.NET Compatibility Requirements
Application Security capabilities support
The following application security capabilities are supported in the .NET library, for the specified tracer version:
Application Security capability | Minimum .NET tracer version |
---|
Threat Detection | 2.23.0 |
Threat Protection | 2.26.0 |
Customize response to blocked requests | 2.27.0 |
Software Composition Analysis (SCA) | 2.16.0 |
Code Security | 2.42.0 |
Automatic user activity event tracking | 2.32.0 |
API Security | 2.42.0 |
The minimum tracer version to get all supported application security capabilities for .NET is 2.42.0.
Note: Threat Protection requires enabling Remote Configuration, which is included in the listed minimum tracer version.
Supported deployment types
Type | Threat Detection support | Software Composition Analysis |
---|
Docker | | |
Kubernetes | | |
Amazon ECS | | |
AWS Fargate | | |
AWS Lambda | | |
Azure App Service | | |
Note: Azure App Service is supported for web applications only. Application Security capabilities are not supported for Azure Functions.
Language and framework compatibility
Supported .NET versions
For a list of supported platforms and operating systems, see .NET Framework Compatibility and .NET/.NET Core Compatiblity.
Web framework compatibility
- Attacker source HTTP request details
- Tags for the HTTP request (status code, method, etc)
- Distributed Tracing to see attack flows through your applications
Application Security Capability Notes
- Software Composition Analysis is supported on all frameworks.
- If your framework is not listed below, Code Security will still detect Insecure Cookie vulnerabilities.
Framework | Threat Detection supported? | Threat Protection supported? | Code Security? |
---|
ASP.NET MVC | | | |
ASP.NET Web API 2 | | | |
Data store compatibility
Datastore tracing provides:
- SQL attack detection
- query info (for example, a sanitized query string)
- error and stacktrace capturing
Application Security Capability Notes
- Threat Protection also works at the HTTP request (input) layer, and so works for all databases by default, even those not listed in the table below.
Framework | Threat Detection supported? | Threat Protection supported? | Code Security? |
---|
OracleDB | | | |
ADO.NET | | | |
SQL Server | | | |
MySQL | | | |
SQLite | | | |
User Authentication Frameworks compatibility
Integrations to User Authentication Frameworks provides:
- User login events including the user IDs
- User signup events (apps using built-in SignInManager)
- Account Takeover detection monitoring for user login events