Setting up IaC Scanning

Join the Preview!

Static Infrastructure as Code (IaC) scanning is in Preview. To request access, complete the form.

Request Access

Use the following instructions to enable Infrastructure as Code (IaC) scanning for Code Security.

Static IaC scanning supports GitHub for version control and Terraform for infrastructure as code.

Set up the GitHub integration

Follow the instructions for creating a GitHub app for your organization.

To use IaC scanning, you must give the GitHub App Read & Write permissions for Contents and Pull Requests. These permissions can be applied to all or select repositories.

Enable IaC scanning for your repositories

After you set up the GitHub integration, enable IaC scanning for the repositories in your GitHub account.

  1. On the Code Security Setup page, expand the Activate scanning for your repositories section.
  2. Under Select your source code management provider, choose GitHub.
  3. Under Where do you want the scans to run?, select Datadog.
  4. For the GitHub account you want to configure, click Select repositories or Edit if you’ve already enabled other Code Security features for that account.
  5. To enable IaC scanning:
  • To enable it for all repositories, toggle Enable Infrastructure as Code Scanning (IaC) to the on position.
  • To enable it for a specific repository, toggle the IaC switch for that repository to the on position.

Further reading

Additional helpful documentation, links, and articles:

Code SecurityDOCUMENTATION more more Setting up IaC Scanning ExclusionsDOCUMENTATION more more
PREVIEWING: deforest/docs-11221-move-iac-to-code-security