--- title: Setting up Cloud Security on Kubernetes description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: >- Docs > Datadog Security > Cloud Security > Setting up Cloud Security > Deploying Cloud Security on the Agent > Setting up Cloud Security on Kubernetes --- # Setting up Cloud Security on Kubernetes Use the following instructions to enable Misconfigurations and Vulnerability Management. {% alert level="info" %} Collecting events using Cloud Security affects your billing. For more information, see [Datadog Pricing](https://www.datadoghq.com/pricing/?product=cloud-security-management#products). {% /alert %} ## Prerequisites{% #prerequisites %} - Latest Datadog Agent version. For installation instructions, see [Getting Started with the Agent](https://docs.datadoghq.com/getting_started/agent.md) or install the Agent from the [Datadog UI](https://app.datadoghq.com/account/settings/agent/latest). **Note**: SBOM collection is not compatible with the image streaming feature in Google Kubernetes Engine (GKE). To disable it, see the [Disable Image streaming](https://cloud.google.com/kubernetes-engine/docs/how-to/image-streaming#disable) section of the GKE docs. ## Installation{% #installation %} {% tab title="Datadog Operator" %} 1. Add the following to the `spec` section of the `datadog-agent.yaml` file: ```yaml # datadog-agent.yaml file apiVersion: datadoghq.com/v2alpha1 kind: DatadogAgent metadata: name: datadog spec: features: # Enables Misconfigurations cspm: enabled: true hostBenchmarks: enabled: true # Enables Software Bill of Materials (SBOM) collection sbom: enabled: true # Enables Container Vulnerability Management containerImage: enabled: true # Enables scanning of application libraries in addition to OS packages (Agent 7.70+) analyzers: ["os", "languages"] # Enables Host Vulnerability Management host: enabled: true # Enables scanning of application libraries in addition to OS packages (Agent 7.70+) analyzers: ["os", "languages"] # Enables runtime package prioritization (Preview, Agent 7.79+) # See Runtime Package Tracking section below. enrichment: usage: enabled: true ``` 1. Apply the changes and restart the Agent. {% /tab %} {% tab title="Helm" %} 1. Add the following to the `datadog` section of the `datadog-values.yaml` file: ```yaml # datadog-values.yaml file datadog: securityAgent: # Enables Misconfigurations compliance: enabled: true host_benchmarks: enabled: true # Enables Software Bill of Materials (SBOM) collection sbom: # Enables Container Vulnerability Management containerImage: enabled: true # Enables scanning of application libraries in addition to OS packages (Agent 7.70+) analyzers: ["os", "languages"] # Enables Host Vulnerability Management host: enabled: true # Enables scanning of application libraries in addition to OS packages (Agent 7.70+) analyzers: ["os", "languages"] # Enables runtime package prioritization (Preview, Agent 7.79+) # See Runtime Package Tracking section below. enrichment: usage: enabled: true ``` 1. Restart the Agent. {% /tab %} **Note**: `enrichment.usage.enabled: true` is in Preview and requires Datadog Agent **7.79.0 or later**. From 7.79.0, runtime package tracking runs independently of [Workload Protection](https://docs.datadoghq.com/security/workload_protection.md) and does not affect its usage. See the Runtime Package Tracking section for more details. **Note**: The `languages` analyzer requires Datadog Agent **7.70 or later**. When enabled, it detects vulnerabilities in application libraries managed by the package managers below, in addition to OS packages. When the `analyzers` field is omitted, Datadog only scans OS packages for container images. ### Supported application library package managers{% #supported-application-library-package-managers %} The `languages` analyzer covers the following package ecosystems: | Ecosystem | Package manager/format | | ------------------- | ------------------------------------------------------------------------------- | | Ruby | Bundler, GemSpec | | Rust | Cargo, Rust binary | | PHP | Composer | | Java | Jar, Maven (pom.xml), Gradle lock, Sbt lock | | JavaScript | npm (package-lock.json), Yarn, pnpm, Node package | | .NET | NuGet, .NET Core, PackagesProps | | Python | Python package (egg), pip, Pipenv, Poetry, uv, Conda package, Conda environment | | Go | Go binary, Go modules | | C/C++ | Conan lock | | Swift / Objective-C | CocoaPods, Swift | | Dart | PubSpec lock | | Elixir | Mix lock | | Julia | Julia | ## Runtime Package Tracking (Preview){% #runtime-package-tracking-preview %} Runtime package tracking enriches each vulnerability finding with real-time signals from the running environment. When enabled, the Agent uses eBPF to monitor file access at runtime and records how packages are actually used by running processes. Each vulnerability finding is enriched with the following signals: | Signal | Description | | ------------------------ | ------------------------------------------------------------------------------------------- | | Package is running | The package files are actively being accessed by running processes. | | Accessed by root process | The package is being accessed by a process running as root (UID 0). | | SUID binary present | The package contains a binary with the SUID bit set, which can enable privilege escalation. | These signals power vulnerability prioritization in Cloud Security, surfacing findings where vulnerable code is confirmed running in production. **Requirements**: - Datadog Agent **7.79.0 or later** - Linux only (eBPF dependency) **Note**: Use Datadog Agent **7.79.0 or later**. Earlier Agent versions enable this feature through [Workload Protection](https://docs.datadoghq.com/security/workload_protection.md) and can affect its usage. From 7.79.0, runtime package tracking runs independently and does not affect its usage. {% tab title="Datadog Operator" %} Add the `enrichment` block to the `sbom` section of your `datadog-agent.yaml` file: ```yaml spec: features: sbom: enabled: true containerImage: enabled: true # Enables runtime package prioritization (Preview, Agent 7.79+) enrichment: usage: enabled: true ``` Apply the changes and restart the Agent. {% /tab %} {% tab title="Helm" %} Add the `enrichment` block to the `sbom` section of your `datadog-values.yaml` file: ```yaml datadog: sbom: containerImage: enabled: true # Enables runtime package prioritization (Preview, Agent 7.79+) enrichment: usage: enabled: true ``` Restart the Agent. {% /tab %}