docs(csm): document application library SBOM scanning (Agent 7.70+)

content/en/security/cloud_security_management/setup/agent/kubernetes.md

@@ -48,10 +48,14 @@ Use the following instructions to enable Misconfigurations and Vulnerability Man
           # Enables Container Vulnerability Management
           containerImage:
             enabled: true
-
+            # Enables scanning of application libraries in addition to OS packages (Agent 7.70+)
+            analyzers: ["os", "languages"]
+
           # Enables Host Vulnerability Management
           host:
             enabled: true
+            # Enables scanning of application libraries in addition to OS packages (Agent 7.70+)
+            analyzers: ["os", "languages"]
     ```
 
 2. Apply the changes and restart the Agent.
@@ -79,10 +83,14 @@ Use the following instructions to enable Misconfigurations and Vulnerability Man
         # Enables Container Vulnerability Management
         containerImage:
           enabled: true
+          # Enables scanning of application libraries in addition to OS packages (Agent 7.70+)
+          analyzers: ["os", "languages"]
 
         # Enables Host Vulnerability Management
         host:
           enabled: true
+          # Enables scanning of application libraries in addition to OS packages (Agent 7.70+)
+          analyzers: ["os", "languages"]
     ```
 
 2. Restart the Agent.
@@ -91,6 +99,30 @@ Use the following instructions to enable Misconfigurations and Vulnerability Man
 
 {{< /tabs >}}
 
+### Supported application library package managers
+
+The `languages` analyzer requires Datadog Agent **7.70 or later**. When enabled, it detects vulnerabilities in application libraries managed by the package managers below, in addition to OS packages.
+
+When the `analyzers` field is omitted, Datadog only scans OS packages for container images.
+
+The `languages` analyzer covers the following package ecosystems:
+
+| Ecosystem | Package manager / format |
+|-----------|--------------------------|
+| Ruby | Bundler, GemSpec |
+| Rust | Cargo, Rust binary |
+| PHP | Composer |
+| Java | Jar, Maven (pom.xml), Gradle lock, Sbt lock |
+| JavaScript | npm (package-lock.json), Yarn, pnpm, Node package |
+| .NET | NuGet, .NET Core, PackagesProps |
+| Python | Python package (egg), pip, Pipenv, Poetry, uv, Conda package, Conda environment |
+| Go | Go binary, Go modules |
+| C/C++ | Conan lock |
+| Swift / Objective-C | CocoaPods, Swift |
+| Dart | PubSpec lock |
+| Elixir | Mix lock |
+| Julia | Julia |
+
 [1]: /security/cloud_security_management/misconfigurations/
 [2]: /security/threats
 [3]: /security/cloud_security_management/vulnerabilities

content/en/security/cloud_security_management/setup/agent/linux.md

@@ -37,9 +37,13 @@ sbom:
   # Set to true to enable Container Vulnerability Management
   container_image:
     enabled: true
-  # Set to true to enable Host Vulnerability Management  
+    # Enables scanning of application libraries in addition to OS packages (Agent 7.70+)
+    analyzers: ["os", "languages"]
+  # Set to true to enable Host Vulnerability Management
   host:
     enabled: true
+    # Enables scanning of application libraries in addition to OS packages (Agent 7.70+)
+    analyzers: ["os", "languages"]
 {{< /code-block >}}
 
 {{< code-block lang="bash" filename="/etc/datadog-agent/security-agent.yaml" disable_copy="false" collapsible="true" >}}
@@ -52,7 +56,31 @@ compliance_config:
     enabled: true
 {{< /code-block >}}
 
-**Notes**: 
+### Supported application library package managers
+
+The `languages` analyzer requires Datadog Agent **7.70 or later**. When enabled, it detects vulnerabilities in application libraries managed by the package managers below, in addition to OS packages.
+
+When the `analyzers` field is omitted, Datadog only scans OS packages for container images.
+
+The `languages` analyzer covers the following package ecosystems:
+
+| Ecosystem | Package manager / format |
+|-----------|--------------------------|
+| Ruby | Bundler, GemSpec |
+| Rust | Cargo, Rust binary |
+| PHP | Composer |
+| Java | Jar, Maven (pom.xml), Gradle lock, Sbt lock |
+| JavaScript | npm (package-lock.json), Yarn, pnpm, Node package |
+| .NET | NuGet, .NET Core, PackagesProps |
+| Python | Python package (egg), pip, Pipenv, Poetry, uv, Conda package, Conda environment |
+| Go | Go binary, Go modules |
+| C/C++ | Conan lock |
+| Swift / Objective-C | CocoaPods, Swift |
+| Dart | PubSpec lock |
+| Elixir | Mix lock |
+| Julia | Julia |
+
+**Notes**:
 
 - You can also use the following [Agent install script][5] to automatically enable Misconfigurations and Threat Detection:
 
@@ -73,4 +101,4 @@ sudo chgrp dd-agent /etc/datadog-agent/security-agent.yaml
 [3]: /security/cloud_security_management/vulnerabilities
 [4]: /security/cloud_security_management/setup#supported-deployment-types-and-features
 [5]: /getting_started/agent/#installation
-[6]: /agent/?tab=Linux
+[6]: /agent/?tab=Linux