--- title: Enabling Code Security for .NET description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: >- Docs > Datadog Security > Code Security > Runtime Code Analysis (IAST) > Set up Runtime Code Analysis (IAST) > Enabling Code Security for .NET --- # Enabling Code Security for .NET {% callout %} # Important note for users on the following Datadog sites: app.ddog-gov.com {% alert level="danger" %} This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). (). {% /alert %} {% /callout %} You can detect code-level vulnerabilities and monitor application security in .NET applications running in Docker, Kubernetes, Amazon ECS, and AWS Fargate. Follow these steps to enable Code Security in your service: 1. [Update your Datadog Agent](https://docs.datadoghq.com/agent/versions/upgrade_between_agent_minor_versions.md) to at least version 7.41.1. 1. Update your Datadog Tracing Library to at least the minimum version needed to turn on Code Security. For details, see [Library Compatibility](https://docs.datadoghq.com/security/code_security/iast/setup.md) page. 1. Add the `DD_IAST_ENABLED=true` environment variable to your application configuration. For example, on Windows self-hosted, run the following PowerShell snippet as part of your application start-up script: ```sh $target=[System.EnvironmentVariableTarget]::Process [System.Environment]::SetEnvironmentVariable("DD_IAST_ENABLED","true",$target) ``` Or one of the following methods, depending on where your application runs: {% tab title="Windows-Self-Hosted" %} In a Windows console: ```sh rem Set environment variables SET DD_IAST_ENABLED=true rem Start application dotnet.exe example.dll ``` {% /tab %} {% tab title="IIS" %} Run the following PowerShell command as administrator to configure the necessary environment variables in the registry `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment` and restart IIS. ```sh $target=[System.EnvironmentVariableTarget]::Machine [System.Environment]::SetEnvironmentVariable("DD_IAST_ENABLED","true",$target) net stop was /y net start w3svc ``` {% /tab %} {% tab title="Linux" %} Add the following to your application configuration: ``` DD_IAST_ENABLED=true ``` {% /tab %} {% tab title="Docker CLI" %} Update your configuration container for APM by adding the following argument in your docker run command: ``` docker run -d --name app -e DD_IAST_ENABLED=true company/app:latest ``` {% /tab %} {% tab title="Dockerfile" %} Add the following environment variable value to your container Dockerfile: ``` ENV DD_IAST_ENABLED=true ``` {% /tab %} {% tab title="Kubernetes" %} Update your deployment configuration file for APM and add the AAP environment variable: ```yaml spec: template: spec: containers: - name: image: / env: - name: DD_IAST_ENABLED value: "true" ``` {% /tab %} {% tab title="AWS ECS" %} Update your ECS task definition JSON file, by adding this in the environment section: ```yaml "environment": [ ..., { "name": "DD_IAST_ENABLED", "value": "true" } ] ``` {% /tab %} {% tab title="AWS Fargate" %} Add the following line to your container Dockerfile: ``` ENV DD_IAST_ENABLED=true ``` {% /tab %} To see Code Security in action, browse your service and find code-level vulnerabilities in the [Vulnerability Explorer](https://docs.datadoghq.com/security/code_security/iast/setup.md). {% video url="https://docs.dd-static.net/images//security/application_security/Code-Level-Vulnerability-Details-New.mp4" /%} If you need additional assistance, contact [Datadog support][5]. ## Further Reading{% #further-reading %} - [Supported code-level vulnerabilities list](https://docs.datadoghq.com/security/code_security/iast.md#code-level-vulnerabilities-list) - [Enhance application security in production with Datadog Code Security](https://www.datadoghq.com/blog/iast-datadog-code-security/) - [Find vulnerabilities in your code with Datadog Code Security](https://www.datadoghq.com/blog/application-code-vulnerability-detection/) - [Datadog Code Security achieves 100 percent accuracy in OWASP Benchmark by using an IAST approach](https://www.datadoghq.com/blog/code-security-owasp-benchmark/) - [Troubleshooting Application Security](https://docs.datadoghq.com/security/application_security/troubleshooting.md)