Infrastructure as Code Security

Join the Preview!

Infrastructure as Code (IaC) Security is in Preview. To request access, complete the form.

Request Access
IaC misconfiguration side panel showing details for the high severity IMDSv1 Enabled issue, including a security summary, code snippet, detection timestamps, and remediation steps.

Infrastructure as Code (IaC) Security automatically analyzes your Terraform files for security misconfigurations. Findings appear in the Code Security Vulnerabilities tab, where you can group, filter, and triage them by severity, status, and other attributes. For each finding, Datadog provides detailed remediation guidance and a code snippet showing the affected resource and file location.

IaC Security supports GitHub for version control and Terraform for infrastructure as code.

Key capabilities

With IaC Security, you can:

  • Scan Terraform files for security misconfigurations
  • Surface IaC misconfigurations in the Code Security Vulnerabilities tab
  • Group and filter findings by severity, triage status, and other facets
  • View detailed remediation guidance and code snippets for each finding
  • Track finding status and history for triage and resolution
  • Configure scanning exclusions

Getting started

  1. Set up IaC Security in your environment
  2. Configure scanning exclusions if needed
  3. Review and triage findings in the Code Security Vulnerabilities tab

Further reading

Additional helpful documentation, links, and articles:

Set up IaC SecurityDOCUMENTATION more more Configure IaC Security ExclusionsDOCUMENTATION more more
PREVIEWING: deforest/docs-11221-move-iac-to-code-security