Datadog unveils IDP to boost developer autonomy & speed

Datadog has introduced its Internal Developer Portal (IDP), billed as the first developer portal built on live observability data, aiming to support engineering teams under increasing demands for faster and more reliable software delivery.
Engineering teams reportedly face rising pressure to deliver code that is not only fast and secure but also compliant with legal, regulatory, and internal policies. In this environment, developers are expected to manage a broad span of requirements, including code quality, testing, security scans, infrastructure configurations, observability, and compliance—while also understanding dependencies and real-time system performance.
Increasing system complexity and corresponding cognitive load mean that developers increasingly depend on platform engineers to resolve bottlenecks, which, according to Datadog, can slow down software delivery as both groups tackle resource constraints.
According to the company, the Datadog IDP is designed to grant developers greater autonomy, enabling them to ship updates quickly while adhering to established standards. The IDP relies on Datadog's Application Performance Monitoring (APM) suite to automatically map services and dependencies. This creates a real-time, unified view of performance, service ownership, and relevant engineering information.
The product allows developers to build, test, deploy, and monitor software through self-service actions that include built-in guardrails for delivery. Meanwhile, platform engineers can use scorecards to track compliance with criteria such as reliability, security, and monitoring standards.
Capabilities
Datadog IDP incorporates several core features designed to support these objectives. The Software Catalog offers a continually updated record of organisational software, including ownership, real-time performance metrics, and links to documentation, dashboards, and source code. The catalog is automatically synchronized to Datadog's telemetry stream.
Self-service actions are provided via pre-built templates, facilitating tasks such as provisioning infrastructure or triggering remediation steps without the need for direct intervention from platform engineers. These templates are powered by Datadog's App Builder and Workflow Automation tools.
Scorecards, part of the IDP, allow for the setting and monitoring of pass/fail rules in areas such as reliability, security, observability, and cost, with options for both standard and custom criteria. Engineering Reports provide visibility into reliability, performance, and compliance status, supplying targeted views for team leads, developers, and executives. "Datadog's IDP brings together both observed and declared system states, as well as existing systems of record. This combination shows not only developer intention but also what is actually in production. Whether developers onboard new teams or are tasked with complex projects such as migrating code from EC2 to Kubernetes, Datadog automatically provides visibility into their systems and reflects changes as they are being made—without stale metadata or manual syncing," said Michael Whetten, VP of Product at Datadog. "Datadog IDP empowers developers to collaborate more effectively and deliver software that meets their organisation's standards, at the pace that is expected from them."
The company states that IDP also enhances incident response by providing a live, central knowledge base for quicker triage and decision making during service outages or other technical incidents. This information is integrated with other tools across the Datadog platform, such as Status Pages, which uses the same ownership metadata to communicate incident scope and impact to stakeholders.
Additional functionality includes a voice interface, enabling on-call engineers to query service owners, review recent changes, and access other relevant information hands-free for faster diagnostics and investigations using data from the IDP.
The launch of Datadog IDP coincided with the company's announcements in areas including AI observability, applied AI, AI security, and log management.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

NZ Herald

2 hours ago

• NZ Herald

Hawke's Bay runner plans marathon for 115 women killed on runs

Why US$42b DataDog is going all in on AI The enterprise software company DataDog is investing almost US$1b a year into artificial intelligence.

Techday NZ

13-06-2025

• Techday NZ

Azul boosts Java security with improved runtime vulnerability detection

Azul has introduced enhanced vulnerability detection capabilities to its Intelligence Cloud that aim to reduce false positives and improve the accuracy of identifying Java application security risks. The company's updated solution, called Azul Vulnerability Detection, now uses class-level production runtime data to detect known vulnerabilities within Java applications. This approach contrasts with conventional application security (AppSec) and application performance monitoring (APM) tools, which often flag vulnerabilities based on component file names or software bill of materials (SBOM) data. Such traditional practices can generate a large volume of false positives, which the company asserts unnecessarily divert DevOps teams' time and effort. Based on findings from the Azul 2025 State of Java Survey & Report, a significant proportion of organisations are affected by this problem, with 33% indicating that more than half of their DevOps teams' time is spent addressing false positives related to Java Common Vulnerabilities and Exposures (CVEs) alerts. The broad-brush flagging approach, which does not distinguish between components actually used in production and those simply present, can result in alerts for unused or non-critical vulnerabilities. Azul's approach leverages data from Java application production environments to establish whether vulnerable classes in a component are executed, rather than simply existing as part of a packaged file. The company claims this refinement enables the solution to eliminate up to 99% of false positives, translating to a potential 100 to 1,000 times reduction compared to earlier detection methods. The technical approach The solution operates by applying a curated knowledge base that maps CVEs to individual Java classes used at runtime. By examining actual code paths executed in live environments, the system can determine whether a flagged vulnerability is relevant and warrants example cited is CVE-2024-1597, which affects specific versions of the PostgreSQL Java Database Connectivity (JDBC) driver. This high-severity vulnerability, which scores 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS), can only be exploited when the driver is used in a particular non-default configuration. Conventional tools issue alerts if the driver is present in the application package, regardless of how it is used, contributing to unnecessary remediation efforts. Azul's detection mechanism discerns whether any of the 11 susceptible classes out of 470 in the component are used, thereby reducing irrelevant alerts. Key benefits According to Azul, the Intelliigence Cloud's Vulnerability Detection capability provides several benefits to enterprises managing extensive Java estates. These include continuous, real-time detection of vulnerabilities in production environments, which helps teams rapidly triage and prioritise critical issues in high-stakes scenarios like the Log4j vulnerability event. The platform retains both real-time and historical data on component and code use, using AI methods to focus forensic investigations on vulnerabilities actively exploited prior to their discovery. Azul's vulnerability team updates the system's knowledge base with newly identified CVEs, using AI to monitor sources such as the National Vulnerabilities Database (NVD) and other repositories. The runtime data collection works across Oracle JDK as well as any OpenJDK-based Java Virtual Machine (JVM), providing flexibility for organisations using a range of Java distributions, including those from Amazon, Temurin, Microsoft, and Red Hat. Azul states that this data-gathering incurs no impact on production system performance, as it leverages information already generated by the JVM during application execution. "The improved Vulnerability Detection features strengthen the proposition of Azul's Intelligence Cloud analytics SaaS offering as a way to increase DevOps productivity and recover developer capacity by reducing the need for full-time employee time spent wasted on security false positives and inefficient triage," said William Fellows, research director at 451 Research, part of S&P Global Market Intelligence. Company statement "Our mission is to help enterprises focus their security efforts on what matters - real risk, not noise," said Scott Sellers, co-founder and CEO of Azul. "By eliminating up to 99% of false positives and pinpointing vulnerabilities in Java applications with 100x – 1000x greater accuracy than traditional tools, Azul Intelligence Cloud enables capacity recovery across DevOps and security teams. As a result, teams can dramatically reduce noise, prioritise real risk and accelerate remediation - all with zero impact to performance and without slowing innovation." Azul's enhancements to its Intelligence Cloud are positioned to address long-standing productivity challenges faced by DevOps teams handling Java application security, particularly the time lost to managing irrelevant or inaccurate alerts.

Scoop

13-06-2025

• Scoop

Datadog Expands Log Management Offering With New Long-Term Retention, Search And Data Residency Capabilities

Datadog, Inc. (NASDAQ: DDOG), the monitoring and security platform for cloud applications, today at DASH announced new capabilities in its log management suite, which are designed to help organisations optimise logging costs at scale and meet the stringent data retention, auditability and data residency requirements of regulated industries. Logs are critical for threat detection, incident response and audit trails. However, lack of flexibility, high costs and data retention limitations remain roadblocks for security and compliance teams. Financial services, healthcare and insurance companies face similar challenges, having to comply with regulations and maintain full control over sensitive operational data, including their logs. Likewise, organisations operating under regional data residency laws or internal security policies are often required to store data within controlled environments, whether on-premises or in-region cloud infrastructure. These organisations need to remain compliant while having a scalable and efficient log management strategy. Traditional solutions, however, often introduce high costs, operational overhead and fragmented workflows. At its DASH conference in 2023, Datadog launched Flex Logs, which has since become one of its fastest-growing products. Flex Logs decouples the costs of log storage from the costs of querying. It provides both short- and long-term log retention for a nominal monthly fee without sacrificing visibility, enabling streamlined correlation between all of an organisation's logs, metrics and traces. To help companies meet data residency regulations, policies and preferences—while further optimising cost and efficiency—Datadog has launched new log management capabilities that build on the foundation set by Flex Logs. Datadog's latest enhancements enable organisations to support modern SIEM and security workflows while maintaining full visibility, cost consciousness and operational efficiency: Archive Search queries logs from customer-owned cold storage without requiring re-indexing. Archived logs can be searched the same way as logs under retention in the Log Explorer without introducing new tools or extra training. Datadog keeps the user experience consistent, regardless of the age of logs. Flex Frozen is a new storage tier extending log retention to over seven years, eliminating the need for managing and securing external archives. Built for audit-heavy, compliance-driven environments, Flex Frozen simplifies data retention by keeping logs inside Datadog in order to reduce overhead, simplify reporting and analytics, and improve accessibility. CloudPrem enables enterprises to deploy Datadog's indexing and search capabilities within their own infrastructure. Whether it's due to regional data residency laws or internal compliance mandates, customers can now keep their logs local—while continuing to use the Datadog UI and workflows they trust. 'As compliance standards grow more complex and global data regulations tighten, organisations face mounting pressure to retain log data longer, search it faster and keep it where it belongs,' said Michael Whetten, VP of Product at Datadog. 'With today's launches, Datadog makes it easier to manage logs, control their costs and stay compliant without sacrificing performance, accessibility or the user experience.'