You can detect code-level vulnerabilities and monitor application security in Node.js applications running in Docker, Kubernetes, Amazon ECS, and AWS Fargate.

Follow these steps to enable Code Security in your service:

  1. Update your Datadog Agent to at least version 7.41.1.

  2. Update your Datadog Tracing Library to at least the minimum version needed to turn on Code Security. For details, see Library Compatibility page.

  3. Add the DD_IAST_ENABLED=true environment variable to your application configuration.

    If you initialize the APM library on the command line using the --require option to Node.js:

    node --require dd-trace/init app.js
    

    Then use environment variables to enable ASM:

    DD_IAST_ENABLED=true node app.js
    

    How you do this varies depending on where your service runs:

    Update your configuration container for APM by adding the following argument in your docker run command:

    docker run [...] -e DD_IAST_ENABLED=true [...]
    

    Add the following environment variable value to your container Dockerfile:

    ENV DD_IAST_ENABLED=true
    

    Update your configuration yaml file container for APM and add the AppSec env variable:

    spec:
      template:
        spec:
          containers:
            - name: <CONTAINER_NAME>
              image: <CONTAINER_IMAGE>/<TAG>
              env:
                - name: DD_IAST_ENABLED
                  value: "true"
    

    Update your ECS task definition JSON file, by adding this in the environment section:

    "environment": [
      ...,
      {
        "name": "DD_IAST_ENABLED",
        "value": "true"
      }
    ]
    

  4. Restart your service.

  5. To see Code Security in action, browse your service and the code-level vulnerabilities appear in the Vulnerability Explorer.

If you need additional assistance, contact Datadog support.

Further Reading

PREVIEWING: may/unit-testing