DataDog · Julio-Guerra · Mar 17, 2026 · Mar 18, 2026
@@ -79,4 +79,5 @@ Learn how to enable App and API Protection on all the following supported platfo
 
 {{< appsec-integrations >}}
   {{< appsec-integration name="Azure App Service" avatar="azure-appserviceenvironment" link="./azure/app-service" >}}
+  {{< appsec-integration name="Azure Container Apps" avatar="azure-container-apps" link="./azure/container-apps" >}}
 {{< /appsec-integrations >}}
@@ -0,0 +1,43 @@
+---
+title: Enabling App and API Protection for Azure Container Apps
+disable_sidebar: true
+further_reading:
+- link: "/security/application_security/"
+  tag: "Documentation"
+  text: "Protect against Threats with Datadog App and API Protection"
+- link: "/security/application_security/add-user-info/"
+  tag: "Documentation"
+  text: "Tracking user activity"
+- link: "/security/default_rules/?category=cat-application-security"
+  tag: "Documentation"
+  text: "OOTB App and API Protection Rules"
+- link: "/security/application_security/troubleshooting"
+  tag: "Documentation"
+  text: "Troubleshooting App and API Protection"
+- link: "/security/application_security/how-it-works/"
+  tag: "Documentation"
+  text: "How App and API Protection Works in Datadog"
+---
+
+Learn how to set up App and API Protection (AAP) on your Azure Container Apps by selecting the programming language your application is written in.
+
+<div class="alert alert-info">AAP support for Azure Container Apps is in Preview.</div>
+
+**Note**: Threat Protection through Remote Configuration is not supported. Use [Workflows][1] to block IPs in your [WAF][2].
+
+{{< appsec-integrations >}}
+  {{< appsec-integration name="Python" avatar="python" link="./python" >}}
+  {{< appsec-integration name="Node.js" avatar="node" link="./nodejs" >}}
+  {{< appsec-integration name="Java" avatar="java" link="./java" >}}
+  {{< appsec-integration name="Go" avatar="go" link="./go" >}}
+  {{< appsec-integration name="Ruby" avatar="ruby" link="./ruby" >}}
+  {{< appsec-integration name=".NET" avatar="dotnet" link="./dotnet" >}}
+  {{< appsec-integration name="PHP" avatar="php" link="./php" >}}
+{{< /appsec-integrations >}}
+
+## Further Reading
+
+{{< partial name="whats-next/whats-next.html" >}}
+
+[1]: /actions/workflows/
+[2]: /security/application_security/waf-integration/
@@ -0,0 +1,113 @@
+---
+title: Enabling App and API Protection for Azure Container Apps in .NET
+further_reading:
+- link: "/security/application_security/how-it-works/"
+  tag: "Documentation"
+  text: "How App and API Protection Works"
+- link: "/security/default_rules/?category=cat-application-security"
+  tag: "Documentation"
+  text: "OOTB App and API Protection Rules"
+- link: "/security/application_security/troubleshooting"
+  tag: "Documentation"
+  text: "Troubleshooting App and API Protection"
+- link: "/security/application_security/threats/"
+  tag: "Documentation"
+  text: "App and API Protection"
+---
+
+<div class="alert alert-info">AAP support for Azure Container Apps is in Preview.</div>
+
+**Note**: Threat Protection through Remote Configuration is not supported. Use [Workflows][3] to block IPs in your [WAF][4].
+
+## Setup
+
+1. **Install the Datadog .NET tracer** in your Dockerfile.
+
+   {{< tabs >}}
+   {{% tab "Standard Linux (glibc)" %}}
+{{< code-block lang="dockerfile" filename="Dockerfile" disable_copy="false" collapsible="true" >}}
+ARG TRACER_VERSION
+RUN curl -L -s "https://github.com/DataDog/dd-trace-dotnet/releases/download/v${TRACER_VERSION}/datadog-dotnet-apm_${TRACER_VERSION}_amd64.deb" --output datadog-dotnet-apm.deb && \
+   dpkg -i datadog-dotnet-apm.deb
+{{< /code-block >}}
+   {{% /tab %}}
+
+   {{% tab "Alpine (musl)" %}}
+{{< code-block lang="dockerfile" filename="Dockerfile" disable_copy="false" collapsible="true" >}}
+# For alpine use datadog-dotnet-apm-2.57.0-musl.tar.gz
+ARG TRACER_VERSION
+ADD https://github.com/DataDog/dd-trace-dotnet/releases/download/v${TRACER_VERSION}/datadog-dotnet-apm-${TRACER_VERSION}.tar.gz /tmp/datadog-dotnet-apm.tar.gz
+
+RUN mkdir -p /dd_tracer/dotnet/ && tar -xzvf /tmp/datadog-dotnet-apm.tar.gz -C /dd_tracer/dotnet/ && rm /tmp/datadog-dotnet-apm.tar.gz
+{{< /code-block >}}
+   {{% /tab %}}
+   {{< /tabs >}}
+
+   See the [dd-trace-dotnet releases][1] to view the latest tracer version.
+
+   For more information, see [Tracing .NET applications][2].
+
+2. **Install serverless-init as a sidecar**.
+
+   {{% serverless-init-install mode="sidecar" %}}
+
+   {{< tabs >}}
+
+   {{% tab "Datadog CLI" %}}
+   {{% aca-install-sidecar-datadog-ci %}}
+   {{% /tab %}}
+
+   {{% tab "Terraform" %}}
+   {{% aca-install-sidecar-terraform %}}
+   {{% /tab %}}
+
+   {{% tab "Bicep" %}}
+   {{% aca-install-sidecar-bicep %}}
+   {{% /tab %}}
+
+   {{% tab "ARM Template" %}}
+   {{% aca-install-sidecar-arm-template %}}
+   {{% /tab %}}
+
+   {{% tab "Manual" %}}
+   {{% aca-install-sidecar-manual %}}
+   {{% /tab %}}
+
+   {{< /tabs >}}
+
+## Configuration
+
+### Enable App and API Protection
+
+Set the environment variable `DD_APPSEC_ENABLED=true` in your application container to enable App and API Protection.
+
+### Disable APM tracing
+
+To use App and API Protection without APM tracing, set `DD_APM_TRACING_ENABLED=false` in your application container in addition to `DD_APPSEC_ENABLED=true`.
+
+{{% serverless-init-env-vars-sidecar language="csharp" defaultSource="containerapp" %}}
+
+{{% svl-tracing-env %}}
+
+## Testing threat detection
+
+To see App and API Protection threat detection in action, send known attack patterns to your application. For example, send a request with the user agent header set to `dd-test-scanner-log` to trigger a [security scanner attack][5] attempt:
+```sh
+curl -A 'dd-test-scanner-log' https://<YOUR_APP_URL>/existing-route
+```
+After you enable your application and exercise it, threat information appears in the [Application Signals Explorer][6].
+
+## Troubleshooting
+
+{{% serverless-init-troubleshooting productNames="Azure Container Apps" %}}
+
+## Further reading
+
+{{< partial name="whats-next/whats-next.html" >}}
+
+[1]: https://github.com/DataDog/dd-trace-dotnet/releases/
+[2]: /tracing/trace_collection/automatic_instrumentation/dd_libraries/dotnet-core/?tab=linux
+[3]: /actions/workflows/
+[4]: /security/application_security/waf-integration/
+[5]: /security/default_rules/security-scan-detected/
+[6]: https://app.datadoghq.com/security/appsec
@@ -0,0 +1,118 @@
+---
+title: Enabling App and API Protection for Azure Container Apps in Go
+further_reading:
+- link: "/security/application_security/how-it-works/"
+  tag: "Documentation"
+  text: "How App and API Protection Works"
+- link: "/security/default_rules/?category=cat-application-security"
+  tag: "Documentation"
+  text: "OOTB App and API Protection Rules"
+- link: "/security/application_security/troubleshooting"
+  tag: "Documentation"
+  text: "Troubleshooting App and API Protection"
+- link: "/security/application_security/threats/"
+  tag: "Documentation"
+  text: "App and API Protection"
+---
+
+<div class="alert alert-info">AAP support for Azure Container Apps is in Preview.</div>
+
+**Note**: Threat Protection through Remote Configuration is not supported. Use [Workflows][4] to block IPs in your [WAF][5].
+
+## Setup
+
+1. **Install the Datadog Go tracer**.
+
+   1. In your main application, add the tracing library from `dd-trace-go`.
+
+      {{< code-block lang="shell" disable_copy="false" >}}
+go get github.com/DataDog/dd-trace-go/v2/ddtrace/tracer
+{{< /code-block >}}
+
+   2. Add the following to your application code to initialize the tracer:
+      {{< code-block lang="go" disable_copy="false" >}}
+tracer.Start()
+defer tracer.Stop()
+{{< /code-block >}}
+
+   You can also add additional packages:
+   {{< code-block lang="shell" disable_copy="false" >}}
+# Enable Profiling
+go get github.com/DataDog/dd-trace-go/v2/profiler
+
+# Patch /net/http
+go get github.com/DataDog/dd-trace-go/contrib/net/http/v2
+{{< /code-block >}}
+
+   Compile your Go binary with the `appsec` build tag enabled:
+   {{< code-block lang="shell" disable_copy="false" >}}
+go build --tags "appsec" ...
+{{< /code-block >}}
+
+   For more information, see [Tracing Go Applications][1] and the [Tracer README][2].
+
+2. **Install serverless-init as a sidecar**.
+
+   {{% serverless-init-install mode="sidecar" %}}
+
+   {{< tabs >}}
+
+   {{% tab "Datadog CLI" %}}
+   {{% aca-install-sidecar-datadog-ci %}}
+   {{% /tab %}}
+
+   {{% tab "Terraform" %}}
+   {{% aca-install-sidecar-terraform %}}
+   {{% /tab %}}
+
+   {{% tab "Bicep" %}}
+   {{% aca-install-sidecar-bicep %}}
+   {{% /tab %}}
+
+   {{% tab "ARM Template" %}}
+   {{% aca-install-sidecar-arm-template %}}
+   {{% /tab %}}
+
+   {{% tab "Manual" %}}
+   {{% aca-install-sidecar-manual %}}
+   {{% /tab %}}
+
+   {{< /tabs >}}
+
+## Configuration
+
+### Enable App and API Protection
+
+Set the environment variable `DD_APPSEC_ENABLED=true` in your application container to enable App and API Protection.
+
+### Disable APM tracing
+
+To use App and API Protection without APM tracing, set `DD_APM_TRACING_ENABLED=false` in your application container in addition to `DD_APPSEC_ENABLED=true`.
+
+{{% serverless-init-env-vars-sidecar language="go" defaultSource="containerapp" %}}
+
+{{% svl-tracing-env %}}
+
+## Testing threat detection
+
+To see App and API Protection threat detection in action, send known attack patterns to your application. For example, send a request with the user agent header set to `dd-test-scanner-log` to trigger a [security scanner attack][6] attempt:
+```sh
+curl -A 'dd-test-scanner-log' https://<YOUR_APP_URL>/existing-route
+```
+After you enable your application and exercise it, threat information appears in the [Application Signals Explorer][7].
+
+## Troubleshooting
+
+{{% serverless-init-troubleshooting productNames="Azure Container Apps" %}}
+
+## Further reading
+
+{{< partial name="whats-next/whats-next.html" >}}
+
+[1]: /tracing/trace_collection/automatic_instrumentation/dd_libraries/go/
+[2]: https://github.com/DataDog/dd-trace-go?tab=readme-ov-file#installing
+[3]: /tracing/other_telemetry/connect_logs_and_traces/go/
+[4]: /actions/workflows/
+[5]: /security/application_security/waf-integration/
+[6]: /security/default_rules/security-scan-detected/
+[7]: https://app.datadoghq.com/security/appsec