diff --git a/content/en/security/application_security/setup/_index.md b/content/en/security/application_security/setup/_index.md index 80384a7f360d5..2dca5631d4d5d 100644 --- a/content/en/security/application_security/setup/_index.md +++ b/content/en/security/application_security/setup/_index.md @@ -50,10 +50,10 @@ Learn how to enable App and API Protection on all the following supported platfo ## Kubernetes (K8s) {{< appsec-integrations >}} - {{< appsec-integration name="Kubernetes" avatar="kubernetes" link="./kubernetes" >}} - {{< appsec-integration name="Istio" avatar="istio" link="./istio" >}} - {{< appsec-integration name="Envoy Gateway" avatar="envoy" link="./envoy-gateway" >}} - {{< appsec-integration name="Gateway API" src="integrations_logos/gateway-api_avatar.svg" link="./gateway-api" >}} + {{< appsec-integration name="Istio" avatar="istio" link="./kubernetes/istio" >}} + {{< appsec-integration name="Envoy Gateway" avatar="envoy" link="./kubernetes/envoy-gateway" >}} + {{< appsec-integration name="Gateway API" src="integrations_logos/gateway-api_avatar.svg" link="./kubernetes/gateway-api" >}} + {{< appsec-integration name="Ingress NGINX Controller" avatar="nginx" link="./nginx/ingress-controller" >}} {{< /appsec-integrations >}} ## Cloud Platforms @@ -80,4 +80,3 @@ Learn how to enable App and API Protection on all the following supported platfo {{< appsec-integrations >}} {{< appsec-integration name="Azure App Service" avatar="azure-appserviceenvironment" link="./azure/app-service" >}} {{< /appsec-integrations >}} - diff --git a/content/en/security/application_security/setup/dotnet/_index.md b/content/en/security/application_security/setup/dotnet/_index.md index 3e9078855e689..7b523a7654fe5 100644 --- a/content/en/security/application_security/setup/dotnet/_index.md +++ b/content/en/security/application_security/setup/dotnet/_index.md @@ -33,9 +33,8 @@ further_reading: {{< appsec-integration name="Linux" avatar="linux" link="./linux" >}} {{< appsec-integration name="Windows" avatar="windows" link="./windows" >}} {{< /appsec-integrations >}} -## Additional Resources -### Cloud and Container Platforms +### Container Platforms {{< appsec-integrations >}} {{< appsec-integration name="Docker" avatar="docker" link="./docker" >}} {{< appsec-integration name="Kubernetes" avatar="kubernetes" link="./kubernetes" >}} @@ -44,7 +43,12 @@ further_reading: ### AWS {{< appsec-integrations >}} {{< appsec-integration name="AWS Fargate" avatar="aws-fargate" link="./aws-fargate" >}} -{{< appsec-integration name="AWS Lambda" avatar="amazon-lambda" link="/security/application_security/setup/aws/lambda/" >}} +{{< appsec-integration name="AWS Lambda" avatar="amazon-lambda" link="/security/application_security/setup/aws/lambda/dotnet" >}} +{{< /appsec-integrations >}} + +### Google Cloud Platform +{{< appsec-integrations >}} +{{< appsec-integration name="Google Cloud Run" avatar="google-cloud-run" link="/security/application_security/setup/gcp/cloud-run/dotnet" >}} {{< /appsec-integrations >}} ### Microsoft Azure @@ -52,6 +56,7 @@ further_reading: {{< appsec-integration name="Azure App Service" avatar="azure-appserviceenvironment" link="/security/application_security/setup/azure/app-service/?tab=nodenetphppython" >}} {{< /appsec-integrations >}} +## Additional Resources - [Troubleshooting Guide][1] - [Compatibility Information][2] diff --git a/content/en/security/application_security/setup/go/_index.md b/content/en/security/application_security/setup/go/_index.md index 006c4e24ac12a..6cf06d1b0776a 100644 --- a/content/en/security/application_security/setup/go/_index.md +++ b/content/en/security/application_security/setup/go/_index.md @@ -17,7 +17,7 @@ further_reading: ## Overview -App and API Protection (AAP) leverages the [Datadog Go library][5] to monitor and secure your Go service. The library integrates seamlessly into your workflow using [Orchestrion][6], an automatic compile-time instrumentation of Go code that does not require code changes. +App and API Protection (AAP) leverages the [Datadog Go library][5] to monitor and secure your Go service. The library integrates seamlessly into your workflow using [Orchestrion][6], an automatic compile-time instrumentation of Go code that does not require code changes. For detailed compatibility information, including supported Go versions, frameworks, and deployment environments, see [Go Compatibility Requirements][2]. @@ -29,7 +29,7 @@ For detailed compatibility information, including supported Go versions, framewo {{< appsec-integration name="macOS" avatar="apple" link="./setup?tab=environmentvariable" >}} {{< /appsec-integrations >}} -### Cloud and Container Platforms +### Container Platforms {{< appsec-integrations >}} {{< appsec-integration name="Docker" avatar="docker" link="./setup?tab=dockercli" >}} {{< appsec-integration name="Kubernetes" avatar="kubernetes" link="./setup?tab=kubernetes" >}} @@ -37,7 +37,19 @@ For detailed compatibility information, including supported Go versions, framewo ### AWS {{< appsec-integrations >}} -{{< appsec-integration name="AWS ECS" avatar="aws-fargate" link="./setup?tab=amazonecs" >}} +{{< appsec-integration name="AWS Lambda" avatar="amazon-lambda" link="../aws/lambda/go" >}} +{{< appsec-integration name="AWS Fargate" avatar="aws-fargate" link="../aws/fargate" >}} +{{< appsec-integration name="AWS ECS" avatar="aws-ecs" link="./setup?tab=amazonecs" >}} +{{< /appsec-integrations >}} + +### Google Cloud Platform +{{< appsec-integrations >}} +{{< appsec-integration name="Google Cloud Run" avatar="google-cloud-run" link="../gcp/cloud-run/go >}} +{{< /appsec-integrations >}} + +### Microsoft Azure +{{< appsec-integrations >}} + {{< appsec-integration name="Azure App Service" avatar="azure-appserviceenvironment" link="../azure/app-service" >}} {{< /appsec-integrations >}} ## Additional Resources @@ -53,4 +65,3 @@ For detailed compatibility information, including supported Go versions, framewo [4]: /security/application_security/setup/go/sdk [5]: https://github.com/DataDog/dd-trace-go/ [6]: https://datadoghq.dev/orchestrion/ - diff --git a/content/en/security/application_security/setup/java/_index.md b/content/en/security/application_security/setup/java/_index.md index f138b9a2cf48e..24d41390ced6f 100644 --- a/content/en/security/application_security/setup/java/_index.md +++ b/content/en/security/application_security/setup/java/_index.md @@ -32,7 +32,7 @@ further_reading: {{< appsec-integration name="Windows" avatar="windows" link="./windows" >}} {{< /appsec-integrations >}} -### Cloud and Container Platforms +### Container Platforms {{< appsec-integrations >}} {{< appsec-integration name="Docker" avatar="docker" link="./docker" >}} {{< appsec-integration name="Kubernetes" avatar="kubernetes" link="./kubernetes" >}} @@ -41,7 +41,17 @@ further_reading: ### AWS {{< appsec-integrations >}} {{< appsec-integration name="AWS Fargate" avatar="aws-fargate" link="./aws-fargate" >}} -{{< appsec-integration name="AWS Lambda" avatar="amazon-lambda" link="/security/application_security/setup/aws/lambda/" >}} +{{< appsec-integration name="AWS Lambda" avatar="amazon-lambda" link="../aws/lambda/java" >}} +{{< /appsec-integrations >}} + +### Google Cloud Platform +{{< appsec-integrations >}} +{{< appsec-integration name="Google Cloud Run" avatar="google-cloud-run" link="../gcp/cloud-run/java" >}} +{{< /appsec-integrations >}} + +### Microsoft Azure +{{< appsec-integrations >}} +{{< appsec-integration name="Azure App Service" avatar="azure-appserviceenvironment" link="../azure/app-service/?tab=java" >}} {{< /appsec-integrations >}} ## Additional Resources diff --git a/content/en/security/application_security/setup/kubernetes/_index.md b/content/en/security/application_security/setup/kubernetes/_index.md index df1249f9f0c4a..ab10c26cdb191 100644 --- a/content/en/security/application_security/setup/kubernetes/_index.md +++ b/content/en/security/application_security/setup/kubernetes/_index.md @@ -19,7 +19,7 @@ further_reading: text: "How Application & API Protection Works in Datadog" --- -Learn how to set up App and API Protection (AAP) on your Kubernetes services by selecting the service's programming language. +Learn how to set up App and API Protection (AAP) on your Kubernetes clusters by selecting the Kubernetes integration that suits you best.

Are you missing your environment?

@@ -27,32 +27,12 @@ Learn how to set up App and API Protection (AAP) on your Kubernetes services by
{{< appsec-integrations >}} - {{< appsec-integration name="Istio" avatar="istio" link="/security/application_security/setup/istio" >}} - {{< appsec-integration name="Envoy Gateway" avatar="envoy" link="/security/application_security/setup/envoy-gateway" >}} - {{< appsec-integration name="Gateway API" src="integrations_logos/gateway-api_avatar.svg" link="/security/application_security/setup/gateway-api" >}} + {{< appsec-integration name="Istio" avatar="istio" link="./istio" >}} + {{< appsec-integration name="Envoy Gateway" avatar="envoy" link="./envoy-gateway" >}} + {{< appsec-integration name="Gateway API" src="integrations_logos/gateway-api_avatar.svg" link="./gateway-api" >}} + {{< appsec-integration name="Ingress NGINX Controller" avatar="nginx" link="../nginx/ingress-controller" >}} {{< /appsec-integrations >}} -## Languages - -{{< appsec-integrations >}} - {{< appsec-integration name="Python" avatar="python" link="/security/application_security/setup/python/kubernetes" >}} - {{< appsec-integration name="Node.js" avatar="node" link="/security/application_security/setup/nodejs/kubernetes" >}} - {{< appsec-integration name="Java" avatar="java" link="/security/application_security/setup/java/kubernetes" >}} - {{< appsec-integration name="Go" avatar="go" link="/security/application_security/setup/go" >}} - {{< appsec-integration name="Ruby" avatar="ruby" link="/security/application_security/setup/ruby/kubernetes" >}} - {{< appsec-integration name=".NET" avatar="dotnet" link="/security/application_security/setup/dotnet/kubernetes" >}} - {{< appsec-integration name="PHP" avatar="php" link="/security/application_security/setup/php/kubernetes" >}} -{{< /appsec-integrations >}} - -## Proxies - -{{< appsec-integrations >}} - {{< appsec-integration name="NGINX" avatar="nginx" link="/security/application_security/setup/nginx/kubernetes" >}} - {{< appsec-integration name="Envoy" avatar="envoy" link="/security/application_security/setup/envoy" >}} -{{< /appsec-integrations >}} - - - ## Further Reading {{< partial name="whats-next/whats-next.html" >}} diff --git a/content/en/security/application_security/setup/envoy-gateway.md b/content/en/security/application_security/setup/kubernetes/envoy-gateway.md similarity index 99% rename from content/en/security/application_security/setup/envoy-gateway.md rename to content/en/security/application_security/setup/kubernetes/envoy-gateway.md index b79d9e180e0ca..d3d7c04ead743 100644 --- a/content/en/security/application_security/setup/envoy-gateway.md +++ b/content/en/security/application_security/setup/kubernetes/envoy-gateway.md @@ -188,7 +188,7 @@ spec: # with body processing enabled. # Note: This timeout also includes the data communication between Envoy and the external processor. # The timeout should be adjusted to accommodate the additional possible processing time. - # Larger payloads will require a longer timeout. + # Larger payloads will require a longer timeout. messageTimeout: 200ms processingMode: diff --git a/content/en/security/application_security/setup/gateway-api.md b/content/en/security/application_security/setup/kubernetes/gateway-api.md similarity index 100% rename from content/en/security/application_security/setup/gateway-api.md rename to content/en/security/application_security/setup/kubernetes/gateway-api.md diff --git a/content/en/security/application_security/setup/istio.md b/content/en/security/application_security/setup/kubernetes/istio.md similarity index 100% rename from content/en/security/application_security/setup/istio.md rename to content/en/security/application_security/setup/kubernetes/istio.md diff --git a/content/en/security/application_security/setup/nginx/_index.md b/content/en/security/application_security/setup/nginx/_index.md index 17185c52c7bae..490b5118b332e 100644 --- a/content/en/security/application_security/setup/nginx/_index.md +++ b/content/en/security/application_security/setup/nginx/_index.md @@ -14,7 +14,7 @@ further_reading: {{< partial name="app_and_api_protection/callout.html" >}} ## Overview -App and API Protection leverages the [Datadog Nginx Integration][1] to monitor and secure your reverse proxy. +Learn how to set up App and API Protection (AAP) on your NGINX proxy by selecting the integration that suits you best. ## Environments @@ -23,9 +23,9 @@ App and API Protection leverages the [Datadog Nginx Integration][1] to monitor a {{< appsec-integration name="Linux" avatar="linux" link="./linux" >}} {{< /appsec-integrations >}} -### Cloud and Container Platforms +### Kubernetes {{< appsec-integrations >}} -{{< appsec-integration name="Kubernetes" avatar="kubernetes" link="./kubernetes" >}} +{{< appsec-integration name="Kubernetes" avatar="kubernetes" link="./ingress-controller" >}} {{< /appsec-integrations >}} ## Additional Resources @@ -35,4 +35,4 @@ App and API Protection leverages the [Datadog Nginx Integration][1] to monitor a [1]: https://github.com/DataDog/nginx-datadog/ [2]: /security/application_security/setup/php/troubleshooting -[3]: /security/application_security/setup/php/compatibility \ No newline at end of file +[3]: /security/application_security/setup/php/compatibility diff --git a/content/en/security/application_security/setup/nginx/kubernetes.md b/content/en/security/application_security/setup/nginx/ingress-controller.md similarity index 97% rename from content/en/security/application_security/setup/nginx/kubernetes.md rename to content/en/security/application_security/setup/nginx/ingress-controller.md index 0d1b0b4002266..e218c1576aeac 100644 --- a/content/en/security/application_security/setup/nginx/kubernetes.md +++ b/content/en/security/application_security/setup/nginx/ingress-controller.md @@ -1,6 +1,8 @@ --- title: Set up App and API Protection for Nginx in Kubernetes type: multi-code-lang +aliases: + - /security/application_security/setup/nginx/kubernetes/ further_reading: - link: "/security/application_security/how-it-works/" tag: "Documentation" @@ -76,4 +78,4 @@ To disable OpenTelemetry, set `enable-opentelemetry: false`. [3]: https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/ [4]: https://hub.docker.com/r/datadog/ingress-nginx-injection [5]: https://github.com/DataDog/nginx-datadog/tree/master/example/ingress-nginx -[6]: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#enable-opentelemetry \ No newline at end of file +[6]: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#enable-opentelemetry diff --git a/content/en/security/application_security/setup/nodejs/_index.md b/content/en/security/application_security/setup/nodejs/_index.md index 7069dfe269db3..008f6909a8dfd 100644 --- a/content/en/security/application_security/setup/nodejs/_index.md +++ b/content/en/security/application_security/setup/nodejs/_index.md @@ -34,7 +34,7 @@ further_reading: {{< appsec-integration name="Windows" avatar="windows" link="./windows" >}} {{< /appsec-integrations >}} -### Cloud and Container Platforms +### Container Platforms {{< appsec-integrations >}} {{< appsec-integration name="Docker" avatar="docker" link="./docker" >}} {{< appsec-integration name="Kubernetes" avatar="kubernetes" link="./kubernetes" >}} @@ -42,9 +42,20 @@ further_reading: ### AWS {{< appsec-integrations >}} +{{< appsec-integration name="AWS Lambda" avatar="amazon-lambda" link="../aws/lambda/nodejs" >}} {{< appsec-integration name="AWS Fargate" avatar="aws-fargate" link="./aws-fargate" >}} {{< /appsec-integrations >}} +### Google Cloud Platform +{{< appsec-integrations >}} +{{< appsec-integration name="Google Cloud Run" avatar="google-cloud-run" link="../gcp/cloud-run/nodejs" >}} +{{< /appsec-integrations >}} + +### Microsoft Azure +{{< appsec-integrations >}} +{{< appsec-integration name="Azure App Service" avatar="azure-appserviceenvironment" link="/security/application_security/setup/azure/app-service/?tab=nodenetphppython" >}} +{{< /appsec-integrations >}} + ## Additional Resources - [Troubleshooting Guide](./troubleshooting) diff --git a/content/en/security/application_security/setup/php.md b/content/en/security/application_security/setup/php.md deleted file mode 100644 index c44f83d5d1b85..0000000000000 --- a/content/en/security/application_security/setup/php.md +++ /dev/null @@ -1,115 +0,0 @@ ---- -title: Enabling AAP for PHP -code_lang: php -type: multi-code-lang -code_lang_weight: 40 -aliases: - - /security_platform/application_security/getting_started/php - - /security/application_security/getting_started/php - - /security/application_security/enabling/tracing_libraries/threat_detection/php/ - - /security/application_security/threats/setup/threat_detection/php - - /security/application_security/threats_detection/php - - /security/application_security/setup/aws/fargate/php -further_reading: - - link: "/security/application_security/add-user-info/" - tag: "Documentation" - text: "Adding user information to traces" - - link: 'https://github.com/DataDog/dd-trace-php' - tag: "Source Code" - text: 'PHP Datadog Tracer Library source code' - - link: "/security/default_rules/?category=cat-application-security" - tag: "Documentation" - text: "OOTB App and API Protection Rules" - - link: "/security/application_security/troubleshooting" - tag: "Documentation" - text: "Troubleshooting App and API Protection" ---- - -You can monitor App and API Protection for PHP apps running in host-based or container-based environments such as Docker, Kubernetes, AWS ECS, and AWS EKS. - -{{% appsec-getstarted %}} - -## Enabling threat detection -### Get started - -1. **Install the latest Datadog PHP library** by downloading and running the installer: - ```shell - wget https://github.com/DataDog/dd-trace-php/releases/latest/download/datadog-setup.php -O datadog-setup.php - php datadog-setup.php --php-bin all --enable-appsec - ``` - To check that your service's language and framework versions are supported for AAP capabilities, see [Compatibility][1]. - -2. **Enable the library in your code** by restarting PHP-FPM or Apache. In a containerized environment, if you previously installed the library without enabling AAP, you can optionally enable it after by setting the following environment variable: - {{< tabs >}} -{{% tab "Docker CLI" %}} - -Update your configuration container for APM by adding the following argument in your `docker run` command: - -```shell -docker run [...] -e DD_APPSEC_ENABLED=true [...] -``` - -{{% /tab %}} -{{% tab "Dockerfile" %}} - -Add the following environment variable value to your container Dockerfile: - -```Dockerfile -ENV DD_APPSEC_ENABLED=true -``` - -{{% /tab %}} -{{% tab "Kubernetes" %}} - -Update your configuration yaml file container for APM and add the AppSec env variable: - -```yaml -spec: - template: - spec: - containers: - - name: - image: / - env: - - name: DD_APPSEC_ENABLED - value: "true" -``` - -{{% /tab %}} -{{% tab "AWS ECS" %}} - -Update your ECS task definition JSON file, by adding this in the environment section: - -```json -"environment": [ - ..., - { - "name": "DD_APPSEC_ENABLED", - "value": "true" - } -] -``` - -{{% /tab %}} - -{{< /tabs >}} - -{{% appsec-getstarted-2-canary %}} - -{{< img src="/security/application_security/appsec-getstarted-threat-and-vuln_2.mp4" alt="Video showing Signals explorer and details, and Vulnerabilities explorer and details." video="true" >}} - -## Using AAP without APM tracing - -If you want to use Application & API Protection without APM tracing functionality, you can deploy with tracing disabled: - -1. Configure your tracing library with the `DD_APM_TRACING_ENABLED=false` environment variable in addition to the `DD_APPSEC_ENABLED=true` environment variable. -2. This configuration will reduce the amount of APM data sent to Datadog to the minimum required by App and API Protection products. - -For more details, see [Standalone App and API Protection][standalone_billing_guide]. -[standalone_billing_guide]: /security/application_security/guide/standalone_application_security/ - -## Further Reading - -{{< partial name="whats-next/whats-next.html" >}} - -[1]: /security/application_security/setup/compatibility/php/ diff --git a/content/en/security/application_security/setup/php/_index.md b/content/en/security/application_security/setup/php/_index.md index 981066f0116f4..f9f3dd096568a 100644 --- a/content/en/security/application_security/setup/php/_index.md +++ b/content/en/security/application_security/setup/php/_index.md @@ -18,12 +18,22 @@ aliases: {{< appsec-integration name="Linux" avatar="linux" link="./linux" >}} {{< /appsec-integrations >}} -### Cloud and Container Platforms +### Container Platforms {{< appsec-integrations >}} {{< appsec-integration name="Docker" avatar="docker" link="./docker" >}} {{< appsec-integration name="Kubernetes" avatar="kubernetes" link="./kubernetes" >}} {{< /appsec-integrations >}} +### Google Cloud Platform +{{< appsec-integrations >}} +{{< appsec-integration name="Google Cloud Run" avatar="google-cloud-run" link="../gcp/cloud-run/php" >}} +{{< /appsec-integrations >}} + +### Microsoft Azure +{{< appsec-integrations >}} +{{< appsec-integration name="Azure App Service" avatar="azure-appserviceenvironment" link="../azure/app-service/?tab=nodenetphppython" >}} +{{< /appsec-integrations >}} + ## Additional Resources - [Troubleshooting Guide](/security/application_security/setup/php/troubleshooting) diff --git a/content/en/security/application_security/setup/python/_index.md b/content/en/security/application_security/setup/python/_index.md index 7b47f6bc90aff..719107c8768fd 100644 --- a/content/en/security/application_security/setup/python/_index.md +++ b/content/en/security/application_security/setup/python/_index.md @@ -33,7 +33,7 @@ further_reading: {{< appsec-integration name="Windows" avatar="windows" link="./windows" >}} {{< /appsec-integrations >}} -### Cloud and Container Platforms +### Container Platforms {{< appsec-integrations >}} {{< appsec-integration name="Docker" avatar="docker" link="./docker" >}} {{< appsec-integration name="Kubernetes" avatar="kubernetes" link="./kubernetes" >}} @@ -42,7 +42,17 @@ further_reading: ### AWS {{< appsec-integrations >}} {{< appsec-integration name="AWS Fargate" avatar="aws-fargate" link="./aws-fargate" >}} -{{< appsec-integration name="AWS Lambda" avatar="amazon-lambda" link="/security/application_security/setup/aws/lambda/" >}} +{{< appsec-integration name="AWS Lambda" avatar="amazon-lambda" link="../aws/lambda/python" >}} +{{< /appsec-integrations >}} + +### Google Cloud Platform +{{< appsec-integrations >}} +{{< appsec-integration name="Google Cloud Run" avatar="google-cloud-run" link="../gcp/cloud-run/python" >}} +{{< /appsec-integrations >}} + +### Microsoft Azure +{{< appsec-integrations >}} +{{< appsec-integration name="Azure App Service" avatar="azure-appserviceenvironment" link="../azure/app-service/?tab=nodenetphppython" >}} {{< /appsec-integrations >}} ## Additional Resources diff --git a/content/en/security/application_security/setup/ruby.md b/content/en/security/application_security/setup/ruby.md deleted file mode 100644 index 87d63534a81a7..0000000000000 --- a/content/en/security/application_security/setup/ruby.md +++ /dev/null @@ -1,238 +0,0 @@ ---- -title: Enabling AAP for Ruby -code_lang: ruby -type: multi-code-lang -code_lang_weight: 30 -aliases: - - /security_platform/application_security/getting_started/ruby - - /security/application_security/getting_started/ruby - - /security/application_security/enabling/tracing_libraries/threat_detection/ruby/ - - /security/application_security/threats/setup/threat_detection/ruby - - /security/application_security/threats_detection/ruby - - /security/application_security/setup/aws/fargate/ruby -further_reading: - - link: "/security/application_security/add-user-info/" - tag: "Documentation" - text: "Adding user information to traces" - - link: 'https://github.com/DataDog/dd-trace-rb' - tag: "Source Code" - text: 'Ruby Datadog library source code' - - link: "/security/default_rules/?category=cat-application-security" - tag: "Documentation" - text: "OOTB App and API Protection Rules" - - link: "/security/application_security/troubleshooting" - tag: "Documentation" - text: "Troubleshooting App and API Protection" ---- - -You can monitor App and API Protection for Ruby apps running in Docker, Kubernetes, Amazon ECS, and AWS Fargate. - -{{% appsec-getstarted %}} - -## Enabling threat detection - -### Get started - -1. **Update your Gemfile to include the Datadog library**: - - ```ruby - gem 'datadog', '~> 2.0' # Use 'ddtrace' if you're using v1.x - ``` - - To check that your service's language and framework versions are supported for AAP capabilities, see [Compatibility][1]. - - For more information about upgrading to v2 from a `dd-trace` 1.x version, see [the Ruby tracer upgrade guide][2]. - -2. **Enable AAP** by enabling the APM tracer. The following options describe a quick setup that covers the most common cases. Read [the Ruby tracer documentation][3] for more details. - - You can enable AAP either in your code: - - {{< tabs >}} - -{{% tab "Rails" %}} - Enable the APM tracer by adding an initializer in your application code: - - ```ruby - # config/initializers/datadog.rb - - require 'datadog/appsec' - - Datadog.configure do |c| - # enable the APM tracer - c.tracing.instrument :rails - - # enable AAP - c.appsec.enabled = true - c.appsec.instrument :rails - end - ``` - - Or enable the APM tracer through auto-instrumentation by updating your Gemfile to auto-instrument: - - ```ruby - gem 'datadog', '~> 2.0', require: 'datadog/auto_instrument' - ``` - - And also enable `appsec`: - - ```ruby - # config/initializers/datadog.rb - - require 'datadog/appsec' - - Datadog.configure do |c| - # the APM tracer is enabled by auto-instrumentation - - # enable AAP - c.appsec.enabled = true - c.appsec.instrument :rails - end - ``` - -{{% /tab %}} - -{{% tab "Sinatra" %}} - Enable the APM tracer by adding the following to your application's startup: - - ```ruby - require 'sinatra' - require 'datadog' - require 'datadog/appsec' - - Datadog.configure do |c| - # enable the APM tracer - c.tracing.instrument :sinatra - - # enable AAP for Sinatra - c.appsec.enabled = true - c.appsec.instrument :sinatra - end - ``` - - Or enable the APM tracer through auto-instrumentation: - - ```ruby - require 'sinatra' - require 'datadog/auto_instrument' - - Datadog.configure do |c| - # the APM tracer is enabled by auto-instrumentation - - # enable AAP for Sinatra - c.appsec.enabled = true - c.appsec.instrument :sinatra - end - ``` - -{{% /tab %}} - -{{% tab "Rack" %}} - Enable the APM tracer by adding the following to your `config.ru` file: - - ```ruby - require 'datadog' - require 'datadog/appsec' - - Datadog.configure do |c| - # enable the APM tracer - c.tracing.instrument :rack - - # enable AAP for Rack - c.appsec.enabled = true - c.appsec.instrument :rack - end - - use Datadog::Tracing::Contrib::Rack::TraceMiddleware - use Datadog::AppSec::Contrib::Rack::RequestMiddleware - ``` - -{{% /tab %}} - -{{< /tabs >}} - - Or one of the following methods, depending on where your application runs: - - {{< tabs >}} -{{% tab "Docker CLI" %}} - -Update your configuration container for APM by adding the following argument in your `docker run` command: - -```shell -docker run [...] -e DD_APPSEC_ENABLED=true [...] -``` - -{{% /tab %}} -{{% tab "Dockerfile" %}} - -Add the following environment variable value to your container Dockerfile: - -```Dockerfile -ENV DD_APPSEC_ENABLED=true -``` - -{{% /tab %}} -{{% tab "Kubernetes" %}} - -Update your configuration yaml file container for APM and add the AppSec env variable: - -```yaml -spec: - template: - spec: - containers: - - name: - image: / - env: - - name: DD_APPSEC_ENABLED - value: "true" -``` - -{{% /tab %}} -{{% tab "Amazon ECS" %}} - -Update your ECS task definition JSON file, by adding this in the environment section: - -```json -"environment": [ - ..., - { - "name": "DD_APPSEC_ENABLED", - "value": "true" - } -] -``` - -{{% /tab %}} -{{% tab "AWS Fargate" %}} - -Initialize AAP in your code or set `DD_APPSEC_ENABLED` environment variable to true in your service invocation: - -```shell -env DD_APPSEC_ENABLED=true rails server -``` - -{{% /tab %}} - -{{< /tabs >}} - -{{% appsec-getstarted-2-canary %}} - -{{< img src="/security/application_security/appsec-getstarted-threat-and-vuln_2.mp4" alt="Video showing Signals explorer and details, and Vulnerabilities explorer and details." video="true" >}} - -## Using AAP without APM tracing - -If you want to use Application & API Protection without APM tracing functionality, you can deploy with tracing disabled: - -1. Configure your tracing library with the `DD_APM_TRACING_ENABLED=false` environment variable in addition to the `DD_APPSEC_ENABLED=true` environment variable. -2. This configuration will reduce the amount of APM data sent to Datadog to the minimum required by App and API Protection products. - -For more details, see [Standalone App and API Protection][standalone_billing_guide]. -[standalone_billing_guide]: /security/application_security/guide/standalone_application_security/ - -## Further Reading - -{{< partial name="whats-next/whats-next.html" >}} - -[1]: /security/application_security/setup/compatibility/ruby/ -[2]: https://github.com/DataDog/dd-trace-rb/blob/master/docs/UpgradeGuide2.md -[3]: /tracing/trace_collection/dd_libraries/ruby/ diff --git a/content/en/security/application_security/setup/ruby/_index.md b/content/en/security/application_security/setup/ruby/_index.md index ab6693956df9d..e24f4c81a44ac 100644 --- a/content/en/security/application_security/setup/ruby/_index.md +++ b/content/en/security/application_security/setup/ruby/_index.md @@ -26,12 +26,14 @@ further_reading: ## Environments +### Hosts + {{< appsec-integrations >}} {{< appsec-integration name="Linux" avatar="linux" link="./linux" >}} {{< appsec-integration name="macOS" avatar="apple" link="./macos" >}} {{< /appsec-integrations >}} -### Cloud and Container Platforms +### Container Platforms {{< appsec-integrations >}} {{< appsec-integration name="Docker" avatar="docker" link="./docker" >}} @@ -41,9 +43,22 @@ further_reading: ### AWS {{< appsec-integrations >}} +{{< appsec-integration name="AWS Lambda" avatar="amazon-lambda" link="../aws/lambda/ruby" >}} {{< appsec-integration name="AWS Fargate" avatar="aws-fargate" link="./aws-fargate" >}} {{< /appsec-integrations >}} +### Google Cloud Platform + +{{< appsec-integrations >}} +{{< appsec-integration name="Google Cloud Run" avatar="google-cloud-run" link="../gcp/cloud-run/ruby" >}} +{{< /appsec-integrations >}} + +### Microsoft Azure + +{{< appsec-integrations >}} +{{< appsec-integration name="Azure App Service" avatar="azure-appserviceenvironment" link="../azure/app-service" >}} +{{< /appsec-integrations >}} + ## Additional Resources - [Compatibility Information](/security/application_security/setup/ruby/compatibility)