Skip to content

docs(csm): document application library SBOM scanning (Agent 7.70+)#36253

Open
cyrbouchiat wants to merge 1 commit intomasterfrom
cyril/cloud-security-sbom-languages-analyzers
Open

docs(csm): document application library SBOM scanning (Agent 7.70+)#36253
cyrbouchiat wants to merge 1 commit intomasterfrom
cyril/cloud-security-sbom-languages-analyzers

Conversation

@cyrbouchiat
Copy link
Copy Markdown
Contributor

@cyrbouchiat cyrbouchiat commented Apr 24, 2026

Summary

  • Adds analyzers: ["os", "languages"] to the Cloud Security SBOM setup instructions for Kubernetes (Datadog Operator and Helm tabs) and Linux host deployments.
  • Adds a version note (requires Agent 7.70+) and a Supported application library package managers table covering all 13 ecosystems from the internal SAAL engineering spec.
  • No changes to Docker, ECS EC2, or Windows pages (those use env vars — separate follow-up).

Background

Agent 7.70 ships a languages SBOM analyzer that detects vulnerabilities in application libraries (npm, pip, Maven, NuGet, Go modules, Cargo, Bundler, etc.) in addition to OS packages. This was previously undocumented in the public setup guides.

Internal reference: https://datadoghq.atlassian.net/wiki/spaces/SAAL/pages/5244553414/Enable+apps+libs+SBOM+collection

Pages changed

  • content/en/security/cloud_security_management/setup/agent/kubernetes.md
  • content/en/security/cloud_security_management/setup/agent/linux.md

Checklist

  • YAML keys: containerImage in Operator/Helm, container_image in host yaml
  • Version note says 7.70+
  • Package manager table covers all 13 ecosystems
  • No changes to out-of-scope pages (Docker, ECS EC2, Windows)

@cyrbouchiat
docs(csm): document application library SBOM scanning for Kubernetes …
fe7399a 
…and Linux

Add documentation for the languages analyzer introduced in Agent 7.70.
Users can opt into scanning application libraries (npm, pip, Maven/Gradle,
NuGet, Go modules, Cargo, Bundler, etc.) alongside OS packages by setting
analyzers: ["os", "languages"] in their SBOM configuration.

Covers:
- Kubernetes: Datadog Operator (spec.features.sbom) and Helm (datadog.sbom)
- Linux: /etc/datadog-agent/datadog.yaml

Both pages include a 7.70+ version note and a supported package
manager table covering all 13 ecosystems.

Internal reference: https://datadoghq.atlassian.net/wiki/spaces/SAAL/pages/5244553414
@cyrbouchiat cyrbouchiat requested a review from a team as a code owner April 24, 2026 10:14
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 24, 2026

Preview links (active after the build_preview check completes)

Modified Files

@cyrbouchiat cyrbouchiat requested a review from 0intro April 24, 2026 11:08
@janine-c janine-c self-assigned this Apr 24, 2026
@janine-c janine-c added the editorial review Waiting on a more in-depth review label Apr 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@0intro 0intro 0intro approved these changes

At least 1 approving review is required to merge this pull request.

Assignees

@janine-c janine-c

Labels

editorial review Waiting on a more in-depth review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cyrbouchiat @0intro @janine-c