Deliver secure code without disruption

Feature Overview

Datadog Static Code Analysis (SAST) continuously detects vulnerabilities and provides suggested fixes early in the development cycle. By integrating directly into IDEs, pull requests, and CI/CD pipelines, Static Code Analysis helps developers can tackle critical vulnerabilities without delaying delivery.

Secure code as it’s being written directly in your IDE

Discover vulnerabilities in real time in your IDE and apply deterministic suggested fixes with a single click
Manage rule configuration at both global and repository levels
Detect vulnerabilities before code is committed using Git hooks

Catch and remediate vulnerabilities during code review

Automatically flag vulnerabilities with pull request comments across Git repositories
Fix vulnerabilities with one click by applying suggested fixes directly from inline pull request comments
Accelerate scan times by scanning only the modified files in each commit
Configure pull request comments by scan type, severity, and more on global and repository levels in Datadog

Automatically block new vulnerabilities with security gates

Create and manage checks on every new pull request to your repositories
Block new code vulnerabilities and license risks from reaching your production codebase
Enforce security and quality standards across your organization

Centralize vulnerabilities from external sources in one place

Upload SARIF results from external tools to Datadog for a consolidated view of vulnerabilities
Triage vulnerabilities detected by third-party security vendors directly in Datadog
Manage remediation workflows across teams without needing separate tools or dashboards