Skip to content

DOCS-12596: Add PR Gates to IaC Security docs #32697

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Nov 12, 2025
Merged

DOCS-12596: Add PR Gates to IaC Security docs #32697

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8eb71bb
Add section for PR Gates
drichards-87 Nov 7, 2025
ed54321
Minor edits
drichards-87 Nov 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 12 additions & 1 deletion content/en/security/code_security/iac_security/_index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,9 @@
- link: "/security/code_security/iac_security/iac_rules/"
tag: "Documentation"
text: "IaC Security Rules"
- link: "/pr_gates/"
tag: "Documentation"
text: "PR Gates"
---

Datadog Infrastructure as Code (IaC) Security detects misconfigurations in Terraform and Kubernetes configurations before they're deployed. It flags issues such as missing encryption or overly permissive access in files stored in your connected GitHub, GitLab, or Azure DevOps repositories. Supported file types include standalone Terraform files, local modules, and Kubernetes manifests.
Expand All @@ -31,6 +34,12 @@

When a pull request includes infrastructure-as-code changes, Datadog adds inline comments to flag any violations. Where applicable, it also suggests code fixes that can be applied directly in the pull request. You can also open a new pull request from Datadog to remediate a finding. For more information, see [Pull Request Comments][5].

### Automatically block risky changes with PR Gates

Use [PR Gates][11] to enforce security standards on infrastructure-as-code changes before they're merged. Datadog scans the IaC changes in each pull request, identifies any vulnerabilities above your configured severity threshold, and reports a pass or fail status to GitHub or Azure DevOps.

Check notice on line 39 in content/en/security/code_security/iac_security/_index.md

View workflow job for this annotation

GitHub Actions / vale

Datadog.sentencelength 

Suggestion: Try to keep your sentence length to 25 words or fewer.

By default, checks are informational, but you can make them blocking in GitHub or Azure DevOps to prevent merging when critical issues are detected. For setup instructions, see [Set up PR Gate Rules][12].

### View and filter findings

After setting up IaC Security, each commit to a scanned repository triggers a scan. Findings are summarized on the [Code Security Vulnerabilities][3] page and grouped per repository on the [Code Security Repositories][6] page.
Expand Down Expand Up @@ -85,4 +94,6 @@
[7]: /security/code_security/iac_security/exclusions/?tab=yaml
[8]: /security/automation_pipelines/mute
[9]: https://app.datadoghq.com/integrations/github/
[10]: /security/automation_pipelines/
[10]: /security/automation_pipelines/
[11]: /pr_gates/
[12]: /pr_gates/setup
Loading