Code Security Documentation Content Update (#27406)

Co-authored-by: Michael Cretzman <[email protected]>

Author: kassenq

content/en/security/code_security/_index.md

@@ -5,47 +5,51 @@ aliases:
 - /code_analysis/
 ---
 
-Code Security scans your pre-production code, open source libraries, and repositories to find security vulnerabilities and code quality issues. It encompasses the following capabilities:
+Code Security scans your first-party code and open source libraries used in your applications in both your repositories and running services, providing end-to-end visibility from development to production. It encompasses the following capabilities:
 
-- [Static Code Analysis (SAST)][1] for your first-party code
-- [Software Composition Analysis][2] for open source dependencies in your codebase
+- [Static Code Analysis (SAST)][1] for identifying security and quality issues in your first-party code
+- [Software Composition Analysis (SCA)][2] for identifying open source dependencies in both your repositories and your services
 - [Runtime Code Analysis (IAST)][3] for code-level vulnerabilities in your services
 
-## Static Code Analysis (SAST)
-
-SAST analyzes static pre-production code to identify maintainability and security issues.
-
-SAST has benefits for multiple people in your organization:
-
+Code Security helps teams implement DevSecOps throughout the organization:
 - **Developers:** early vulnerablity detection, code quality improvements, faster development as developers spend less time debugging and patching.
-- **Site Reliability Engineers (SREs):** system resilience, security compliance, automated security checks as SAST integrates with CI/CD pipelines. Overall, SAST reduces manual overhead for SREs and ensures that each release is thoroughly tested for vulnerabilities.
-- **Administrators:** enhanced security posture, improved patch management in response to early vulnerability alerts, and compliance monitoring.
-- **Support Representatives:** incident prevention, faster issue resolutions, and customer assurance.
+- **Security Administrators:** enhanced security posture, improved patch management in response to early vulnerability alerts, and compliance monitoring.
+- **Site Reliability Engineers (SREs):** automated security checks throughout CI/CD workflow, security compliance, and system resilience. SAST reduces manual overhead for SREs and ensures that each release is thoroughly tested for vulnerabilities.
 
-You supports scanning for multiple languages and you can integrate SAST into your development lifecycle using CI providers, source code management tools, and IDEs.
+## Static Code Analysis (SAST)
+Static Code Analysis (SAST) analyzes pre-production code to identify security and quality issues. You can embed best security and development practices throughout the software development lifecycle with:
+- IDE integration to flag violations in real time with deterministic suggested fixes
+- In-line GitHub pull request comments with deterministic suggested fixes and incremental/diff-aware scanning
+- Ability to open a pull request to fix a violation directly from Datadog 
 
-See [Static Code Analysis Setup][6] for more details.
+Scans can run via your CI/CD pipelines or directly in Datadog with hosted scanning (GitHub-only).
+See [Static Code Analysis Setup][6] to get started.
 
 ## Software Composition Analysis
+Software Composition Analysis (SCA) analyzes open source libraries in both your repositories and running services. You can track and manage dependencies across the software development lifecycle with:
+- IDE integration to flag vulnerabilities affecting libraries running on your services
+- Ability to open a pull request to fix a library vulnerability directly from Datadog
+- Runtime-informed prioritization of vulnerabilities with the Datadog severity score
 
-Software Composition Analysis (SCA) analyzes open source libraries in both your repositories and running services, providing end-to-end visibility of library vulnerabilities and license management from development to production.
-
-SCA supports [static][4] and [runtime][5] scanning and provides libraries in the most common languages and technologies.
+SCA supports both static and runtime dependency detection.
+For static scanning, you can scan via your CI/CD pipelines or directly via Datadog with hosted scanning (GitHub-only). See [static setup][4] to get started.
+For runtime vulnerability detection, you can easily enable SCA on your services instrumented with Datadog APM. See [runtime setup][5] to get started.
 
 ## Runtime Code Analysis (IAST)
+Runtime Code Analysis (IAST) identifies code-level vulnerabilities in your running services. It relies on inspection of legitimate application traffic as opposed to external testing that often requires extra configuration or periodic scheduling. IAST provides an up-to-date view of your attack surface area by:
+- Monitoring your code's interactions with other components of your stack (such as libraries and infrastructure)
+- Providing 100% coverage of the OWASP Top 10
+- Runtime-informed prioritization of vulnerabilities with the Datadog severity score
 
-Datadog Runtime Code Analysis (IAST) identifies code-level vulnerabilities in your services and provides actionable insights and recommended fixes.
-
-IAST enables Datadog to identify vulnerabilities using legitimate application traffic instead of relying on external tests that could require extra configuration or periodic scheduling. It also monitors your code’s interactions with other components of your stack, such as libraries and infrastructure, providing an up-to-date view of your attack surface area.
-
-For a list of supported services, see [Runtime Code Analysis][3].
+You can enable IAST on your services instrumented with Datadog APM. See [IAST setup][3] to get started.
 
 [1]: /security/code_security/static_analysis/
 [2]: /security/code_security/software_composition_analysis/
 [3]: /security/code_security/iast/
 [4]: /security/code_security/software_composition_analysis/setup_static/
 [5]: /security/code_security/software_composition_analysis/setup_runtime/
 [6]: /security/code_security/static_analysis/setup/
+[7]: /security/code_security/iast/setup/
 
 
 

content/en/security/code_security/dev_tool_int/_index.md

@@ -1,5 +1,5 @@
 ---
-title: Dev tool integrations
+title: Developer Tool Integrations
 disable_toc: false
 
 ---

content/en/security/code_security/dev_tool_int/git_hooks/_index.md

@@ -11,9 +11,9 @@ A [Git hook](https://git-scm.com/docs/githooks) is a program executed before a u
 or pushes code to a remote location. A Git hook is generally used to run verifications
 and enforce requirements on the code before it is pushed to the remote branch.
 
-Datadog Code Security provides a Git hook to check for static analysis
-violations or secrets before code is pushed or committed. The Datadog Code Security Git hook
-checks the code from the latest commit and the default branch and surfaces
+Datadog Code Security provides a Git hook to check for Static Code Analysis (SAST)
+violations or secrets before code is pushed or committed. The Code Security Git hook
+checks the code from the latest commit and the default branch and flags
 any errors it detects.
 
 The Datadog Git hook warns developers before they push any code
@@ -54,6 +54,7 @@ The program accepts the following parameters:
  - `--confirmation`: Ask the user for confirmation to override the Git hook check
  - `--default-branch`: Specify the name of the default branch.
  - `--static-analysis`: Enable Static Code Analysis.
- - `--secrets`: Enable secrets detection (private beta).
+ - `--secrets`: Enable secrets detection (in preview - please reach out to [Datadog Support][1]).
  - `--output <file>`: Export the findings found in the commit into a SARIF file.
 
+[1]: https://www.datadoghq.com/support/

content/en/security/code_security/dev_tool_int/github_pull_requests/_index.md

@@ -9,9 +9,8 @@ aliases:
 ## Overview
 
 Code Security integrates with GitHub pull requests in two ways:
-[Pull request comments to flag violations](#enable-code-security-pr-comments-for-your-repositories)
+- [Pull request comments to flag violations](#enable-code-security-pr-comments-for-your-repositories)
 {{< img src="ci/static-analysis-pr-comment-example.png" alt="Example of a Code Security comment on a pull request" style="width:90%;" >}}
-
 - [Open a pull request to fix an issue directly from Datadog](#fixing-a-vulnerability-directly-from-datadog): You can create a pull request from the UI to fix a security vulnerability or code quality issue based on Datadog's suggested code fix. This is only available for Static Code Analysis (SAST).
 {{< img src="ci/sast_one_click_light.png" alt="Example of one-click remediation for Code Security" style="width:90%;" >}}
 
@@ -21,7 +20,7 @@ To enable these features, ensure you have the required GitHub permissions (Read
 
 ### Enable Datadog Code Security
 
-To use Datadog Code Security, add the appropriate configuration files to your repository, as described in the [setup instructions][1].
+To enable Code Security in-app, navigate to the [**Code Security** page][4].
 
 ### Configure a GitHub App
 

content/en/security/code_security/guides/_index.md

@@ -6,7 +6,7 @@ disable_toc: false
 
 
 
-{{< whatsnext desc="Software Composition Analysis" >}}
+{{< whatsnext desc="" >}}
     {{< nextlink href="/security/code_security/guides/automate_risk_reduction_sca/" >}}Automate open source risk reduction with Datadog SCA{{< /nextlink >}}
 
 {{< /whatsnext >}}

content/en/security/code_security/iast/_index.md

@@ -7,15 +7,13 @@ aliases:
 
 ## Overview
 
-Datadog Runtime Code Analysis (IAST) identifies code-level vulnerabilities in your services and provides actionable insights and recommended fixes.
-
-For a list of supported services, see the [Library Compatibility Requirements][5].
+Datadog Runtime Code Analysis (IAST) identifies code-level vulnerabilities in your services and provides actionable insights and recommended fixes. For a list of supported services, see the [Library Compatibility Requirements][5].
 
 Runtime Code Analysis uses an Interactive Application Security Testing (IAST) approach to find vulnerabilities within your application code based on your Datadog application instrumentation.
 
 IAST enables Datadog to identify vulnerabilities using legitimate application traffic instead of relying on external tests that could require extra configuration or periodic scheduling. It also monitors your code’s interactions with other components of your stack, such as libraries and infrastructure, providing an up-to-date view of your attack surface area.
 
-The Code Security detection rules support the following languages.
+IAST detection rules support the following languages.
 
 | Severity | Detection Rule                        | Java  | .NET  | Node.js | Python |
 | -------- | ------------------------------------- | ----- | ----- | ------- |--------|
@@ -110,7 +108,7 @@ For information on disabling Code Security, see [Disabling Code Security][12].
 [2]: /security/code_security/iast/setup/java/
 [3]: /integrations/jira/
 [4]: /account_management/rbac/permissions/#integrations
-[5]: /security/code_security/iast/setup/
+[5]: /security/code_security/iast/setup/#using-datadog-tracing-libraries
 [6]: https://docs.google.com/forms/d/1wsgbd80eImvJSjXe5y5VCjAW0zzn5p3CoCLsOy0vqsk/
 [7]: /integrations/github/
 [9]: /security/code_security/iast/setup/

content/en/security/code_security/iast/setup/compatibility/_index.md

@@ -10,11 +10,11 @@ further_reading:
   text: "How Application Security Management Works in Datadog"
 ---
 
-The following ASM capabilities are supported relative to each language's tracing library:
+The following capabilities are supported relative to each language's tracing library:
 
-| Application Security capability               | Java    | .NET     | Node.js        | Python        | Go              | Ruby          | PHP           |
+| Capability               | Java    | .NET     | Node.js        | Python        | Go              | Ruby          | PHP           |
 |-----------------------------------------------|---------|----------|----------------|---------------|-----------------|---------------|---------------|
-| Code Security                                 | 1.15.0  | 2.42.0   | 4.18.0         | Preview          | not supported   | not supported | not supported |
+| Runtime Code Analysis (IAST)                                 | 1.15.0  | 2.42.0   | 4.18.0         | Preview          | not supported   | not supported | not supported |
 
 Select your application language for details about framework compatibility and feature support.