// the find
DataDog/dd-trace-go
Datadog Go Library including APM tracing, profiling, and security monitoring.
Official Datadog tracing, profiling, and AppSec library for Go. If you're already paying for Datadog and running Go services, this is what you install — it wires distributed traces, continuous CPU/memory profiling, and runtime attack detection through the same agent you already have running.
The contrib/ directory covers a genuinely wide surface area: net/http, gorilla/mux, gRPC, database/sql, AWS SDK v1 and v2, Kafka (both sarama and confluent), GCS PubSub, memcache, gqlgen. Auto-instrumentation via Orchestrion (code-injection at build time) means you can get traces without touching every call site, which matters in large codebases. AppSec is transparently bolted onto the APM tracer rather than being a separate agent, so SSRF/SQLi/XSS blocking just works with DD_APPSEC_ENABLED=true. The v2 module split into nested go.mod per contrib package keeps your binary lean — you only pay the dependency cost for integrations you actually import.
This library is a dead end if you ever leave Datadog — it speaks the Datadog Agent wire protocol, not OTLP natively, so migrating to a vendor-neutral stack means ripping out every instrumentation call site (Orchestrion injection helps but doesn't eliminate the lock-in). The multi-module contrib layout is correct engineering but painful operationally: version skew between the core tracer and a contrib package is a real failure mode you'll hit during upgrades, and the fix-modules make target existing to address this is a yellow flag. AppSec protection depends on the Agent being reachable at runtime; if the sidecar is down or misconfigured, you get no WAF and no obvious error unless you're watching the right log line. The 847 star count is low relative to the actual adoption, which means the GitHub signal is misleading — this is a widely-used enterprise library, not a niche one, but community OSS contributions and issue responsiveness are correspondingly thin.