Application security from code to runtime

It's extremely powerful to immediately see which services are vulnerable, the time since detection, and how to fix the vulnerabilities. It makes it much easier to investigate and remediate issues across all vulnerable services.

Henri Cour

SRE, Continental Digital Services France.

Feature Overview

For development, operations, and security teams overwhelmed by a growing backlog of reported security vulnerabilities, Datadog Code Security delivers runtime-based prioritization of vulnerabilities with a platform approach to remediation. A unified, end-to-end solution allows teams to focus on fixing vulnerabilities that matter, with clear visibility into remediation progress across the software development lifecycle.

Find and fix code vulnerabilities whenever they appear with Static Code Analysis

Integrate Static Application Security Testing (SAST) with any CI platform provider of your choice or perform scans directly with Datadog to ensure code security and quality are baked in from the beginning
Apply suggested code fixes from inline pull request comments during code review to embed security into development workflows
Detect and fix vulnerabilities as code is being written with real-time feedback and remediation within your IDE

Secure your software supply chain and open source libraries from development to production with Software Composition Analysis (SCA)

Track vulnerable open source library usage in both your repositories and your services with static and runtime analysis in a single offering
Prioritize open source library vulnerabilities with the Datadog Severity Score, which factors in environment, CVSS, and real-time threat activity
Select the best library update for your code with recommended upgrade options

Detect and fix issues faster in runtime and production code with observability context from Runtime Code Analysis

Eliminate false positives with an Interactive Application Security Testing (IAST) approach that achieves a 100% OWASP Benchmark score—plus over 20 security checks beyond OWASP
Improve the signal-to-noise ratio in your security backlogs with the Datadog Severity Score, which factors in environment, CVSS, and real-time threat activity
Maintain an accurate, up-to-date view of your attack surface by monitoring data flow through runtime code execution paths

Collaborate using shared views across development, operations, and security teams on a unified platform

Scope remediation responsibility down to individual teams via service-to-code correlation
Triage next steps with remediation owners via status management and suggested fixes
Group and filter vulnerabilities by service, team, and repository for comprehensive remediation tracking