DataDog
diff --git a/‎config/_default/params.yaml
Lines changed: 1 addition & 0 deletions b/‎config/_default/params.yaml
Lines changed: 1 addition & 0 deletions
diff --git a/‎content/en/security/application_security/setup/aws/fargate/java.md
Lines changed: 150 additions & 0 deletions b/‎content/en/security/application_security/setup/aws/fargate/java.md
Lines changed: 150 additions & 0 deletions
diff --git a/‎content/en/security/application_security/setup/environments/java/compatibility.md
Lines changed: 84 additions & 0 deletions b/‎content/en/security/application_security/setup/environments/java/compatibility.md
Lines changed: 84 additions & 0 deletions
diff --git a/‎content/en/security/application_security/setup/environments/java/docker.md
Lines changed: 150 additions & 0 deletions b/‎content/en/security/application_security/setup/environments/java/docker.md
Lines changed: 150 additions & 0 deletions
@@ -102,6 +102,7 @@ code_language_ids:
     native: Native
     other: Other
     linux: Linux
+    macos: macOS
     windows: Windows
     opentelemetry: OpenTelemetry
     ddprof: "Rust/C/C++"
 
@@ -0,0 +1,150 @@
+---
+title: Setup App and API Protection for Java on AWS Fargate
+further_reading:
+- link: "/security/application_security/how-it-works/"
+  tag: "Documentation"
+  text: "How App and API Protection Works"
+- link: "/security/default_rules/?category=cat-application-security"
+  tag: "Documentation"
+  text: "OOTB App and API Protection Rules"
+- link: "/security/application_security/troubleshooting"
+  tag: "Documentation"
+  text: "Troubleshooting App and API Protection"
+---
+
+{{< partial name="api_security/callout.html" >}}
+
+{{< partial name="api_security/java/overview.html" >}}
+
+This guide explains how to set up App and API Protection (AAP) for Java applications running on AWS Fargate. The setup involves:
+1. Installing the Datadog Agent
+2. Configuring your Java application
+3. Enabling AAP monitoring
+
+## Prerequisites
+
+- AWS Fargate environment
+- Java application containerized with Docker
+- AWS CLI configured with appropriate permissions
+- Datadog Agent installed
+
+## Setup
+
+### 1. Install the Datadog Agent
+
+Install the Datadog Agent in your Fargate task definition:
+
+```json
+{
+  "containerDefinitions": [
+    {
+      "name": "datadog-agent",
+      "image": "public.ecr.aws/datadog/agent:latest",
+      "environment": [
+        {
+          "name": "DD_API_KEY",
+          "value": "<YOUR_API_KEY>"
+        },
+        {
+          "name": "DD_APM_ENABLED",
+          "value": "true"
+        },
+        {
+          "name": "DD_APM_NON_LOCAL_TRAFFIC",
+          "value": "true"
+        }
+      ]
+    }
+  ]
+}
+```
+
+## Library setup
+
+To enable AAP capabilities, you need the Datadog Java tracing library (version 0.94.0 or higher) installed in your application environment.
+
+### Download the library
+
+Add the following to your application's Dockerfile:
+
+```dockerfile
+ADD 'https://dtdg.co/latest-java-tracer' /dd-java-agent.jar
+```
+
+### Verify compatibility
+
+To check that your service's language and framework versions are supported for AAP capabilities, see [Single Step Instrumentation Compatibility][2].
+
+## Service configuration
+
+### Standalone billing alternative
+
+If you want to use Application Security Management without APM tracing functionality, you can deploy with [Standalone App and API Protection][4]. This configuration reduces the amount of APM data sent to Datadog to the minimum required by App and API Protection products.
+
+To enable standalone mode:
+1. Set `DD_APM_TRACING_ENABLED=false` environment variable
+2. Keep `DD_APPSEC_ENABLED=true` environment variable
+3. This configuration will minimize APM data while maintaining full security monitoring capabilities
+
+### Enabling AAP
+
+#### Run your application with AAP enabled
+
+Update your task definition to include the Java agent and AAP configuration:
+
+```json
+{
+  "containerDefinitions": [
+    {
+      "name": "your-java-app",
+      "image": "your-java-app-image",
+      "environment": [
+        {
+          "name": "DD_APPSEC_ENABLED",
+          "value": "true"
+        },
+        {
+          "name": "DD_SERVICE",
+          "value": "<YOUR_SERVICE_NAME>"
+        },
+        {
+          "name": "DD_ENV",
+          "value": "<YOUR_ENVIRONMENT>"
+        }
+      ],
+      "command": [
+        "java",
+        "-javaagent:/dd-java-agent.jar",
+        "-jar",
+        "/app.jar"
+      ]
+    }
+  ]
+}
+```
+
+**Important considerations:**
+- **File system requirements**: Read-only file systems are not currently supported. The application must have access to a writable `/tmp` directory.
+- **Service identification**: Always specify `DD_SERVICE` (or `-Ddd.service`) and `DD_ENV` (or `-Ddd.env`) for proper service identification in Datadog.
+
+## Verify setup
+
+To verify that AAP is working correctly:
+
+1. Send some traffic to your application
+2. Check the [Application Signals Explorer][5] in Datadog
+3. Look for security signals and vulnerabilities
+
+## Troubleshooting
+
+If you encounter issues while setting up App and API Protection for your Java application, see the [Java App and API Protection troubleshooting guide][3].
+
+## Further Reading
+
+{{< partial name="whats-next/whats-next.html" >}}
+
+[1]: https://docs.datadoghq.com/tracing/trace_collection/automatic_instrumentation/single-step-apm/?tab=awsfargate
+[2]: https://app.datadoghq.com/security/appsec
+[3]: /security/application_security/setup/environments/java/troubleshooting
+[4]: /security/application_security/setup/java/standalone
+[5]: https://app.datadoghq.com/security/appsec
@@ -0,0 +1,84 @@
+---
+title: Java Compatibility Requirements
+code_lang: java
+type: multi-code-lang
+code_lang_weight: 20
+aliases:
+  - /security/application_security/threats/setup/compatibility/java
+---
+
+## App and API Protection capabilities
+
+The following App and API Protection capabilities are supported in the Java library, for the specified tracer version:
+
+| App and API Protection capability                   | Minimum Java tracer version |
+| -------------------------------------------------- | --------------------------- |
+| Threat Detection                                   | 0.94.0                      |
+| Threat Protection                                  | 0.94.0                      |
+| Customize response to blocked requests             | 0.94.0                      |
+| Automatic user activity event tracking             | 0.94.0                      |
+| API Security                                       | 0.94.0                      |
+
+The minimum tracer version to get all supported App and API Protection capabilities for Java is 0.94.0.
+
+**Note**: Threat Protection requires enabling [Remote Configuration][1], which is included in the listed minimum tracer version.
+
+### Supported deployment types
+| Type              | Threat Detection support |
+|------------------ | ------------------------ |
+| Docker            | {{< X >}}                |
+| Kubernetes        | {{< X >}}                |
+| Amazon ECS        | {{< X >}}                |
+| AWS Fargate       | {{< X >}}                |
+| AWS Lambda        | {{< X >}}                |
+| Google Cloud Run  | {{< X >}}                |
+
+## Language and framework compatibility
+
+### Supported Java versions
+
+The Datadog Java Tracing library is open source. View the [GitHub repository][2] for more information.
+
+The Datadog Java Tracing Library supports Java 8 and newer versions. For optimal performance and feature support, we recommend using the latest LTS version of Java.
+
+You must be running Datadog Agent v7.41.1+ for App and API Protection features.
+
+## Integrations
+
+The Java tracer includes support for the following frameworks, data stores, and libraries:
+
+### Web frameworks
+- Spring Boot
+- Spring Web
+- Spring WebFlux
+- JAX-RS
+- Play Framework
+- Spark Java
+- Vert.x
+- gRPC
+
+### Data stores
+- JDBC
+- MongoDB
+- Redis
+- Elasticsearch
+- Cassandra
+- Couchbase
+
+### Message brokers
+- Kafka
+- RabbitMQ
+- JMS
+
+### Other
+- OkHttp
+- Apache HttpClient
+- JSP
+- Servlet
+- GraphQL
+
+For a complete list of supported integrations and their versions, see the [Java tracer documentation][3].
+
+[1]: /agent/remote_config/#enabling-remote-configuration
+[2]: https://github.com/DataDog/dd-trace-java
+[3]: /tracing/trace_collection/compatibility_requirements/java 
@@ -0,0 +1,150 @@
+---
+title: Setup App and API Protection for Java in Docker
+code_lang: docker
+type: multi-code-lang
+code_lang_weight: 10
+further_reading:
+- link: "/security/application_security/how-it-works/"
+  tag: "Documentation"
+  text: "How App and API Protection Works"
+- link: "/security/default_rules/?category=cat-application-security"
+  tag: "Documentation"
+  text: "OOTB App and API Protection Rules"
+- link: "/security/application_security/troubleshooting"
+  tag: "Documentation"
+  text: "Troubleshooting App and API Protection"
+---
+
+{{< partial name="api_security/callout.html" >}}
+
+{{< partial name="api_security/java/overview.html" >}}
+
+This guide explains how to set up App and API Protection (AAP) for Java applications running in Docker containers. The setup involves:
+1. Installing the Datadog Agent
+2. Configuring your Java application container
+3. Enabling AAP monitoring
+
+## Prerequisites
+
+- Docker installed on your host
+- Java application containerized with Docker
+- Datadog Agent installed on the host or as a container
+
+# Setup
+
+## 1. Install and run the Datadog Agent
+
+If you haven't already, install the Datadog Agent on your host or as a container. For containerized installation:
+
+```bash
+docker run -d --name datadog-agent \
+  -v /var/run/docker.sock:/var/run/docker.sock:ro \
+  -v /proc/:/host/proc/:ro \
+  -v /sys/fs/cgroup/:/host/sys/fs/cgroup:ro \
+  -e DD_API_KEY=<YOUR_API_KEY> \
+  -e DD_APM_ENABLED=true \
+  -e DD_APM_NON_LOCAL_TRAFFIC=true \
+  datadog/agent:latest
+```
+
+### Library setup
+
+To enable AAP capabilities, you need the Datadog Java tracing library (version 0.94.0 or higher) installed in your application environment. Normally, this is done with the run command above, however, if it does not, you can download the agent manually.
+
+#### Download the library
+
+Download the latest version of the Datadog Java library:
+
+```dockerfile
+ADD 'https://dtdg.co/latest-java-tracer' /dd-java-agent.jar
+```
+
+#### Verify compatibility
+
+To check that your service's language and framework versions are supported for AAP capabilities, see [Single Step Instrumentation Compatibility][2].
+
+## Service configuration
+
+### Run your application with AAP enabled
+{{% tabs %}}
+  {{% tab "APM Tracing Enabled" %}}
+
+Start your Java application with the Datadog agent and AAP enabled:
+
+```dockerfile
+ENTRYPOINT ["java", "-javaagent:/dd-java-agent.jar", "-Ddd.appsec.enabled=true", "-Ddd.service=<MY_SERVICE>", "-Ddd.env=<MY_ENV>", "-jar", "/app.jar"]
+```
+  {{% /tab %}}
+  {{% tab "APM Tracing Disabled (Standalone Billing)" %}}
+
+If you want to use Application Security Management without APM tracing functionality, you can deploy with [Standalone App and API Protection][2]. This configuration reduces the amount of APM data sent to Datadog to the minimum required by App and API Protection products.
+
+To enable standalone mode:
+1. Set `DD_APM_TRACING_ENABLED=false` environment variable
+2. Keep `DD_APPSEC_ENABLED=true` environment variable
+3. This configuration will minimize APM data while maintaining full security monitoring capabilities
+
+```dockerfile
+ENTRYPOINT ["java", "-javaagent:/dd-java-agent.jar", "-Ddd.appsec.enabled=true", "-Ddd.apm.tracing.enabled=false", "-Ddd.service=<MY_SERVICE>", "-Ddd.env=<MY_ENV>", "-jar", "/app.jar"]
+```
+
+**Important considerations:**
+- **File system requirements**: Read-only file systems are not currently supported. The application must have access to a writable `/tmp` directory.
+- **Service identification**: Always specify `DD_SERVICE` (or `-Ddd.service`) and `DD_ENV` (or `-Ddd.env`) for proper service identification in Datadog.
+  {{% /tab %}}
+{{% /tabs %}}
+
+## 2. Configure your Java application container
+
+Add the following to your Dockerfile:
+
+```dockerfile
+# Download the Datadog Java agent
+ADD 'https://dtdg.co/latest-java-tracer' /dd-java-agent.jar
+
+# Set environment variables
+ENV DD_APPSEC_ENABLED=true
+ENV DD_SERVICE=<YOUR_SERVICE_NAME>
+ENV DD_ENV=<YOUR_ENVIRONMENT>
+
+# Add the Java agent to your application's startup command
+ENTRYPOINT ["java", "-javaagent:/dd-java-agent.jar", "-jar", "/app.jar"]
+```
+
+## 3. Run your container
+
+When running your container, make sure to:
+1. Connect it to the same Docker network as the Datadog Agent
+2. Set the required environment variables
+
+```bash
+docker run -d \
+  --name your-java-app \
+  --network datadog-network \
+  -e DD_APPSEC_ENABLED=true \
+  -e DD_SERVICE=<YOUR_SERVICE_NAME> \
+  -e DD_ENV=<YOUR_ENVIRONMENT> \
+  your-java-app-image
+```
+
+### Verify setup
+
+To verify that AAP is working correctly:
+
+1. Send some traffic to your application
+2. Check the [Application Signals Explorer][5] in Datadog
+3. Look for security signals and vulnerabilities
+
+## Troubleshooting
+
+If you encounter issues while setting up App and API Protection for your Java application, see the [Java App and API Protection troubleshooting guide][3].
+
+## Further Reading
+
+{{< partial name="whats-next/whats-next.html" >}}
+
+[1]: https://docs.datadoghq.com/tracing/trace_collection/automatic_instrumentation/single-step-apm/?tab=docker
+[2]: /security/application_security/setup/environments/java/compatibility
+[3]: /security/application_security/setup/environments/java/troubleshooting
+[4]: /security/application_security/setup/java/standalone
+[5]: https://app.datadoghq.com/security/appsec