Skip to content

new Library Inventory topic for Code Security #32967

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Nov 21, 2025
Merged

new Library Inventory topic for Code Security #32967

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
751481c
new Library Inventory topic for Code Security
michaelcretzman Nov 20, 2025
4cd9bfa
Merge branch 'master' into michaelcretzman/DOCS-12731
michaelcretzman Nov 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
108 changes: 54 additions & 54 deletions config/_default/menus/main.en.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3112,256 +3112,251 @@ menu:
parent: containers
identifier: containers_autoscaling
weight: 2
- name: Remediation
url: containers/bits_ai_kubernetes_remediation
parent: containers
identifier: containers_autoscaling
weight: 3
- name: Docker and other runtimes
url: containers/docker/
parent: containers
identifier: containers_docker
weight: 4
weight: 3
- name: APM
url: containers/docker/apm/
parent: containers_docker
identifier: containers_docker_apm
weight: 401
weight: 301
- name: Log collection
url: containers/docker/log/
parent: containers_docker
identifier: containers_docker_log
weight: 402
weight: 302
- name: Tag extraction
url: containers/docker/tag/
parent: containers_docker
identifier: containers_docker_tag
weight: 403
weight: 303
- name: Integrations
url: containers/docker/integrations/
parent: containers_docker
identifier: containers_docker_integrations
weight: 404
weight: 304
- name: Prometheus
url: containers/docker/prometheus/
parent: containers_docker
identifier: containers_docker_prometheus
weight: 405
weight: 305
- name: Data Collected
url: containers/docker/data_collected/
parent: containers_docker
identifier: containers_docker_data_collected
weight: 406
weight: 306
- name: Kubernetes
url: containers/kubernetes/
parent: containers
identifier: containers_kubernetes
weight: 5
weight: 4
- name: Installation
url: containers/kubernetes/installation
parent: containers_kubernetes
identifier: containers_kubernetes_installation
weight: 501
weight: 401
- name: Further Configuration
url: containers/kubernetes/configuration
parent: containers_kubernetes
identifier: containers_kubernetes_configuration
weight: 502
weight: 402
- name: Distributions
url: containers/kubernetes/distributions
parent: containers_kubernetes
identifier: containers_kubernetes_distributions
weight: 503
weight: 403
- name: APM
url: containers/kubernetes/apm/
parent: containers_kubernetes
identifier: containers_kubernetes_apm
weight: 504
weight: 404
- name: Log collection
url: containers/kubernetes/log/
parent: containers_kubernetes
identifier: containers_kubernetes_log
weight: 505
weight: 405
- name: Tag extraction
url: containers/kubernetes/tag/
parent: containers_kubernetes
identifier: containers_kubernetes_tag
weight: 506
weight: 406
- name: Integrations
url: containers/kubernetes/integrations/
parent: containers_kubernetes
identifier: containers_kubernetes_integrations
weight: 507
weight: 407
- name: Prometheus & OpenMetrics
url: containers/kubernetes/prometheus/
parent: containers_kubernetes
identifier: containers_kubernetes_prometheus
weight: 508
weight: 408
- name: Control plane monitoring
url: containers/kubernetes/control_plane/
parent: containers_kubernetes
identifier: containers_kubernetes_control_plane
weight: 509
weight: 409
- name: Data collected
url: containers/kubernetes/data_collected/
parent: containers_kubernetes
identifier: containers_kubernetes_data_collected
weight: 510
weight: 410
- name: Datadog CSI Driver
url: containers/kubernetes/csi_driver
parent: containers_kubernetes
identifier: csi_driver
weight: 511
weight: 411
- name: Data security
url: data_security/kubernetes
parent: containers_kubernetes
identifier: container_kubernetes_data_security
weight: 512
weight: 412
- name: Cluster Agent
url: containers/cluster_agent/
parent: containers
identifier: containers_cluster
weight: 6
weight: 5
- name: Setup
url: containers/cluster_agent/setup/
parent: containers_cluster
identifier: cluster_agent_setup
weight: 601
weight: 501
- name: Commands & Options
url: containers/cluster_agent/commands/
identifier: cluster_agent_commands
parent: containers_cluster
weight: 602
weight: 502
- name: Cluster Checks
identifier: containers_cluster_agent_clusterchecks
url: containers/cluster_agent/clusterchecks/
parent: containers_cluster
weight: 603
weight: 503
- name: Endpoint Checks
identifier: containers_cluster_agent_endpoint_checks
url: containers/cluster_agent/endpointschecks/
parent: containers_cluster
weight: 604
weight: 504
- name: Admission Controller
identifier: containers_cluster_agent_admission_controller
url: containers/cluster_agent/admission_controller/
parent: containers_cluster
weight: 605
weight: 505
- name: Amazon ECS
url: containers/amazon_ecs/
parent: containers
identifier: containers_amazon_ecs
weight: 7
weight: 6
- name: APM
url: containers/amazon_ecs/apm/
parent: containers_amazon_ecs
identifier: containers_amazon_ecs_apm
weight: 701
weight: 601
- name: Log collection
url: containers/amazon_ecs/logs/
parent: containers_amazon_ecs
identifier: containers_amazon_ecs_logs
weight: 702
weight: 602
- name: Tag extraction
url: containers/amazon_ecs/tags/
parent: containers_amazon_ecs
identifier: containers_amazon_ecs_tags
weight: 703
weight: 603
- name: Data collected
url: containers/amazon_ecs/data_collected/
parent: containers_amazon_ecs
identifier: containers_amazon_ecs_data_collected
weight: 704
weight: 604
- name: AWS Fargate
url: integrations/ecs_fargate/
parent: containers
identifier: ecs_fargate
weight: 8
weight: 7
- name: Datadog Operator
url: containers/datadog_operator
identifier: containers_datadog_operator
parent: containers
weight: 9
weight: 8
- name: Advanced Install
url: containers/datadog_operator/advanced_install
identifier: containers_datadog_operator_installation
parent: containers_datadog_operator
weight: 901
weight: 801
- name: Configuration
url: containers/datadog_operator/config
identifier: containers_datadog_operator_configuration
parent: containers_datadog_operator
weight: 902
weight: 802
- name: Custom Checks
url: containers/datadog_operator/custom_check
identifier: containers_datadog_operator_customchecks
parent: containers_datadog_operator
weight: 903
weight: 803
- name: Data Collected
url: containers/datadog_operator/data_collected
identifier: containers_datadog_operator_datacollected
parent: containers_datadog_operator
weight: 904
weight: 804
- name: kubectl Plugin
url: containers/datadog_operator/kubectl_plugin
identifier: containers_datadog_operator_kubectlplugin
parent: containers_datadog_operator
weight: 905
weight: 805
- name: Secret Management
url: containers/datadog_operator/secret_management
identifier: containers_datadog_operator_secretmanagement
parent: containers_datadog_operator
weight: 906
weight: 806
- name: DatadogDashboard CRD
url: containers/datadog_operator/crd_dashboard
identifier: containers_datadog_operator_crd_dashboard
parent: containers_datadog_operator
weight: 907
weight: 807
- name: DatadogMonitor CRD
url: containers/datadog_operator/crd_monitor
identifier: containers_datadog_operator_crd_monitor
parent: containers_datadog_operator
weight: 908
weight: 808
- name: DatadogSLO CRD
url: containers/datadog_operator/crd_slo
identifier: containers_datadog_operator_crd_slo
parent: containers_datadog_operator
weight: 909
weight: 809
- name: Troubleshooting
url: containers/troubleshooting/
parent: containers
identifier: containers_troubleshooting
weight: 10
weight: 9
- name: Duplicate hosts
url: containers/troubleshooting/duplicate_hosts
parent: containers_troubleshooting
identifier: containers_troubleshooting_duplicate_hosts
weight: 1001
weight: 901
- name: Cluster Agent
url: containers/troubleshooting/cluster-agent
parent: containers_troubleshooting
identifier: containers_troubleshooting_cluster_agent
weight: 1002
weight: 902
- name: Cluster Checks
url: containers/troubleshooting/cluster-and-endpoint-checks
parent: containers_troubleshooting
identifier: containers_troubleshooting_cluster_and_endpoint_checks
weight: 1003
weight: 903
- name: HPA and Metrics Provider
url: containers/troubleshooting/hpa
parent: containers_troubleshooting
identifier: containers_troubleshooting_hpa
weight: 1004
weight: 904
- name: Admission Controller
url: containers/troubleshooting/admission-controller
parent: containers_troubleshooting
identifier: containers_troubleshooting_admission_controller
weight: 1005
weight: 905
- name: Guides
url: containers/guide
parent: containers
identifier: containers_guide
weight: 11
weight: 10
- name: Processes
url: infrastructure/process
identifier: process
Expand Down Expand Up @@ -7187,6 +7182,11 @@ menu:
url: /security/code_security/software_composition_analysis/setup_runtime/compatibility/
parent: sca_setup_runtime
weight: 1
- name: Library Inventory
identifier: sca_library_inventory
url: /security/code_security/software_composition_analysis/library_inventory/
parent: software_composition_analysis
weight: 3
- name: Secret Scanning
identifier: sec_secret_scanning
url: /security/code_security/secret_scanning/
Expand Down
10 changes: 9 additions & 1 deletion content/en/security/code_security/software_composition_analysis/_index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,8 +59,15 @@ Click on a library with a vulnerability to open a side panel that contains infor
<!-- {{< img src="code_security/software_composition_analysis/sca-violation.png" alt="Side panel for a SCA violation" style="width:80%;">}} -->

### Library inventory
The Libraries [Inventory][8] helps you understand the list of libraries and its versions that are used in both your codebase and running on deployed services. For each library version, you can assess how often it is used, its license riskiness, and understand the health of each library (e.g. if it has reached EOL, if it is unmaintained, etc.)

The [Library Inventory][8] provides visibility into the third-party libraries detected across your codebase. Datadog collects this information from:

* **Static SCA**, which identifies all libraries referenced in your repositories, and
* **Runtime SCA**, which detects libraries that are actually loaded and used by your services at runtime.

Use the Library Inventory to understand which dependencies you rely on, where they are used, and whether they contain known vulnerabilities or license risks.

To learn more about how the inventory is generated, how Static and Runtime data differ, and how to interpret the library details (usage, vulnerabilities, licenses, versions, and OpenSSF score), see [Library Inventory][14].

### Library vulnerability context in APM
SCA enriches the information Application Performance Monitoring (APM) is already collecting by flagging libraries that match with current vulnerability advisories. Potentially vulnerable services are highlighted directly in the **Security** view embedded in the [APM Software Catalog][10].
Expand Down Expand Up @@ -101,3 +108,4 @@ The Vulnerability Explorer offers remediation recommendations for detected vulne
[11]: https://app.datadoghq.com/security/appsec/vm/library
[12]: https://app.datadoghq.com/ci/code-analysis
[13]: /security/code_security/software_composition_analysis/setup_static/#upload-third-party-sbom-to-datadog
[14]: /security/code_security/software_composition_analysis/library_inventory
Loading
Loading