Risk Management, ordering the vulnerabilities based on their severity, and offering filtering capabilities so you can investigate and prioritize problems. It also shows the number of affected libraries, the language of the affected library, and the last time that vulnerability was detected.
Select a specific vulnerability to see its details, including which services are affected. From here you can explore what containers and infrastructure are potentially affected by the vulnerability, so you know more about the extent of a risk. This provides valuable information for prioritizing remediation tasks.
The explorer also offers remediation recommendations for detected vulnerabilities and shows a collection of links and references to websites or information sources that help you understand the context behind each vulnerability.
Risk management detects the open source libraries used by your application at runtime, and reports security vulnerabilities associated with them. In order to do it, Risk Management combines various public open source software known vulnerability data sources along with data obtained by Datadog security research team.
Risk Management can find issues in your services’ custom code, the proprietary code that implements the business logic of your application from scratch, in addition to open source and third party libraries.
The custom code vulnerabilities it can find include:
Risk Management uses the information APM is already collecting, and flags libraries that match with current vulnerability advisories. Potentially vulnerable services are highlighted directly in the security views embedded in the APM Service Catalog.
Additional helpful documentation, links, and articles:
