@@ -28134,6 +28134,249 @@ components:
2813428134 type: string
2813528135 x-enum-varnames:
2813628136 - CUSTOMER_ORG_DISABLE
28137+ CycloneDXBom:
28138+ description: A CycloneDX 1.5 Bill of Materials (BOM) document containing vulnerability data.
28139+ properties:
28140+ bomFormat:
28141+ description: The BOM format identifier. Must be `CycloneDX`.
28142+ example: CycloneDX
28143+ type: string
28144+ components:
28145+ description: The list of scanned software components. Cannot be empty.
28146+ items:
28147+ $ref: "#/components/schemas/CycloneDXComponent"
28148+ type: array
28149+ metadata:
28150+ $ref: "#/components/schemas/CycloneDXMetadata"
28151+ specVersion:
28152+ description: The CycloneDX specification version. Must be `1.5`.
28153+ example: "1.5"
28154+ type: string
28155+ version:
28156+ description: The version number of the BOM document.
28157+ example: 1
28158+ format: int64
28159+ type: integer
28160+ vulnerabilities:
28161+ description: The list of detected vulnerabilities. Cannot be empty.
28162+ items:
28163+ $ref: "#/components/schemas/CycloneDXVulnerability"
28164+ type: array
28165+ required:
28166+ - bomFormat
28167+ - specVersion
28168+ - metadata
28169+ - components
28170+ - vulnerabilities
28171+ type: object
28172+ CycloneDXComponent:
28173+ description: A software component identified during scanning.
28174+ properties:
28175+ bom-ref:
28176+ description: A unique reference identifier used to link vulnerabilities to this component.
28177+ example: a3390fca-c315-41ae-ae05-af5e7859cdee
28178+ type: string
28179+ name:
28180+ description: The name of the component.
28181+ example: lodash
28182+ type: string
28183+ purl:
28184+ description: The Package URL (PURL) of the component. Required when `type` is `library`.
28185+ example: "pkg:npm/lodash@4.17.21"
28186+ type: string
28187+ type:
28188+ $ref: "#/components/schemas/CycloneDXComponentType"
28189+ version:
28190+ description: The version of the component.
28191+ example: 4.17.21
28192+ type: string
28193+ required:
28194+ - bom-ref
28195+ - type
28196+ - name
28197+ - version
28198+ type: object
28199+ CycloneDXComponentType:
28200+ description: The type of the scanned component.
28201+ enum:
28202+ - library
28203+ - application
28204+ - operating-system
28205+ example: library
28206+ type: string
28207+ x-enum-varnames:
28208+ - LIBRARY
28209+ - APPLICATION
28210+ - OPERATING_SYSTEM
28211+ CycloneDXMetadata:
28212+ description: Metadata about the BOM, including the scanned asset and the scanner tool.
28213+ properties:
28214+ component:
28215+ $ref: "#/components/schemas/CycloneDXMetadataComponent"
28216+ tools:
28217+ $ref: "#/components/schemas/CycloneDXMetadataTools"
28218+ required:
28219+ - component
28220+ - tools
28221+ type: object
28222+ CycloneDXMetadataComponent:
28223+ description: The asset that was scanned (for example, a host or container image).
28224+ properties:
28225+ bom-ref:
28226+ description: >-
28227+ A unique reference identifier for this metadata component. If set, must match a `bom-ref` in `components`.
28228+ example: host-ref-abc123
28229+ type: string
28230+ name:
28231+ description: The name or identifier of the scanned asset (for example, an instance ID or hostname).
28232+ example: i-12345
28233+ type: string
28234+ type:
28235+ description: The type of the scanned asset.
28236+ example: operating-system
28237+ type: string
28238+ required:
28239+ - name
28240+ type: object
28241+ CycloneDXMetadataTools:
28242+ description: Information about the scanner tool that produced this BOM.
28243+ properties:
28244+ components:
28245+ description: The scanner tool components. Must contain exactly one element.
28246+ items:
28247+ $ref: "#/components/schemas/CycloneDXToolComponent"
28248+ type: array
28249+ required:
28250+ - components
28251+ type: object
28252+ CycloneDXToolComponent:
28253+ description: A scanner tool component.
28254+ properties:
28255+ name:
28256+ description: The name of the scanner tool.
28257+ example: my-scanner
28258+ type: string
28259+ type:
28260+ description: The type of the tool component.
28261+ example: application
28262+ type: string
28263+ required:
28264+ - name
28265+ type: object
28266+ CycloneDXVulnerability:
28267+ description: A security vulnerability affecting one or more components.
28268+ properties:
28269+ advisories:
28270+ description: External advisory references for the vulnerability.
28271+ items:
28272+ $ref: "#/components/schemas/CycloneDXVulnerabilityAdvisory"
28273+ type: array
28274+ affects:
28275+ description: >-
28276+ The components affected by this vulnerability. Must be non-empty. Each `ref` must match a `bom-ref` in `components`.
28277+ items:
28278+ $ref: "#/components/schemas/CycloneDXVulnerabilityAffects"
28279+ type: array
28280+ analysis:
28281+ $ref: "#/components/schemas/CycloneDXVulnerabilityAnalysis"
28282+ cwes:
28283+ description: CWE identifiers associated with the vulnerability.
28284+ example: [123, 345]
28285+ items:
28286+ format: int64
28287+ type: integer
28288+ type: array
28289+ description:
28290+ description: A short description of the vulnerability.
28291+ example: "Sample vulnerability detected in the application."
28292+ type: string
28293+ detail:
28294+ description: Detailed information about the vulnerability.
28295+ example: "Details about the vulnerability."
28296+ type: string
28297+ id:
28298+ description: The vulnerability identifier (for example, a CVE ID).
28299+ example: CVE-2021-1234
28300+ type: string
28301+ ratings:
28302+ description: The severity ratings for the vulnerability. Must contain exactly one element.
28303+ items:
28304+ $ref: "#/components/schemas/CycloneDXVulnerabilityRating"
28305+ type: array
28306+ references:
28307+ description: External reference identifiers for the vulnerability.
28308+ items:
28309+ $ref: "#/components/schemas/CycloneDXVulnerabilityReference"
28310+ type: array
28311+ required:
28312+ - id
28313+ - ratings
28314+ - affects
28315+ type: object
28316+ CycloneDXVulnerabilityAdvisory:
28317+ description: An external advisory reference for a vulnerability.
28318+ properties:
28319+ url:
28320+ description: The URL of the advisory.
28321+ example: "https://example.com/advisory/CVE-2021-1234"
28322+ type: string
28323+ type: object
28324+ CycloneDXVulnerabilityAffects:
28325+ description: A reference to a component affected by a vulnerability.
28326+ properties:
28327+ ref:
28328+ description: The `bom-ref` of the affected component.
28329+ example: a3390fca-c315-41ae-ae05-af5e7859cdee
28330+ type: string
28331+ required:
28332+ - ref
28333+ type: object
28334+ CycloneDXVulnerabilityAnalysis:
28335+ description: |-
28336+ The exploitability analysis for the vulnerability. When `state` is set to `resolved`
28337+ or `resolved_with_pedigree`, the vulnerability is closed in Datadog.
28338+ Other state values are accepted but have no effect on the vulnerability status.
28339+ properties:
28340+ state:
28341+ description: The vulnerability analysis state.
28342+ example: resolved
28343+ type: string
28344+ type: object
28345+ CycloneDXVulnerabilityRating:
28346+ description: A severity rating for a vulnerability.
28347+ properties:
28348+ score:
28349+ description: The CVSS score.
28350+ example: 9.0
28351+ format: double
28352+ type: number
28353+ severity:
28354+ description: The severity level.
28355+ example: high
28356+ type: string
28357+ vector:
28358+ description: The CVSS vector string.
28359+ example: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"
28360+ type: string
28361+ type: object
28362+ CycloneDXVulnerabilityReference:
28363+ description: An external reference identifier for a vulnerability.
28364+ properties:
28365+ id:
28366+ description: The identifier of the external reference (for example, a GHSA ID).
28367+ example: GHSA-35m5-8cvj-8783
28368+ type: string
28369+ source:
28370+ $ref: "#/components/schemas/CycloneDXVulnerabilityReferenceSource"
28371+ type: object
28372+ CycloneDXVulnerabilityReferenceSource:
28373+ description: The source of an external vulnerability reference.
28374+ properties:
28375+ url:
28376+ description: The URL of the reference source.
28377+ example: "https://example.com"
28378+ type: string
28379+ type: object
2813728380 DORACustomTags:
2813828381 description: A list of user-defined tags. The tags must follow the `key:value` pattern. Up to 100 may be added per event.
2813928382 example:
@@ -174464,6 +174707,91 @@ paths:
174464174707 x-sunset: "2027-01-01"
174465174708 x-unstable: |-
174466174709 **Note**: This endpoint is deprecated. See the [List Security Findings endpoint](https://docs.datadoghq.com/api/latest/security-monitoring/#list-security-findings).
174710+ post:
174711+ description: |-
174712+ Import security vulnerabilities from an external scanner in CycloneDX 1.5 format.
174713+
174714+ The payload is validated against the CycloneDX 1.5 JSON schema and the following
174715+ additional constraints:
174716+
174717+ - `metadata`, `metadata.component`, and `metadata.component.name` are required.
174718+ - `metadata.tools.components` must contain exactly one element with a `name` field.
174719+ - `components` cannot be empty. Each component requires `bom-ref`, `type`, `name`, and `version`.
174720+ - When `type` is `library`, `purl` is required and must be a valid PURL.
174721+ - When `type` is `operating-system`, `name` must be one of the supported OS values:
174722+ `alma`, `alpine`, `amazon`, `azurelinux`, `bottlerocket`, `cbl-mariner`, `chainguard`,
174723+ `centos`, `debian`, `fedora`, `opensuse`, `opensuse-leap`, `opensuse-tumbleweed`,
174724+ `oracle`, `photon`, `redhat`, `rocky`, `slem`, `sles`, `ubuntu`, `wolfi`, `windows`, `macos`.
174725+ - `vulnerabilities` cannot be empty. Each vulnerability requires `id`, exactly one `ratings` entry,
174726+ and at least one `affects` entry.
174727+ - Each `affects[].ref` must match a `bom-ref` value in `components`.
174728+ operationId: ImportSecurityVulnerabilities
174729+ requestBody:
174730+ content:
174731+ application/json:
174732+ examples:
174733+ default:
174734+ value:
174735+ bomFormat: CycloneDX
174736+ components:
174737+ - bom-ref: a3390fca-c315-41ae-ae05-af5e7859cdee
174738+ name: lodash
174739+ purl: "pkg:npm/lodash@4.17.21"
174740+ type: library
174741+ version: 4.17.21
174742+ metadata:
174743+ component:
174744+ name: i-12345
174745+ type: operating-system
174746+ tools:
174747+ components:
174748+ - name: my-scanner
174749+ type: application
174750+ specVersion: "1.5"
174751+ version: 1
174752+ vulnerabilities:
174753+ - affects:
174754+ - ref: a3390fca-c315-41ae-ae05-af5e7859cdee
174755+ description: "Sample vulnerability detected in the application."
174756+ id: CVE-2021-1234
174757+ ratings:
174758+ - score: 9.0
174759+ severity: high
174760+ vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"
174761+ schema:
174762+ $ref: "#/components/schemas/CycloneDXBom"
174763+ required: true
174764+ responses:
174765+ "200":
174766+ description: Vulnerabilities accepted successfully.
174767+ "400":
174768+ $ref: "#/components/responses/BadRequestResponse"
174769+ "403":
174770+ $ref: "#/components/responses/ForbiddenResponse"
174771+ "429":
174772+ $ref: "#/components/responses/TooManyRequestsResponse"
174773+ "500":
174774+ content:
174775+ application/json:
174776+ schema:
174777+ $ref: "#/components/schemas/APIErrorResponse"
174778+ description: Internal Server Error
174779+ security:
174780+ - apiKeyAuth: []
174781+ appKeyAuth: []
174782+ - AuthZ:
174783+ - security_monitoring_findings_write
174784+ summary: Import security vulnerabilities
174785+ tags:
174786+ - Security Monitoring
174787+ x-codegen-request-body-name: body
174788+ "x-permission":
174789+ operator: OR
174790+ permissions:
174791+ - security_monitoring_findings_write
174792+ x-unstable: |-
174793+ **Note**: This endpoint is in preview and is subject to change.
174794+ If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
174467174795 /api/v2/security/vulnerabilities/notification_rules:
174468174796 get:
174469174797 description: Returns the list of notification rules for security vulnerabilities.
0 commit comments