diff --git a/.apigentools-info b/.apigentools-info index c30de930ef5..a10ee68fd35 100644 --- a/.apigentools-info +++ b/.apigentools-info @@ -4,13 +4,13 @@ "spec_versions": { "v1": { "apigentools_version": "1.6.6", - "regenerated": "2025-02-25 17:19:35.598368", - "spec_repo_commit": "7b09d7dd" + "regenerated": "2025-02-26 15:55:39.389396", + "spec_repo_commit": "860a7838" }, "v2": { "apigentools_version": "1.6.6", - "regenerated": "2025-02-25 17:19:35.613826", - "spec_repo_commit": "7b09d7dd" + "regenerated": "2025-02-26 15:55:39.405135", + "spec_repo_commit": "860a7838" } } } \ No newline at end of file diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index faa8d0f140e..26f11378454 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -32353,6 +32353,9 @@ components: apm_service_catalog_read: View service catalog and service definitions. apm_service_catalog_write: Add, modify, and delete service catalog definitions when those definitions are maintained by Datadog. + appsec_vm_read: View infrastructure, application code and library vulnerabilities. + This does not restrict access to the vulnerability data source through + the API or inventory SQL. cases_read: View Cases. cases_write: Create and update cases. ci_visibility_pipelines_write: Create CI Visibility pipeline spans using @@ -45204,9 +45207,14 @@ paths: security: - apiKeyAuth: [] appKeyAuth: [] + - AuthZ: + - appsec_vm_read summary: List vulnerable assets tags: - Security Monitoring + x-unstable: '**Note**: This endpoint is a private preview. + + If you are interested in accessing this API, please [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).' /api/v2/security/cloud_workload/policy/download: get: description: 'The download endpoint generates a Cloud Workload Security policy @@ -45296,6 +45304,8 @@ paths: security: - apiKeyAuth: [] appKeyAuth: [] + - AuthZ: + - appsec_vm_read summary: Get SBOM tags: - Security Monitoring @@ -45857,9 +45867,14 @@ paths: security: - apiKeyAuth: [] appKeyAuth: [] + - AuthZ: + - appsec_vm_read summary: List vulnerabilities tags: - Security Monitoring + x-unstable: '**Note**: This endpoint is a private preview. + + If you are interested in accessing this API, please [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).' /api/v2/security/vulnerabilities/notification_rules: get: description: Returns the list of notification rules for security vulnerabilities. diff --git a/api/datadog/configuration.go b/api/datadog/configuration.go index 9d78f51152c..639abef1ad4 100644 --- a/api/datadog/configuration.go +++ b/api/datadog/configuration.go @@ -381,6 +381,8 @@ func NewConfiguration() *Configuration { "v2.GetSBOM": false, "v2.ListFindings": false, "v2.ListHistoricalJobs": false, + "v2.ListVulnerabilities": false, + "v2.ListVulnerableAssets": false, "v2.MuteFindings": false, "v2.RunHistoricalJob": false, "v2.CreateScorecardOutcomesBatch": false, diff --git a/api/datadogV2/api_security_monitoring.go b/api/datadogV2/api_security_monitoring.go index 4d85b10aed2..edbec0ca700 100644 --- a/api/datadogV2/api_security_monitoring.go +++ b/api/datadogV2/api_security_monitoring.go @@ -3571,6 +3571,15 @@ func (a *SecurityMonitoringApi) ListVulnerabilities(ctx _context.Context, o ...L optionalParams = o[0] } + operationId := "v2.ListVulnerabilities" + isOperationEnabled := a.Client.Cfg.IsUnstableOperationEnabled(operationId) + if !isOperationEnabled { + return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: _fmt.Sprintf("Unstable operation '%s' is disabled", operationId)} + } + if isOperationEnabled && a.Client.Cfg.Debug { + _log.Printf("WARNING: Using unstable operation '%s'", operationId) + } + localBasePath, err := a.Client.Cfg.ServerURLWithContext(ctx, "v2.SecurityMonitoringApi.ListVulnerabilities") if err != nil { return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: err.Error()} @@ -3912,6 +3921,15 @@ func (a *SecurityMonitoringApi) ListVulnerableAssets(ctx _context.Context, o ... optionalParams = o[0] } + operationId := "v2.ListVulnerableAssets" + isOperationEnabled := a.Client.Cfg.IsUnstableOperationEnabled(operationId) + if !isOperationEnabled { + return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: _fmt.Sprintf("Unstable operation '%s' is disabled", operationId)} + } + if isOperationEnabled && a.Client.Cfg.Debug { + _log.Printf("WARNING: Using unstable operation '%s'", operationId) + } + localBasePath, err := a.Client.Cfg.ServerURLWithContext(ctx, "v2.SecurityMonitoringApi.ListVulnerableAssets") if err != nil { return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: err.Error()} diff --git a/examples/v2/security-monitoring/ListVulnerabilities.go b/examples/v2/security-monitoring/ListVulnerabilities.go index 0832b3129ec..24c3b9daa66 100644 --- a/examples/v2/security-monitoring/ListVulnerabilities.go +++ b/examples/v2/security-monitoring/ListVulnerabilities.go @@ -15,6 +15,7 @@ import ( func main() { ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() + configuration.SetUnstableOperationEnabled("v2.ListVulnerabilities", true) apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewSecurityMonitoringApi(apiClient) resp, r, err := api.ListVulnerabilities(ctx, *datadogV2.NewListVulnerabilitiesOptionalParameters().WithFilterCvssBaseSeverity(datadogV2.VULNERABILITYSEVERITY_HIGH).WithFilterAssetType(datadogV2.ASSETTYPE_SERVICE).WithFilterTool(datadogV2.VULNERABILITYTOOL_INFRA)) diff --git a/examples/v2/security-monitoring/ListVulnerableAssets.go b/examples/v2/security-monitoring/ListVulnerableAssets.go index 2157cc24eb9..a4296e46572 100644 --- a/examples/v2/security-monitoring/ListVulnerableAssets.go +++ b/examples/v2/security-monitoring/ListVulnerableAssets.go @@ -15,6 +15,7 @@ import ( func main() { ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() + configuration.SetUnstableOperationEnabled("v2.ListVulnerableAssets", true) apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewSecurityMonitoringApi(apiClient) resp, r, err := api.ListVulnerableAssets(ctx, *datadogV2.NewListVulnerableAssetsOptionalParameters().WithFilterType(datadogV2.ASSETTYPE_HOST).WithFilterRepositoryUrl("github.com/datadog/dd-go").WithFilterRisksInProduction(true)) diff --git a/tests/scenarios/features/v2/security_monitoring.feature b/tests/scenarios/features/v2/security_monitoring.feature index f2533fa7a5c..f30d22b3aa1 100644 --- a/tests/scenarios/features/v2/security_monitoring.feature +++ b/tests/scenarios/features/v2/security_monitoring.feature @@ -473,7 +473,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not found: asset not found - @team:DataDog/asm-vm + @skip @team:DataDog/asm-vm Scenario: Get SBOM returns "OK" response Given operation "GetSBOM" enabled And new "GetSBOM" request @@ -830,13 +830,15 @@ Feature: Security Monitoring @generated @skip @team:DataDog/asm-vm Scenario: List vulnerabilities returns "Bad request: The server cannot process the request due to invalid syntax in the request." response - Given new "ListVulnerabilities" request + Given operation "ListVulnerabilities" enabled + And new "ListVulnerabilities" request When the request is sent Then the response status is 400 Bad request: The server cannot process the request due to invalid syntax in the request. @team:DataDog/asm-vm Scenario: List vulnerabilities returns "Not found: There is no request associated with the provided token." response - Given new "ListVulnerabilities" request + Given operation "ListVulnerabilities" enabled + And new "ListVulnerabilities" request And request contains "page[token]" parameter with value "unknown" And request contains "page[number]" parameter with value 1 When the request is sent @@ -844,7 +846,8 @@ Feature: Security Monitoring @team:DataDog/asm-vm Scenario: List vulnerabilities returns "OK" response - Given new "ListVulnerabilities" request + Given operation "ListVulnerabilities" enabled + And new "ListVulnerabilities" request And request contains "filter[cvss.base.severity]" parameter with value "High" And request contains "filter[asset.type]" parameter with value "Service" And request contains "filter[tool]" parameter with value "Infra" @@ -853,13 +856,15 @@ Feature: Security Monitoring @generated @skip @team:DataDog/asm-vm Scenario: List vulnerable assets returns "Bad request: The server cannot process the request due to invalid syntax in the request." response - Given new "ListVulnerableAssets" request + Given operation "ListVulnerableAssets" enabled + And new "ListVulnerableAssets" request When the request is sent Then the response status is 400 Bad request: The server cannot process the request due to invalid syntax in the request. @team:DataDog/asm-vm Scenario: List vulnerable assets returns "Not found: There is no request associated with the provided token." response - Given new "ListVulnerableAssets" request + Given operation "ListVulnerableAssets" enabled + And new "ListVulnerableAssets" request And request contains "page[token]" parameter with value "unknown" And request contains "page[number]" parameter with value 1 When the request is sent @@ -867,7 +872,8 @@ Feature: Security Monitoring @team:DataDog/asm-vm Scenario: List vulnerable assets returns "OK" response - Given new "ListVulnerableAssets" request + Given operation "ListVulnerableAssets" enabled + And new "ListVulnerableAssets" request And request contains "filter[type]" parameter with value "Host" And request contains "filter[repository_url]" parameter with value "github.com/datadog/dd-go" And request contains "filter[risks.in_production]" parameter with value true