--- title: Enabling Code Security for Java description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: >- Docs > Datadog Security > Code Security > Runtime Code Analysis (IAST) > Set up Runtime Code Analysis (IAST) > Enabling Code Security for Java --- # Enabling Code Security for Java {% callout %} # Important note for users on the following Datadog sites: app.ddog-gov.com {% alert level="danger" %} This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site). (). {% /alert %} {% /callout %} You can detect code-level vulnerabilities and monitor application security in Java applications running in Docker, Kubernetes, Amazon ECS, and AWS Fargate. Follow these steps to enable Code Security in your service: 1. [Update your Datadog Agent](https://docs.datadoghq.com/agent/versions/upgrade_between_agent_minor_versions/) to at least version 7.41.1. 1. Update your Datadog Tracing Library to at least the minimum version needed to turn on Code Security. For details, see [Library Compatibility](https://docs.datadoghq.com/security/code_security/iast/setup/) page. 1. Add the `DD_IAST_ENABLED=true` environment variable to your application configuration. From the command line: ```shell java -javaagent:/path/to/dd-java-agent.jar -Ddd.iast.enabled=true -Ddd.service= -Ddd.env= -jar path/to/app.jar ``` Or one of the following methods, depending on where your application runs: **Note**: Read-only file systems are not supported. The application must have access to a writable `/tmp` directory. {% tab title="Docker CLI" %} Update your configuration container for APM by adding the following argument in your `docker run` command: ```shell docker run [...] -e DD_IAST_ENABLED=true [...] ``` {% /tab %} {% tab title="Dockerfile" %} Add the following environment variable value to your container Dockerfile: ```Dockerfile DD_IAST_ENABLED=true ``` {% /tab %} {% tab title="Kubernetes" %} Update your deployment configuration file for APM and add the IAST environment variable: ```yaml spec: template: spec: containers: - name: image: / env: - name: DD_IAST_ENABLED value: "true" ``` {% /tab %} {% tab title="Amazon ECS" %} Update your ECS task definition JSON file, by adding this in the environment section: ```json "environment": [ ..., { "name": "DD_IAST_ENABLED", "value": "true" } ] ``` {% /tab %} 1. Restart your service. 1. To see Code Security in action, browse your service and find code-level vulnerabilities in the [Vulnerability Explorer](https://app.datadoghq.com/security/appsec/vm). {% video url="https://datadog-docs.imgix.net/images//security/application_security/Code-Level-Vulnerability-Details-New.mp4" /%} If you need additional assistance, contact [Datadog support](https://docs.datadoghq.com/help). ## Further Reading{% #further-reading %} - [Supported code-level vulnerabilities list](https://docs.datadoghq.com/security/code_security/iast/#code-level-vulnerabilities-list) - [Enhance application security in production with Datadog Code Security](https://www.datadoghq.com/blog/iast-datadog-code-security/) - [Find vulnerabilities in your code with Datadog Code Security](https://www.datadoghq.com/blog/application-code-vulnerability-detection/) - [Datadog Code Security achieves 100 percent accuracy in OWASP Benchmark by using an IAST approach](https://www.datadoghq.com/blog/code-security-owasp-benchmark/) - [Troubleshooting Application Security](https://docs.datadoghq.com/security/application_security/troubleshooting)