Security notifications - Add SAST and secret rule types (#3971)

api-clients-generation-pipeline[bot] · ci.datadog-api-spec · web-flow · commit 85ed86ecd6cf · 2026-04-16T19:10:07.000Z
Co-authored-by: ci.datadog-api-spec &lt;packages@datadoghq.com&gt;
diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml
@@ -57796,7 +57796,8 @@ components:
         Signal-based notification rules can filter signals based on rule types application_security, log_detection,
         workload_security, signal_correlation, cloud_configuration and infrastructure_configuration.
         Vulnerability-based notification rules can filter vulnerabilities based on rule types application_code_vulnerability,
-        application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration, api_security, host_vulnerability and iac_misconfiguration.
+        application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration,
+        api_security, host_vulnerability, iac_misconfiguration, sast_vulnerability and secret_vulnerability.
       enum:
         - application_security
         - log_detection
@@ -57813,6 +57814,8 @@ components:
         - api_security
         - host_vulnerability
         - iac_misconfiguration
+        - sast_vulnerability
+        - secret_vulnerability
       type: string
       x-enum-varnames:
         - APPLICATION_SECURITY
@@ -57830,6 +57833,8 @@ components:
         - API_SECURITY
         - HOST_VULNERABILITY
         - IAC_MISCONFIGURATION
+        - SAST_VULNERABILITY
+        - SECRET_VULNERABILITY
     RuleUser:
       description: User creating or modifying a rule.
       properties:
diff --git a/api/datadogV2/model_rule_types_items.go b/api/datadogV2/model_rule_types_items.go
@@ -14,7 +14,8 @@ import (
 // Signal-based notification rules can filter signals based on rule types application_security, log_detection,
 // workload_security, signal_correlation, cloud_configuration and infrastructure_configuration.
 // Vulnerability-based notification rules can filter vulnerabilities based on rule types application_code_vulnerability,
-// application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration, api_security, host_vulnerability and iac_misconfiguration.
+// application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration,
+// api_security, host_vulnerability, iac_misconfiguration, sast_vulnerability and secret_vulnerability.
 type RuleTypesItems string
 
 // List of RuleTypesItems.
@@ -34,6 +35,8 @@ const (
 	RULETYPESITEMS_API_SECURITY                      RuleTypesItems = "api_security"
 	RULETYPESITEMS_HOST_VULNERABILITY                RuleTypesItems = "host_vulnerability"
 	RULETYPESITEMS_IAC_MISCONFIGURATION              RuleTypesItems = "iac_misconfiguration"
+	RULETYPESITEMS_SAST_VULNERABILITY                RuleTypesItems = "sast_vulnerability"
+	RULETYPESITEMS_SECRET_VULNERABILITY              RuleTypesItems = "secret_vulnerability"
 )
 
 var allowedRuleTypesItemsEnumValues = []RuleTypesItems{
@@ -52,6 +55,8 @@ var allowedRuleTypesItemsEnumValues = []RuleTypesItems{
 	RULETYPESITEMS_API_SECURITY,
 	RULETYPESITEMS_HOST_VULNERABILITY,
 	RULETYPESITEMS_IAC_MISCONFIGURATION,
+	RULETYPESITEMS_SAST_VULNERABILITY,
+	RULETYPESITEMS_SECRET_VULNERABILITY,
 }
 
 // GetAllowedValues reeturns the list of possible values.
diff --git a/examples/v2/security-monitoring/CreateVulnerabilityNotificationRule_2417112739.go b/examples/v2/security-monitoring/CreateVulnerabilityNotificationRule_2417112739.go
@@ -0,0 +1,54 @@
+// Create a new vulnerability-based notification rule with sast and secret rule types returns "Successfully created the
+// notification rule." response
+
+package main
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"os"
+
+	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
+	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
+)
+
+func main() {
+	body := datadogV2.CreateNotificationRuleParameters{
+		Data: &datadogV2.CreateNotificationRuleParametersData{
+			Attributes: datadogV2.CreateNotificationRuleParametersDataAttributes{
+				Enabled: datadog.PtrBool(true),
+				Name:    "Example-Security-Monitoring",
+				Selectors: datadogV2.Selectors{
+					Query: datadog.PtrString("(source:production_service OR env:prod)"),
+					RuleTypes: []datadogV2.RuleTypesItems{
+						datadogV2.RULETYPESITEMS_SAST_VULNERABILITY,
+						datadogV2.RULETYPESITEMS_SECRET_VULNERABILITY,
+					},
+					Severities: []datadogV2.RuleSeverity{
+						datadogV2.RULESEVERITY_CRITICAL,
+					},
+					TriggerSource: datadogV2.TRIGGERSOURCE_SECURITY_FINDINGS,
+				},
+				Targets: []string{
+					"@john.doe@email.com",
+				},
+				TimeAggregation: datadog.PtrInt64(86400),
+			},
+			Type: datadogV2.NOTIFICATIONRULESTYPE_NOTIFICATION_RULES,
+		},
+	}
+	ctx := datadog.NewDefaultContext(context.Background())
+	configuration := datadog.NewConfiguration()
+	apiClient := datadog.NewAPIClient(configuration)
+	api := datadogV2.NewSecurityMonitoringApi(apiClient)
+	resp, r, err := api.CreateVulnerabilityNotificationRule(ctx, body)
+
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateVulnerabilityNotificationRule`: %v\n", err)
+		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+	}
+
+	responseContent, _ := json.MarshalIndent(resp, "", "  ")
+	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateVulnerabilityNotificationRule`:\n%s\n", responseContent)
+}
diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_new_vulnerability-based_notification_rule_with_sast_and_secret_rule_types_returns_Successfully_created_the_notification_rule._response.freeze b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_new_vulnerability-based_notification_rule_with_sast_and_secret_rule_types_returns_Successfully_created_the_notification_rule._response.freeze
@@ -0,0 +1 @@
+2026-04-16T13:47:18.057Z
diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_new_vulnerability-based_notification_rule_with_sast_and_secret_rule_types_returns_Successfully_created_the_notification_rule._response.yaml b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_new_vulnerability-based_notification_rule_with_sast_and_secret_rule_types_returns_Successfully_created_the_notification_rule._response.yaml
@@ -0,0 +1,40 @@
+interactions:
+- request:
+    body: |
+      {"data":{"attributes":{"enabled":true,"name":"Test-Create_a_new_vulnerability_based_notification_rule_with_sast_and_secret_rule_types_returns_Successfu-1776347238","selectors":{"query":"(source:production_service OR env:prod)","rule_types":["sast_vulnerability","secret_vulnerability"],"severities":["critical"],"trigger_source":"security_findings"},"targets":["@john.doe@email.com"],"time_aggregation":86400},"type":"notification_rules"}}
+    form: {}
+    headers:
+      Accept:
+      - application/json
+      Content-Type:
+      - application/json
+    id: 0
+    method: POST
+    url: https://api.datadoghq.com/api/v2/security/vulnerabilities/notification_rules
+  response:
+    body: '{"data":{"id":"exz-ipg-n1m","type":"notification_rules","attributes":{"created_at":1776347239287,"created_by":{"name":"CI
+      Account","handle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca"},"enabled":true,"modified_at":1776347239287,"modified_by":{"name":"CI
+      Account","handle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca"},"name":"Test-Create_a_new_vulnerability_based_notification_rule_with_sast_and_secret_rule_types_returns_Successfu-1776347238","selectors":{"severities":["critical"],"rule_types":["sast_vulnerability","secret_vulnerability"],"query":"(source:production_service
+      OR env:prod)","trigger_source":"security_findings"},"targets":["@john.doe@email.com"],"time_aggregation":86400,"version":1}}}'
+    code: 201
+    duration: 0ms
+    headers:
+      Content-Type:
+      - application/vnd.api+json
+    status: 201 Created
+- request:
+    body: ''
+    form: {}
+    headers:
+      Accept:
+      - '*/*'
+    id: 1
+    method: DELETE
+    url: https://api.datadoghq.com/api/v2/security/vulnerabilities/notification_rules/exz-ipg-n1m
+  response:
+    body: ''
+    code: 204
+    duration: 0ms
+    headers: {}
+    status: 204 No Content
+version: 2
diff --git a/tests/scenarios/features/v2/security_monitoring.feature b/tests/scenarios/features/v2/security_monitoring.feature
@@ -591,6 +591,13 @@ Feature: Security Monitoring
     When the request is sent
     Then the response status is 201 Successfully created the notification rule.
 
+  @team:DataDog/cloud-security-posture-management
+  Scenario: Create a new vulnerability-based notification rule with sast and secret rule types returns "Successfully created the notification rule." response
+    Given new "CreateVulnerabilityNotificationRule" request
+    And body with value {"data": {"attributes": {"enabled": true, "name": "{{ unique }}", "selectors": {"query": "(source:production_service OR env:prod)", "rule_types": ["sast_vulnerability", "secret_vulnerability"], "severities": ["critical"], "trigger_source": "security_findings"}, "targets": ["@john.doe@email.com"], "time_aggregation": 86400}, "type": "notification_rules"}}
+    When the request is sent
+    Then the response status is 201 Successfully created the notification rule.
+
   @team:DataDog/k9-cloud-siem
   Scenario: Create a scheduled detection rule returns "OK" response
     Given new "CreateSecurityMonitoringRule" request
