IaC Scanning

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.
Join the Preview!

Static Infrastructure as Code (IaC) scanning is in Preview. To request access, complete the form.

Request Access

Infrastructure as Code (IaC) scanning in Datadog automatically analyzes your Terraform files for security misconfigurations. Findings appear in the Code Security Vulnerabilities tab, where you can group, filter, and triage issues by severity, status, and more. For each finding, Datadog provides detailed remediation guidance, code diffs, and the ability to open a pull request or commit fixes directly from the UI.

Static IaC scanning supports GitHub for version control and Terraform for infrastructure as code.
Cloud Security Findings page displaying detected misconfigurations in cloud resources

When you click on a finding, the side panel reveals additional details, including a short description of the IaC rule related to the finding and a preview of the offending code.

Finding side panel highlighting undefined EBS volume encryption in Terraform code.

Key capabilities

  • Scan Terraform files for security misconfigurations
  • Surface IaC misconfigurations in the Code Security Vulnerabilities tab
  • Group and filter findings by severity, triage status, and other facets
  • View detailed remediation guidance and code diffs for each finding
  • Open a pull request or commit fixes directly from the UI
  • Track finding status and history for triage and resolution
  • Configure scanning exclusions

Getting started

  1. Set up IaC scanning in your environment
  2. Configure scanning exclusions if needed
  3. Review and triage findings in the Code Security Vulnerabilities tab

Further reading

추가 유용한 문서, 링크 및 기사:

Setting up IaC ScanningDOCUMENTATION more more Setting up IaC Scanning ExclusionsDOCUMENTATION more more
PREVIEWING: deforest/docs-11221-move-iac-to-code-security