upgrade setup to work with orchestrion

Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>

Author: eliottness

content/en/security/application_security/setup/go/_index.md

@@ -32,33 +32,37 @@ You can monitor App and API Protection for Go apps running in Docker, Kubernetes
 
 # Prerequisite
 
-- Your service is [supported][2].
-- You have one of the latest two version of [Go][4] installed (following the [Official Release Policy][5])
+- Your service framework and tools are [compatible][2] with the [Application & API Protection (AAP)][1] product.
+- Your deployment environment is [supported][5].
+- You have one of the latest two version of [Go][4] installed (following the [Official Release Policy][5]).
 
-## Enabling threat detection
+## Enabling Application & API Protection (AAP)
 ### Get started
 
-1. **Add to your program's go.mod dependencies** the latest version of the Datadog Go library (version 1.53.0 or later). {{% tracing-go-v2 %}}
+1. **Install Orchestrion**:
 
-   ```shell
-  $ go get -v -u github.com/DataDog/dd-trace-go/v2/ddtrace/tracer
+   ```console
+  $ go install github.com/DataDog/orchestrion@latest
+   ```
+
+2. **Register Orchestrion as a Go module** in your project directory:
+   ```console
+   $ orchestrion pin
    ```
 
-2. Datadog has a series of pluggable packages which provide out-of-the-box support for instrumenting a series of Go libraries and frameworks.
-   A list of these packages can be found in the [compatibility requirements][1] page. Import these packages into your application and follow the configuration instructions listed alongside each integration.
+3. Datadog has a series of pluggable packages which provide out-of-the-box support for instrumenting a series of Go libraries and frameworks.
+   A list of these packages can be found in the [compatibility requirements][1] page.
+   Import these packages into your application and follow the configuration instructions listed alongside each integration.
 
-3. **Recompile your program** with AAP enabled:
+4. **Recompile your program** with Orchestrion:
    ```console
-   $ go build -v -tags appsec my-program
+   $ orchestrion go build my-program
    ```
+  More options on how to use orchestrion can be found in the [Orchestrion usage][7].
 
-   **Notes**:
-   - The Go build tag `appsec` is not necessary if CGO is enabled with `CGO_ENABLED=1`.
-   - Datadog WAF needs the following shared libraries on Linux: `libc.so.6` and `libpthread.so.0`.
-   - When using the build tag `appsec` and CGO is disabled, the produced binary is still linked dynamically to these libraries.
-   - The Go build tag `datadog.no_waf` can be used to disable AAP at build time in any situation where the requirements above are a hinderance.
+  Note: If you are building without CGO on linux. Please read [Building Go applications with CGO disabled][6] for more information.
 
-4. **Redeploy your Go service and enable AAP** by setting the `DD_APPSEC_ENABLED` environment variable to `true`:
+5. **Redeploy your Go service and enable AAP** by setting the `DD_APPSEC_ENABLED` environment variable to `true`:
    ```console
    $ env DD_APPSEC_ENABLED=true ./my-program
    ```
@@ -83,7 +87,7 @@ Add the following environment variable value to your application container's Doc
 ENV DD_APPSEC_ENABLED=true
 ```
 
-A more detailed guide on how to create a fiting dockerfile is available [here][3]
+A more detailed guide on how to create a fitting dockerfile is available [here][3].
 
 {{% /tab %}}
 {{% tab "Kubernetes" %}}
@@ -121,10 +125,28 @@ Update your application's ECS task definition JSON file, by adding this in the e
 
 {{< /tabs >}}
 
+{{% app_and_api_protection_verify_setup %}}
+
 {{% appsec-getstarted-2 %}}
 
 {{< img src="/security/application_security/appsec-getstarted-threat-and-vuln_2.mp4" alt="Video showing Signals explorer and details, and Vulnerabilities explorer and details." video="true" >}}
 
+### Building without CGO
+
+If you are building your Go application without CGO, you can still enable AAP by following these steps:
+
+1. **Add the `appsec` build tag** when compiling your application:
+   ```console
+   $ CGO_ENABLED=0 orchestrion go build -tags appsec my-program
+   ```
+
+  Using `CGO_ENABLED=0` usually guarantees a statically-linked binary. This will NOT be the case in this setup.
+
+2. **Install `libc.so.6` and `libpthread.so.0`** on your system, as these libraries are required by the Datadog WAF:
+   This can be done by installing the `glibc` package on your system via your package manager. Read more on [Creating a Dockerfile for AAP][3]
+
+3. **Redeploy your Go service** with the `DD_APPSEC_ENABLED=true` environment variable set, as described above.
+
 ## Using AAP without APM tracing
 
 If you want to use Application & API Protection without APM tracing functionality, you can deploy with tracing disabled:
@@ -144,3 +166,5 @@ For more details, see [Standalone App and API Protection][standalone_billing_gui
 [3]: /security/application_security/setup/go/dockerfile
 [4]: https://go.dev/
 [5]: https://go.dev/doc/devel/release#policy
+[6]: /security/application_security/setup/go#building-without-cgo
+[7]: /tracing/trace_collection/automatic_instrumentation/dd_libraries/go/?tab=compiletimeinstrumentation#usage

content/en/security/application_security/setup/go/dockerfile.md

@@ -18,10 +18,10 @@ further_reading:
 # Introdution
 
 App and API Protection for Go installation requirements can be abstract and the Go toolchain
-cross-compilations capabilities can make it hard to understand what as to be do precisely.
+cross-compilations capabilities can make it hard to understand what has to be done precisely.
 
-In these cases, a more precise way to materialized these examples like a Dockerfile can be interesting.
-The goal of this guide is to step by step on a working Dockerfile.
+In these cases, a more precise way to materialize these examples like a Dockerfile can be interesting.
+The goal of this guide is to be a step-by-step guide to a working Dockerfile.
 
 ## Wallthrough
 
@@ -41,8 +41,10 @@ FROM golang AS build
 WORKDIR /app
 COPY . .
 
-# The appsec build tag is optional if CGO is enabled
-RUN go build -v -tags appsec -o main .
+RUN go install github.com/DataDog/orchestrion@latest
+
+# The appsec build tag is mandatory if CGO is disabled, which is the default in alpine.
+RUN orchestrion go build -v -tags appsec -o main .
 
 FROM alpine
 COPY --from=build /app/main /usr/local/bin
@@ -58,6 +60,7 @@ ENTRYPOINT [ "/usr/local/bin/main" ]
 ```
 
 Multiple remarks can be made here:
+* The first stage uses [Orchestrion][5] compile-time instrumentation to instrument the Go application with the App and API Protection features.
 * The flag `-tags appsec` or CGO being enabled are requirements at build time for C++ Datadog's WAF. If none of these requirements are met, your service will be marked as not compatible is Datadog's UI.
 * the `libc6-compat` package is required because Datadog's WAF needs the following shared libraries on Linux: `libc.so.6` and `libpthread.so.0`. If you are using `CGO_ENABLED=0` and `-tags` appsec at the same time and those shared libraries are not present at runtime you app will refuse to start with the error `No such file or directory`.
 
@@ -84,3 +87,4 @@ If you encounter issues while setting up App and API Protection for your applica
 [2]: /security/application_security/setup/go/troubleshooting
 [3]: https://github.com/DataDog/appsec-go-test-app/blob/main/examples/docker
 [4]: https://github.com/DataDog/appsec-go-test-app
+[5]: /tracing/trace_collection/automatic_instrumentation/dd_libraries/go/?tab=compiletimeinstrumentation

content/en/security/application_security/setup/go/troubleshooting.md

@@ -28,9 +28,9 @@ TODO
 
 If you're still experiencing problems:
 1. Check the [Application Security Monitoring troubleshooting guide][1]
-2. Review the [Java tracer documentation][2]
+2. Review the [Go tracer documentation][2]
 3. Contact [Datadog support][3]
 
 [1]: /security/application_security/troubleshooting
-[2]: /tracing/trace_collection/compatibility/java
+[2]: /tracing/trace_collection/compatibility/go
 [3]: /help