CSM Vulnerabilities Hosts and Containers Compatibility
Operating systems
Cloud Security Management Vulnerabilities supports vulnerability scanning for hosts and containers running the following operating system versions:
| Operating System | Supported Versions | Package Managers / Source | Agentless support | Agent support |
|---|
| Alpine Linux | 2.2-2.7, 3.0-3.19 (edge is not supported) | apk | | |
| Wolfi Linux | N/A | apk | | |
| Chainguard | N/A | apk | | |
| Red Hat Enterprise Linux | 6, 7, 8 | dnf/yum/rpm | | |
| CentOS | 6, 7, 8 | dnf/yum/rpm | | |
| AlmaLinux | 8, 9 | dnf/yum/rpm | | |
| Rocky Linux | 8, 9 | dnf/yum/rpm | | |
| Oracle Linux | 5, 6, 7, 8 | dnf/yum/rpm | | |
| CBL-Mariner | 1.0, 2.0 | dnf/yum/rpm | | |
| Amazon Linux | 1, 2, 2023 | dnf/yum/rpm | | |
| openSUSE Leap | 42, 15 | zypper/rpm | | |
| SUSE Enterprise Linux | 11, 12, 15 | zypper/rpm | | |
| Photon OS | 1.0, 2.0, 3.0, 4.0 | tndf/yum/rpm | | |
| Debian GNU/Linux | 7, 8, 9, 10, 11, 12 (unstable/sid is not supported) | apt/dpkg | | |
| Ubuntu | All versions supported by Canonical | apt/dpkg | | |
| Windows | Windows Server 2016/2019/2022, Windows 10 and later | Windows OS | | |
Datadog detects vulnerabilities in Windows by identifying the Windows version and installed security knowledge base (KB) updates to address vulnerabilities associated with that version. However, some KB updates are cumulative and contain other KB updates, which might cause Datadog to misidentify which updates have been installed.
Datadog can’t track vulnerability fixes that Windows applies outside of KB updates.
Datadog can’t track vulnerabilities associated with third-party software.
Application libraries
Cloud Security Management Vulnerabilities supports vulnerability scanning for the following application languages and libraries on containers and Lambda instances:
| Language | Supported Package Manager | Supported Files | Agentless support | Agent support |
|---|
| Ruby | bundler | Gemfile.lock, gemspec | | |
| .NET | nuget | packages.lock.json, packages.config, .deps.json, *packages.props | | |
| Go | mod | Binaries built by Go, go.mod | | |
| Java | Gradle, Maven | pom.xml, *gradle.lockfile, JAR/WAR/PAR/EAR (with pom.properties) | | |
| Node.js | npm, pnpm, yarn | package-lock.json, yarn.lock, pnpm-lock.yaml, package.json | | |
| PHP | composer | composer.lock | | |
| Python | pip, poetry | pipfile.lock, poetry.lock, egg package, wheel package, conda package | | |
Note: For Agent-based vulnerability management in application libraries, see Software Composition Analysis.
