Set up IaC Security

This product is not supported for your selected Datadog site. (US1).

Use the following instructions to enable Infrastructure as Code (IaC) Security for Code Security. IaC Security supports Terraform and Kubernetes configurations stored in GitHub, GitLab, or Azure DevOps repositories.

Install the GitHub integration

To connect your GitHub repositories and enable PR comments, see the setup instructions in Pull Request Comments.

Enable IaC Security for your repositories

After setting up the GitHub integration, enable IaC Security for your repositories.

  1. On the Code Security Setup page, expand the Activate scanning for your repositories section.
  2. Under Select your source code management provider, select GitHub.
  3. Under Select where your scans should run, select Datadog.
  4. Under Connect your GitHub repositories, do one of the following:
    • To connect a new GitHub account, click Add GitHub Account.
    • To enable IaC Security for an existing account, click Select repositories, or Edit if Code Security is already enabled.
  5. To enable IaC Security, do one of the following:
    • To enable it for all repositories, toggle Enable Infrastructure as Code Scanning (IaC) to the ON position.
    • To enable it for a single repository, toggle the IaC switch to ON for that repository.

Install the GitLab integration

To connect your GitLab repositories and enable PR comments, see the setup instructions in GitLab Source Code.

Enable IaC Security for your repositories

After setting up the GitLab integration, enable IaC Security for your repositories.

  1. On the Code Security Setup page, expand the Activate scanning for your repositories section.
  2. Under Select your source code management provider, select GitLab.
  3. Under Select where your scans should run, select Datadog.
  4. Under Connect your GitLab repositories, do one of the following:
    • To connect a new GitLab instance, click Connect GitLab Instance.
    • To enable IaC Security for an existing account, click Select repositories, or Edit if Code Security is already enabled.
  5. To enable IaC Security, do one of the following:
    • To enable it for all repositories, toggle Enable Infrastructure as Code Scanning (IaC) to the ON position.
    • To enable it for a single repository, toggle the IaC switch to ON for that repository.

Install the Azure DevOps integration

To connect your Azure DevOps repositories and enable PR comments, see the setup instructions in Azure DevOps Source Code.

Enable IaC Security for your repositories

After setting up the Azure DevOps integration, enable IaC Security for your repositories.

  1. On the Code Security Setup page, expand the Activate scanning for your repositories section.
  2. Under Select your source code management provider, select Azure DevOps.
  3. Under Select where your scans should run, select Datadog.
  4. Under Connect your Azure DevOps repositories, do one of the following:
    • To connect a new Azure DevOps organization, click Connect Microsoft Entra App.
    • To enable IaC Security for an existing account, click Select repositories, or Edit if Code Security is already enabled.
  5. To enable IaC Security, do one of the following:
    • To enable it for all repositories, toggle Enable Infrastructure as Code Scanning (IaC) to the ON position.
    • To enable it for a single repository, toggle the IaC switch to ON for that repository.

Further reading

Additional helpful documentation, links, and articles:

Code SecurityDOCUMENTATION more more IaC SecurityDOCUMENTATION more more Configure IaC Security ExclusionsDOCUMENTATION more more IaC Security RulesDOCUMENTATION more more