---
title: Setting up Cloud Security on Kubernetes
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > Cloud Security > Setting up Cloud Security >
  Deploying Cloud Security on the Agent > Setting up Cloud Security on
  Kubernetes
---

# Setting up Cloud Security on Kubernetes

Use the following instructions to enable Misconfigurations and Vulnerability Management.

{% alert level="info" %}
Collecting events using Cloud Security affects your billing. For more information, see [Datadog Pricing](https://www.datadoghq.com/pricing/?product=cloud-security-management#products).
{% /alert %}

## Prerequisites{% #prerequisites %}

- Latest Datadog Agent version. For installation instructions, see [Getting Started with the Agent](https://docs.datadoghq.com/getting_started/agent) or install the Agent from the [Datadog UI](https://app.datadoghq.com/account/settings/agent/latest).

**Note**: SBOM collection is not compatible with the image streaming feature in Google Kubernetes Engine (GKE). To disable it, see the [Disable Image streaming](https://cloud.google.com/kubernetes-engine/docs/how-to/image-streaming#disable) section of the GKE docs.

## Installation{% #installation %}

{% tab title="Datadog Operator" %}

1. Add the following to the `spec` section of the `datadog-agent.yaml` file:

   ```yaml
   # datadog-agent.yaml file
   apiVersion: datadoghq.com/v2alpha1
   kind: DatadogAgent
   metadata:
     name: datadog
   spec:
     features:
       # Enables Misconfigurations
       cspm:
         enabled: true
         hostBenchmarks:
           enabled: true
   
       # Enables Software Bill of Materials (SBOM) collection
       sbom:
         enabled: true
   
         # Enables Container Vulnerability Management
         containerImage:
           enabled: true
   
         # Enables Host Vulnerability Management
         host:
           enabled: true
   ```

1. Apply the changes and restart the Agent.

{% /tab %}

{% tab title="Helm" %}

1. Add the following to the `datadog` section of the `datadog-values.yaml` file:

   ```yaml
   # datadog-values.yaml file
   datadog:
     securityAgent:
       # Enables Misconfigurations
       compliance:
         enabled: true
         host_benchmarks:
           enabled: true
   
     # Enables Software Bill of Materials (SBOM) collection
     sbom:
       # Enables Container Vulnerability Management
       containerImage:
         enabled: true
   
       # Enables Host Vulnerability Management
       host:
         enabled: true
   ```

1. Restart the Agent.

{% /tab %}