Software Composition Analysis | Datadog
Software Composition Analysis (SCA)

Software Composition Analysis (SCA)

Continuous, real-time open source vulnerability detection in application services

Datadog Software Composition Analysis (SCA) continuously monitors for vulnerable open source libraries in production. With real-time observability context, DevOps and Security teams can easily identify and prioritize the remediation of the highest-impact vulnerabilities before they become costly breaches and apply recommended fixes to resolve issues quickly.


Identify open source security risk in your applications

  • Surface vulnerable open source libraries in production as you monitor the overall health of your services
  • Ensure remediated vulnerabilities make it to production and avoid discrepancies between static and runtime code due to errors in the CI/CD pipeline
  • Proactively mitigate security risk with visibility into open source vulnerabilities within your CI pipelines (beta)
Identify open source security risk in your applications

Prioritize vulnerabilities with active risk

  • Prioritize open source library vulnerabilities with Datadog’s Severity Score, which factors in environment, CVSS, and real-time threat activity
  • Pivot between vulnerable services and affected cloud workloads and infrastructure hosts to assess business impact
  • Track real-time risk with continuous monitoring of vulnerability exposure

Fast-track resolution with guided remediation

  • Search, filter, and query across all detected vulnerabilities with Datadog unified tagging for faster investigation
  • Reduce mean-time-to-remediate with actionable remediation guidance
  • Select the best library update for your code with recommended upgrade options

Integrate application security into existing workflows

  • Seamlessly integrate vulnerability management within existing workstreams with JIRA and CI integrations
  • Drive alignment across development, operations, and security teams with a single source of truth to reduce security risk faster
It's extremely powerful to immediately see which services are vulnerable, the time since detection, and how to fix the vulnerabilities. It makes it much easier to investigate and remediate issues across all vulnerable services.
Henri Cour
Henri Cour SRE, Continental Digital Services France.

Customer Testimonials

It's extremely powerful to immediately see which services are vulnerable, the time since detection, and how to fix the vulnerabilities. It makes it much easier to investigate and remediate issues across all vulnerable services.
Henri Cour

Henri Cour

SRE, Continental Digital Services France.

Resources

/blog/datadog-software-composition-analysis/datadog-software-composition-analysis-hero

BLOG

Mitigate vulnerabilities from third-party libraries with Datadog Software Composition Analysis
/blog/enhance-sboms-application-vulnerability-management/enhance-sboms-hero

BLOG

Enhance SBOMs with runtime security context by using Datadog Software Composition Analysis
/blog/apm-security-view/apm-security-view-hero

BLOG

Gain visibility into risks, vulnerabilities, and attacks with APM Security View
/blog/application-code-vulnerability-detection/code-level-vulnerabilities-hero

BLOG

Find vulnerabilities in your code with Datadog Code Security
Get started with Software Composition Analysis today with a 14-day free-trial