Feature Overview

Datadog IaC Security helps you shift security left by scanning your cloud configuration files to find misconfigurations, policy violations, and insecure defaults exactly where and when they are introduced. Integrated directly with your source code repositories, Datadog IaC Security enables you to continuously scan cloud configuration files directly in the repository, and provides explanations of risks, why they matter, and ways to automatically resolve them. You can identify, filter, and prioritize misconfigurations based on severity, and remediate them effectively with clear and actionable guidance. Whether you're a developer, security engineer, or SRE, Datadog brings infrastructure and security context together so you can resolve issues quickly and confidently.

Identify cloud configuration risks before they’re deployed

Avoid common mistakes such as publicly exposed storage buckets, overly permissive IAM roles, or unencrypted resources with real-time findings before they get to production. Security teams to automatically block violating PRs from being merged

Screenshot of app showing identified security threats

Empower developers to build secure infrastructure without slowing down delivery

Datadog IaC Security integrates seamlessly into your existing workflows, with minimal configuration and no need to learn new tools.

Automatically leave PR comments on GitHub Pull Requests and GitLab Merge Requests.
In-line remediation advice and code snippets
Easily exclude known or low priority findings
Bi-directional integration with Jira

Screenshot of app showing remediation process

Track IaC security posture over time

Datadog IaC Security provides a built-in customizable dashboard to help you monitor your organization’s IaC security posture over time. Break down and filter findings by repositories, teams, and environments to analyze trends, identify recurring issues, and align security goals with engineering velocity.