diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index eea8d903b4de..ee3cd5595e1d 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -29996,6 +29996,13 @@ components: Library: description: Vulnerability library. properties: + additional_names: + description: Related library or package names (such as child packages or + affected binary paths). + items: + example: linux-tools-common + type: string + type: array name: description: Vulnerability library name. example: linux-aws-5.15 @@ -57371,6 +57378,12 @@ components: type: array risks: $ref: '#/components/schemas/VulnerabilityRisks' + running_kernel: + description: "True if the vulnerability affects a package in the host\u2019s + running kernel, false if it affects a non-running kernel, and omit if + it is not kernel-related." + example: true + type: boolean status: $ref: '#/components/schemas/VulnerabilityStatus' title: @@ -57431,10 +57444,15 @@ components: - RubyGems - Go - Packagist - - Ddeb + - Deb - Rpm - Apk - Windows + - Generic + - MacOs + - Oci + - BottleRocket + - None type: string x-enum-varnames: - PYPI @@ -57444,10 +57462,15 @@ components: - RUBY_GEMS - GO - PACKAGIST - - D_DEB + - DEB - RPM - APK - WINDOWS + - GENERIC + - MAC_OS + - OCI + - BOTTLE_ROCKET + - NONE VulnerabilityRelationships: description: Related entities object. properties: @@ -57548,12 +57571,14 @@ components: - IAST - SCA - Infra + - SAST example: SCA type: string x-enum-varnames: - IAST - SCA - INFRA + - SAST VulnerabilityType: description: The vulnerability type. enum: @@ -80311,6 +80336,10 @@ paths: summary: List assets SBOMs tags: - Security Monitoring + x-permission: + operator: OR + permissions: + - appsec_vm_read x-unstable: '**Note**: This endpoint is a private preview. If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).' @@ -80382,6 +80411,10 @@ paths: summary: Get SBOM tags: - Security Monitoring + x-permission: + operator: OR + permissions: + - appsec_vm_read x-unstable: '**Note**: This endpoint is a private preview. If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).' @@ -80496,6 +80529,10 @@ paths: summary: List scanned assets metadata tags: - Security Monitoring + x-permission: + operator: OR + permissions: + - appsec_vm_read x-unstable: '**Note**: This endpoint is a private preview. If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).' @@ -80924,6 +80961,14 @@ paths: required: false schema: type: string + - description: Filter for whether the vulnerability affects a running kernel + (for vulnerabilities related to a `Host` asset). + example: true + in: query + name: filter[running_kernel] + required: false + schema: + type: boolean - description: Filter by asset name. This field supports the usage of wildcards (*). example: datadog-agent @@ -81067,6 +81112,10 @@ paths: summary: List vulnerabilities tags: - Security Monitoring + x-permission: + operator: OR + permissions: + - appsec_vm_read x-unstable: '**Note**: This endpoint is a private preview. If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).' @@ -81425,6 +81474,10 @@ paths: summary: List vulnerable assets tags: - Security Monitoring + x-permission: + operator: OR + permissions: + - appsec_vm_read x-unstable: '**Note**: This endpoint is a private preview. If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).' @@ -84562,8 +84615,8 @@ paths: x-unstable: '**Note**: This endpoint may be subject to changes.' /api/v2/static-analysis/secrets/rules: get: - description: Returns list of Secrets rules with ID, Pattern, Description, Priority, - and SDS ID + description: Returns a list of Secrets rules with ID, Pattern, Description, + Priority, and SDS ID. operationId: GetSecretsRules responses: '200': @@ -84579,7 +84632,7 @@ paths: appKeyAuth: [] - AuthZ: - code_analysis_read - summary: Returns list of Secrets rules + summary: Returns a list of Secrets rules tags: - Security Monitoring x-unstable: '**Note**: This endpoint may be subject to changes.' diff --git a/cassettes/v2/Security-Monitoring_1187227211/List-vulnerabilities-returns-Not-found-There-is-no-request-associated-with-the-provided-t_4208064063/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/List-vulnerabilities-returns-Not-found-There-is-no-request-associated-with-the-provided-t_4208064063/frozen.json index dcdd868691e2..eed4e446a4e2 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/List-vulnerabilities-returns-Not-found-There-is-no-request-associated-with-the-provided-t_4208064063/frozen.json +++ b/cassettes/v2/Security-Monitoring_1187227211/List-vulnerabilities-returns-Not-found-There-is-no-request-associated-with-the-provided-t_4208064063/frozen.json @@ -1 +1 @@ -"2025-01-31T12:04:28.397Z" +"2025-12-12T14:36:04.169Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/List-vulnerabilities-returns-Not-found-There-is-no-request-associated-with-the-provided-t_4208064063/recording.har b/cassettes/v2/Security-Monitoring_1187227211/List-vulnerabilities-returns-Not-found-There-is-no-request-associated-with-the-provided-t_4208064063/recording.har index 83831e21bc1e..a7349cb6e981 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/List-vulnerabilities-returns-Not-found-There-is-no-request-associated-with-the-provided-t_4208064063/recording.har +++ b/cassettes/v2/Security-Monitoring_1187227211/List-vulnerabilities-returns-Not-found-There-is-no-request-associated-with-the-provided-t_4208064063/recording.har @@ -36,11 +36,11 @@ "url": "https://api.datadoghq.com/api/v2/security/vulnerabilities?page%5Btoken%5D=unknown&page%5Bnumber%5D=1" }, "response": { - "bodySize": 131, + "bodySize": 65, "content": { "mimeType": "application/vnd.api+json", - "size": 131, - "text": "{\"errors\":[{\"title\":\"Generic Error\",\"detail\":\"rpc error: code = Internal desc = no cached result set found for queryID: unknown\"}]}" + "size": 65, + "text": "{\"errors\":[{\"status\":\"404\",\"title\":\"Unexpected internal error\"}]}" }, "cookies": [], "headers": [ @@ -49,14 +49,14 @@ "value": "application/vnd.api+json" } ], - "headersSize": 661, + "headersSize": 660, "httpVersion": "HTTP/1.1", "redirectURL": "", "status": 404, "statusText": "Not Found" }, - "startedDateTime": "2025-01-31T12:04:28.406Z", - "time": 489 + "startedDateTime": "2025-12-12T14:36:04.174Z", + "time": 518 } ], "pages": [], diff --git a/cassettes/v2/Security-Monitoring_1187227211/List-vulnerabilities-returns-OK-response_2451060917/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/List-vulnerabilities-returns-OK-response_2451060917/frozen.json index 76fe6b756054..732306b39cf1 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/List-vulnerabilities-returns-OK-response_2451060917/frozen.json +++ b/cassettes/v2/Security-Monitoring_1187227211/List-vulnerabilities-returns-OK-response_2451060917/frozen.json @@ -1 +1 @@ -"2025-01-31T12:04:39.730Z" +"2025-12-12T14:36:49.310Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/List-vulnerabilities-returns-OK-response_2451060917/recording.har b/cassettes/v2/Security-Monitoring_1187227211/List-vulnerabilities-returns-OK-response_2451060917/recording.har index da8f11bdf720..7435f0faa2b3 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/List-vulnerabilities-returns-OK-response_2451060917/recording.har +++ b/cassettes/v2/Security-Monitoring_1187227211/List-vulnerabilities-returns-OK-response_2451060917/recording.har @@ -21,7 +21,7 @@ "value": "application/json" } ], - "headersSize": 612, + "headersSize": 614, "httpVersion": "HTTP/1.1", "method": "GET", "queryString": [ @@ -56,8 +56,8 @@ "status": 200, "statusText": "OK" }, - "startedDateTime": "2025-01-31T12:04:39.739Z", - "time": 1094 + "startedDateTime": "2025-12-12T14:36:49.316Z", + "time": 984 } ], "pages": [], diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature index 7dc352a7a4e9..e8b72066af07 100644 --- a/features/v2/security_monitoring.feature +++ b/features/v2/security_monitoring.feature @@ -781,7 +781,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/asm-vm + @generated @skip @team:DataDog/k9-cloud-vm Scenario: Get SBOM returns "Bad request: The server cannot process the request due to invalid syntax in the request." response Given operation "GetSBOM" enabled And new "GetSBOM" request @@ -790,7 +790,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad request: The server cannot process the request due to invalid syntax in the request. - @team:DataDog/asm-vm + @team:DataDog/k9-cloud-vm Scenario: Get SBOM returns "Not found: asset not found" response Given operation "GetSBOM" enabled And new "GetSBOM" request @@ -799,7 +799,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not found: asset not found - @skip @team:DataDog/asm-vm + @skip @team:DataDog/k9-cloud-vm Scenario: Get SBOM returns "OK" response Given operation "GetSBOM" enabled And new "GetSBOM" request @@ -1182,14 +1182,14 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 The list of notification rules. - @generated @skip @team:DataDog/asm-vm + @generated @skip @team:DataDog/k9-cloud-vm Scenario: List assets SBOMs returns "Bad request: The server cannot process the request due to invalid syntax in the request." response Given operation "ListAssetsSBOMs" enabled And new "ListAssetsSBOMs" request When the request is sent Then the response status is 400 Bad request: The server cannot process the request due to invalid syntax in the request. - @team:DataDog/asm-vm + @team:DataDog/k9-cloud-vm Scenario: List assets SBOMs returns "Not found: There is no request associated with the provided token." response Given operation "ListAssetsSBOMs" enabled And new "ListAssetsSBOMs" request @@ -1198,14 +1198,14 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not found: There is no request associated with the provided token. - @generated @skip @team:DataDog/asm-vm + @generated @skip @team:DataDog/k9-cloud-vm Scenario: List assets SBOMs returns "Not found: asset not found" response Given operation "ListAssetsSBOMs" enabled And new "ListAssetsSBOMs" request When the request is sent Then the response status is 404 Not found: asset not found - @team:DataDog/asm-vm + @team:DataDog/k9-cloud-vm Scenario: List assets SBOMs returns "OK" response Given operation "ListAssetsSBOMs" enabled And new "ListAssetsSBOMs" request @@ -1317,14 +1317,14 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @skip @team:DataDog/asm-vm + @skip @team:DataDog/k9-cloud-vm Scenario: List scanned assets metadata returns "Bad request: The server cannot process the request due to invalid syntax in the request." response Given operation "ListScannedAssetsMetadata" enabled And new "ListScannedAssetsMetadata" request When the request is sent Then the response status is 400 Bad request: The server cannot process the request due to invalid syntax in the request. - @team:DataDog/asm-vm + @team:DataDog/k9-cloud-vm Scenario: List scanned assets metadata returns "Not found: asset not found" response Given operation "ListScannedAssetsMetadata" enabled And new "ListScannedAssetsMetadata" request @@ -1333,7 +1333,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not found: asset not found - @team:DataDog/asm-vm + @team:DataDog/k9-cloud-vm Scenario: List scanned assets metadata returns "OK" response Given operation "ListScannedAssetsMetadata" enabled And new "ListScannedAssetsMetadata" request @@ -1354,14 +1354,14 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/asm-vm + @generated @skip @team:DataDog/k9-cloud-vm Scenario: List vulnerabilities returns "Bad request: The server cannot process the request due to invalid syntax in the request." response Given operation "ListVulnerabilities" enabled And new "ListVulnerabilities" request When the request is sent Then the response status is 400 Bad request: The server cannot process the request due to invalid syntax in the request. - @team:DataDog/asm-vm + @team:DataDog/k9-cloud-vm Scenario: List vulnerabilities returns "Not found: There is no request associated with the provided token." response Given operation "ListVulnerabilities" enabled And new "ListVulnerabilities" request @@ -1370,7 +1370,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not found: There is no request associated with the provided token. - @team:DataDog/asm-vm + @team:DataDog/k9-cloud-vm Scenario: List vulnerabilities returns "OK" response Given operation "ListVulnerabilities" enabled And new "ListVulnerabilities" request @@ -1380,14 +1380,14 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/asm-vm + @generated @skip @team:DataDog/k9-cloud-vm Scenario: List vulnerable assets returns "Bad request: The server cannot process the request due to invalid syntax in the request." response Given operation "ListVulnerableAssets" enabled And new "ListVulnerableAssets" request When the request is sent Then the response status is 400 Bad request: The server cannot process the request due to invalid syntax in the request. - @team:DataDog/asm-vm + @team:DataDog/k9-cloud-vm Scenario: List vulnerable assets returns "Not found: There is no request associated with the provided token." response Given operation "ListVulnerableAssets" enabled And new "ListVulnerableAssets" request @@ -1396,7 +1396,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not found: There is no request associated with the provided token. - @team:DataDog/asm-vm + @team:DataDog/k9-cloud-vm Scenario: List vulnerable assets returns "OK" response Given operation "ListVulnerableAssets" enabled And new "ListVulnerableAssets" request @@ -1530,14 +1530,14 @@ Feature: Security Monitoring When the request is sent Then the response status is 422 The server cannot process the request because it contains invalid data. - @generated @skip @team:DataDog/asm-vm - Scenario: Returns list of Secrets rules returns "OK" response + @generated @skip @team:DataDog/k9-vm-ast + Scenario: Returns a list of Secrets rules returns "OK" response Given operation "GetSecretsRules" enabled And new "GetSecretsRules" request When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/asm-vm + @generated @skip @team:DataDog/k9-vm-ast Scenario: Ruleset get multiple returns "OK" response Given operation "ListMultipleRulesets" enabled And new "ListMultipleRulesets" request diff --git a/private/bdd_runner/src/support/scenarios_model_mapping.ts b/private/bdd_runner/src/support/scenarios_model_mapping.ts index 8e8f75060f82..54f5f67a1540 100644 --- a/private/bdd_runner/src/support/scenarios_model_mapping.ts +++ b/private/bdd_runner/src/support/scenarios_model_mapping.ts @@ -4172,6 +4172,10 @@ export const ScenariosModelMappings: { [key: string]: OperationMapping } = { type: "string", format: "", }, + filterRunningKernel: { + type: "boolean", + format: "", + }, filterAssetName: { type: "string", format: "", diff --git a/services/security_monitoring/src/v2/SecurityMonitoringApi.ts b/services/security_monitoring/src/v2/SecurityMonitoringApi.ts index 17b2479df998..f9ff3423fe4e 100644 --- a/services/security_monitoring/src/v2/SecurityMonitoringApi.ts +++ b/services/security_monitoring/src/v2/SecurityMonitoringApi.ts @@ -3367,6 +3367,7 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { filterFixAvailable?: boolean, filterRepoDigests?: string, filterOrigin?: string, + filterRunningKernel?: boolean, filterAssetName?: string, filterAssetType?: AssetType, filterAssetVersionFirst?: string, @@ -3627,6 +3628,13 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { "", ); } + if (filterRunningKernel !== undefined) { + requestContext.setQueryParam( + "filter[running_kernel]", + serialize(filterRunningKernel, TypingInfo, "boolean", ""), + "", + ); + } if (filterAssetName !== undefined) { requestContext.setQueryParam( "filter[asset.name]", @@ -9938,6 +9946,11 @@ export interface SecurityMonitoringApiListVulnerabilitiesRequest { * @type string */ filterOrigin?: string; + /** + * Filter for whether the vulnerability affects a running kernel (for vulnerabilities related to a `Host` asset). + * @type boolean + */ + filterRunningKernel?: boolean; /** * Filter by asset name. This field supports the usage of wildcards (*). * @type string @@ -10972,7 +10985,7 @@ export class SecurityMonitoringApi { } /** - * Returns list of Secrets rules with ID, Pattern, Description, Priority, and SDS ID + * Returns a list of Secrets rules with ID, Pattern, Description, Priority, and SDS ID. * @param param The request object */ public getSecretsRules(options?: Configuration): Promise { @@ -11889,6 +11902,7 @@ export class SecurityMonitoringApi { param.filterFixAvailable, param.filterRepoDigests, param.filterOrigin, + param.filterRunningKernel, param.filterAssetName, param.filterAssetType, param.filterAssetVersionFirst, diff --git a/services/security_monitoring/src/v2/models/Library.ts b/services/security_monitoring/src/v2/models/Library.ts index af181177d418..cb123de42c20 100644 --- a/services/security_monitoring/src/v2/models/Library.ts +++ b/services/security_monitoring/src/v2/models/Library.ts @@ -4,6 +4,10 @@ import { AttributeTypeMap } from "@datadog/datadog-api-client"; * Vulnerability library. */ export class Library { + /** + * Related library or package names (such as child packages or affected binary paths). + */ + "additionalNames"?: Array; /** * Vulnerability library name. */ @@ -27,6 +31,10 @@ export class Library { * @ignore */ static readonly attributeTypeMap: AttributeTypeMap = { + additionalNames: { + baseName: "additional_names", + type: "Array", + }, name: { baseName: "name", type: "string", diff --git a/services/security_monitoring/src/v2/models/TypingInfo.ts b/services/security_monitoring/src/v2/models/TypingInfo.ts index ef418580e263..51b78d29b29e 100644 --- a/services/security_monitoring/src/v2/models/TypingInfo.ts +++ b/services/security_monitoring/src/v2/models/TypingInfo.ts @@ -468,10 +468,15 @@ export const TypingInfo: ModelTypingInfo = { "RubyGems", "Go", "Packagist", - "Ddeb", + "Deb", "Rpm", "Apk", "Windows", + "Generic", + "MacOs", + "Oci", + "BottleRocket", + "None", ], VulnerabilitySeverity: [ "Unknown", @@ -488,7 +493,7 @@ export const TypingInfo: ModelTypingInfo = { "InProgress", "AutoClosed", ], - VulnerabilityTool: ["IAST", "SCA", "Infra"], + VulnerabilityTool: ["IAST", "SCA", "Infra", "SAST"], VulnerabilityType: [ "AdminConsoleActive", "CodeInjection", diff --git a/services/security_monitoring/src/v2/models/VulnerabilityAttributes.ts b/services/security_monitoring/src/v2/models/VulnerabilityAttributes.ts index 00f24246d2f2..fd5689ae1744 100644 --- a/services/security_monitoring/src/v2/models/VulnerabilityAttributes.ts +++ b/services/security_monitoring/src/v2/models/VulnerabilityAttributes.ts @@ -88,6 +88,10 @@ export class VulnerabilityAttributes { * Vulnerability risks. */ "risks": VulnerabilityRisks; + /** + * True if the vulnerability affects a package in the host’s running kernel, false if it affects a non-running kernel, and omit if it is not kernel-related. + */ + "runningKernel"?: boolean; /** * The vulnerability status. */ @@ -203,6 +207,10 @@ export class VulnerabilityAttributes { type: "VulnerabilityRisks", required: true, }, + runningKernel: { + baseName: "running_kernel", + type: "boolean", + }, status: { baseName: "status", type: "VulnerabilityStatus", diff --git a/services/security_monitoring/src/v2/models/VulnerabilityEcosystem.ts b/services/security_monitoring/src/v2/models/VulnerabilityEcosystem.ts index dba5848b793c..fb35507b24d7 100644 --- a/services/security_monitoring/src/v2/models/VulnerabilityEcosystem.ts +++ b/services/security_monitoring/src/v2/models/VulnerabilityEcosystem.ts @@ -11,10 +11,15 @@ export type VulnerabilityEcosystem = | typeof RUBY_GEMS | typeof GO | typeof PACKAGIST - | typeof D_DEB + | typeof DEB | typeof RPM | typeof APK | typeof WINDOWS + | typeof GENERIC + | typeof MAC_OS + | typeof OCI + | typeof BOTTLE_ROCKET + | typeof NONE | UnparsedObject; export const PYPI = "PyPI"; export const MAVEN = "Maven"; @@ -23,7 +28,12 @@ export const NPM = "Npm"; export const RUBY_GEMS = "RubyGems"; export const GO = "Go"; export const PACKAGIST = "Packagist"; -export const D_DEB = "Ddeb"; +export const DEB = "Deb"; export const RPM = "Rpm"; export const APK = "Apk"; export const WINDOWS = "Windows"; +export const GENERIC = "Generic"; +export const MAC_OS = "MacOs"; +export const OCI = "Oci"; +export const BOTTLE_ROCKET = "BottleRocket"; +export const NONE = "None"; diff --git a/services/security_monitoring/src/v2/models/VulnerabilityTool.ts b/services/security_monitoring/src/v2/models/VulnerabilityTool.ts index 7095b27e843a..75c792d9d18e 100644 --- a/services/security_monitoring/src/v2/models/VulnerabilityTool.ts +++ b/services/security_monitoring/src/v2/models/VulnerabilityTool.ts @@ -7,7 +7,9 @@ export type VulnerabilityTool = | typeof IAST | typeof SCA | typeof INFRA + | typeof SAST | UnparsedObject; export const IAST = "IAST"; export const SCA = "SCA"; export const INFRA = "Infra"; +export const SAST = "SAST";