--- title: Enabling Code Security for Python description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: >- Docs > Datadog Security > Code Security > Runtime Code Analysis (IAST) > Set up Runtime Code Analysis (IAST) > Enabling Code Security for Python --- # Enabling Code Security for Python {% callout %} # Important note for users on the following Datadog sites: app.ddog-gov.com {% alert level="danger" %} This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site). (). {% /alert %} {% /callout %} You can detect code-level vulnerabilities and monitor application security in Python applications running in Docker, Kubernetes, Amazon ECS, and AWS Fargate. NOTE: Code-Level Vulnerability detection in Python is in Preview. Follow these steps to enable Code Security in your service: 1. [Update your Datadog Agent](https://docs.datadoghq.com/agent/versions/upgrade_between_agent_minor_versions/) to at least version 7.41.1. 1. Update your Datadog Tracing Library to at least the minimum version needed to turn on Code Security. For details, see [Library Compatibility](https://docs.datadoghq.com/security/code_security/iast/setup/) page. 1. Add the `DD_IAST_ENABLED=true` environment variable to your application configuration. From the command line: ```shell DD_IAST_ENABLED=true ddtrace-run python app.py ``` Or one of the following methods, depending on where your application runs: {% tab title="Docker CLI" %} Update your configuration container for APM by adding the following argument in your `docker run` command: ```shell docker run [...] -e DD_IAST_ENABLED=true [...] ``` {% /tab %} {% tab title="Dockerfile" %} Add the following environment variable value to your container Dockerfile: ```Dockerfile DD_IAST_ENABLED=true ``` {% /tab %} {% tab title="Kubernetes" %} Update your deployment configuration file for APM and add the IAST environment variable: ```yaml spec: template: spec: containers: - name: image: / env: - name: DD_IAST_ENABLED value: "true" ``` {% /tab %} {% tab title="Amazon ECS" %} Update your ECS task definition JSON file, by adding this in the environment section: ```json "environment": [ ..., { "name": "DD_IAST_ENABLED", "value": "true" } ] ``` {% /tab %} Restart your service.To see Code Security in action, browse your service and find code-level vulnerabilities in the [Vulnerability Explorer](https://app.datadoghq.com/security/appsec/vm/code). {% video url="https://datadog-docs.imgix.net/images//security/application_security/Code-Level-Vulnerability-Details-New.mp4" /%} If you need additional assistance, contact [Datadog support](https://docs.datadoghq.com/help). ### Third-Party Library Compatibility Note{% #third-party-library-compatibility-note %} Code Security modifies Python code at runtime. This could cause conflicts with other third-party Python libraries that perform similar code transformations, particularly with the following, though not limited to them: - Numba - JAX - TorchScript - TensorFlow - Bytecode - Codetransformer - PyPy Additionally, Code Security does not correctly propagate taint ranges over native (compiled) code. Therefore, if your codebase heavily relies on modules written in C or C++, using the CPython API, or on intermediate language systems like Cython, the results might be less accurate than expected. ## Further Reading{% #further-reading %} - [Enhance application security in production with Datadog Code Security](https://www.datadoghq.com/blog/iast-datadog-code-security/) - [Find vulnerabilities in your code with Datadog Code Security](https://www.datadoghq.com/blog/application-code-vulnerability-detection/) - [Datadog Code Security achieves 100 percent accuracy in OWASP Benchmark by using an IAST approach](https://www.datadoghq.com/blog/code-security-owasp-benchmark/) - [Troubleshooting Application Security](https://docs.datadoghq.com/security/application_security/troubleshooting)