trufflesecurity · mustansir14 · May 13, 2026 · May 13, 2026 · May 13, 2026 · May 14, 2026
@@ -529,6 +529,7 @@ func run(state overseer.State, logSync func() error) {
 	feature.PineconeDetectorEnabled.Store(true)
 	feature.CloudinaryDetectorEnabled.Store(true)
 	feature.GitLabOAuthDetectorEnabled.Store(true)
+	feature.DatadogApiKeyDetectorEnabled.Store(true)
 
 	conf := &config.Config{}
 	if *configFilename != "" {

@@ -72,6 +72,9 @@ func TestDataDogApiKey_FromChunk(t *testing.T) {
 					DetectorType: detector_typepb.DetectorType_DatadogApikey,
 					Verified:     false,
 					Raw:          []byte(invalidApiKey),
+					SecretParts: map[string]string{
+						"api_key": invalidApiKey,
+					},
 				},
 			},
 			wantErr: false,

@@ -218,6 +218,7 @@ import (
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/dareboost"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/databox"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/databrickstoken"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/datadogapikey"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/datadogtoken"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/datagov"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/deepai"
@@ -1097,6 +1098,7 @@ func buildDetectorList() []detectors.Detector {
 		&dareboost.Scanner{},
 		&databox.Scanner{},
 		&databrickstoken.Scanner{},
+		&datadogapikey.Scanner{},
 		&datadogtoken.Scanner{},
 		&datagov.Scanner{},
 		// &debounce.Scanner{},
@@ -1778,6 +1780,8 @@ func buildDetectorList() []detectors.Detector {
 			return !feature.CloudinaryDetectorEnabled.Load()
 		case *gitlaboauth2.Scanner:
 			return !feature.GitLabOAuthDetectorEnabled.Load()
+		case *datadogapikey.Scanner:
+			return !feature.DatadogApiKeyDetectorEnabled.Load()
 		default:
 			return false
 		}

@@ -111,24 +111,28 @@ func TestAllDetectorTypesAreInDefaultList(t *testing.T) {
 //
 // TODO: audit this list periodically — entries in the "mistakenly missed" group
 // should be removed once the corresponding detector is added to defaults.go.
+//
 //nolint:staticcheck // SA1019: intentionally references deprecated DetectorType values to keep them excluded.
 var excludedFromDefaultList = map[detector_typepb.DetectorType]struct{}{
 	// TODO: these detectors have implementations but were mistakenly never added
 	// to buildDetectorList() — discovered by TestAllDetectorTypesAreInDefaultList.
 	// They are not added immediately out of caution for the impact on customers/users.
 	// Remove each entry once its detector has been carefully added.
+	detector_typepb.DetectorType_Guru:   {},
+	detector_typepb.DetectorType_IPInfo: {},
+	detector_typepb.DetectorType_Lob:    {},
+	detector_typepb.DetectorType_Rev:    {},
+	detector_typepb.DetectorType_TLy:    {},
+	detector_typepb.DetectorType_Tru:    {},
+	detector_typepb.DetectorType_User:   {},
+	detector_typepb.DetectorType_Wit:    {},
+
+	// Feature flag gated detectors
+	// These should be removed from this list when we remove the feature flag
 	detector_typepb.DetectorType_Cloudinary:    {},
 	detector_typepb.DetectorType_DatadogApikey: {},
 	detector_typepb.DetectorType_GitLabOauth2:  {},
-	detector_typepb.DetectorType_Guru:          {},
-	detector_typepb.DetectorType_IPInfo:        {},
-	detector_typepb.DetectorType_Lob:           {},
 	detector_typepb.DetectorType_Pinecone:      {},
-	detector_typepb.DetectorType_Rev:           {},
-	detector_typepb.DetectorType_TLy:           {},
-	detector_typepb.DetectorType_Tru:           {},
-	detector_typepb.DetectorType_User:          {},
-	detector_typepb.DetectorType_Wit:           {},
 
 	// Reserved / special types.
 	detector_typepb.DetectorType_CustomRegex: {}, // added dynamically via engine config, not via buildDetectorList()

@@ -19,6 +19,7 @@ var (
 	PineconeDetectorEnabled        atomic.Bool
 	CloudinaryDetectorEnabled      atomic.Bool
 	GitLabOAuthDetectorEnabled     atomic.Bool
+	DatadogApiKeyDetectorEnabled   atomic.Bool
 )
 
 type AtomicString struct {