Security notifications - Add SAST and secret rule types (#3737)

Co-authored-by: ci.datadog-api-spec <packages@datadoghq.com>

Author: api-clients-generation-pipeline[bot]

.generator/schemas/v2/openapi.yaml

@@ -57796,7 +57796,8 @@ components:
         Signal-based notification rules can filter signals based on rule types application_security, log_detection,
         workload_security, signal_correlation, cloud_configuration and infrastructure_configuration.
         Vulnerability-based notification rules can filter vulnerabilities based on rule types application_code_vulnerability,
-        application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration, api_security, host_vulnerability and iac_misconfiguration.
+        application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration,
+        api_security, host_vulnerability, iac_misconfiguration, sast_vulnerability and secret_vulnerability.
       enum:
         - application_security
         - log_detection
@@ -57813,6 +57814,8 @@ components:
         - api_security
         - host_vulnerability
         - iac_misconfiguration
+        - sast_vulnerability
+        - secret_vulnerability
       type: string
       x-enum-varnames:
         - APPLICATION_SECURITY
@@ -57830,6 +57833,8 @@ components:
         - API_SECURITY
         - HOST_VULNERABILITY
         - IAC_MISCONFIGURATION
+        - SAST_VULNERABILITY
+        - SECRET_VULNERABILITY
     RuleUser:
       description: User creating or modifying a rule.
       properties:

examples/v2/security-monitoring/CreateVulnerabilityNotificationRule_2417112739.java

@@ -0,0 +1,58 @@
+// Create a new vulnerability-based notification rule with sast and secret rule types returns
+// "Successfully created the
+// notification rule." response
+
+import com.datadog.api.client.ApiClient;
+import com.datadog.api.client.ApiException;
+import com.datadog.api.client.v2.api.SecurityMonitoringApi;
+import com.datadog.api.client.v2.model.CreateNotificationRuleParameters;
+import com.datadog.api.client.v2.model.CreateNotificationRuleParametersData;
+import com.datadog.api.client.v2.model.CreateNotificationRuleParametersDataAttributes;
+import com.datadog.api.client.v2.model.NotificationRuleResponse;
+import com.datadog.api.client.v2.model.NotificationRulesType;
+import com.datadog.api.client.v2.model.RuleSeverity;
+import com.datadog.api.client.v2.model.RuleTypesItems;
+import com.datadog.api.client.v2.model.Selectors;
+import com.datadog.api.client.v2.model.TriggerSource;
+import java.util.Arrays;
+import java.util.Collections;
+
+public class Example {
+  public static void main(String[] args) {
+    ApiClient defaultClient = ApiClient.getDefaultApiClient();
+    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);
+
+    CreateNotificationRuleParameters body =
+        new CreateNotificationRuleParameters()
+            .data(
+                new CreateNotificationRuleParametersData()
+                    .attributes(
+                        new CreateNotificationRuleParametersDataAttributes()
+                            .enabled(true)
+                            .name("Example-Security-Monitoring")
+                            .selectors(
+                                new Selectors()
+                                    .query("(source:production_service OR env:prod)")
+                                    .ruleTypes(
+                                        Arrays.asList(
+                                            RuleTypesItems.SAST_VULNERABILITY,
+                                            RuleTypesItems.SECRET_VULNERABILITY))
+                                    .severities(Collections.singletonList(RuleSeverity.CRITICAL))
+                                    .triggerSource(TriggerSource.SECURITY_FINDINGS))
+                            .targets(Collections.singletonList("@john.doe@email.com"))
+                            .timeAggregation(86400L))
+                    .type(NotificationRulesType.NOTIFICATION_RULES));
+
+    try {
+      NotificationRuleResponse result = apiInstance.createVulnerabilityNotificationRule(body);
+      System.out.println(result);
+    } catch (ApiException e) {
+      System.err.println(
+          "Exception when calling SecurityMonitoringApi#createVulnerabilityNotificationRule");
+      System.err.println("Status code: " + e.getCode());
+      System.err.println("Reason: " + e.getResponseBody());
+      System.err.println("Response headers: " + e.getResponseHeaders());
+      e.printStackTrace();
+    }
+  }
+}

src/main/java/com/datadog/api/client/v2/model/RuleTypesItems.java

@@ -24,7 +24,8 @@
  * signal_correlation, cloud_configuration and infrastructure_configuration. Vulnerability-based
  * notification rules can filter vulnerabilities based on rule types application_code_vulnerability,
  * application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk,
- * misconfiguration, api_security, host_vulnerability and iac_misconfiguration.
+ * misconfiguration, api_security, host_vulnerability, iac_misconfiguration, sast_vulnerability and
+ * secret_vulnerability.
  */
 @JsonSerialize(using = RuleTypesItems.RuleTypesItemsSerializer.class)
 public class RuleTypesItems extends ModelEnum<String> {
@@ -46,7 +47,9 @@ public class RuleTypesItems extends ModelEnum<String> {
               "misconfiguration",
               "api_security",
               "host_vulnerability",
-              "iac_misconfiguration"));
+              "iac_misconfiguration",
+              "sast_vulnerability",
+              "secret_vulnerability"));
 
   public static final RuleTypesItems APPLICATION_SECURITY =
       new RuleTypesItems("application_security");
@@ -70,6 +73,9 @@ public class RuleTypesItems extends ModelEnum<String> {
   public static final RuleTypesItems HOST_VULNERABILITY = new RuleTypesItems("host_vulnerability");
   public static final RuleTypesItems IAC_MISCONFIGURATION =
       new RuleTypesItems("iac_misconfiguration");
+  public static final RuleTypesItems SAST_VULNERABILITY = new RuleTypesItems("sast_vulnerability");
+  public static final RuleTypesItems SECRET_VULNERABILITY =
+      new RuleTypesItems("secret_vulnerability");
 
   RuleTypesItems(String value) {
     super(value, allowedValues);

src/test/resources/cassettes/features/v2/Create_a_new_vulnerability_based_notification_rule_with_sast_and_secret_rule_types_returns_Successfully_created_the_notification_rule_response.freeze

@@ -0,0 +1 @@
+2026-04-16T13:47:18.057Z

src/test/resources/cassettes/features/v2/Create_a_new_vulnerability_based_notification_rule_with_sast_and_secret_rule_types_returns_Successfully_created_the_notification_rule_response.json

@@ -0,0 +1,53 @@
+[
+  {
+    "httpRequest": {
+      "body": {
+        "type": "JSON",
+        "json": "{\"data\":{\"attributes\":{\"enabled\":true,\"name\":\"Test-Create_a_new_vulnerability_based_notification_rule_with_sast_and_secret_rule_types_returns_Successfu-1776347238\",\"selectors\":{\"query\":\"(source:production_service OR env:prod)\",\"rule_types\":[\"sast_vulnerability\",\"secret_vulnerability\"],\"severities\":[\"critical\"],\"trigger_source\":\"security_findings\"},\"targets\":[\"@john.doe@email.com\"],\"time_aggregation\":86400},\"type\":\"notification_rules\"}}"
+      },
+      "headers": {},
+      "method": "POST",
+      "path": "/api/v2/security/vulnerabilities/notification_rules",
+      "keepAlive": false,
+      "secure": true
+    },
+    "httpResponse": {
+      "body": "{\"data\":{\"id\":\"exz-ipg-n1m\",\"type\":\"notification_rules\",\"attributes\":{\"created_at\":1776347239287,\"created_by\":{\"name\":\"CI Account\",\"handle\":\"9919ec9b-ebc7-49ee-8dc8-03626e717cca\"},\"enabled\":true,\"modified_at\":1776347239287,\"modified_by\":{\"name\":\"CI Account\",\"handle\":\"9919ec9b-ebc7-49ee-8dc8-03626e717cca\"},\"name\":\"Test-Create_a_new_vulnerability_based_notification_rule_with_sast_and_secret_rule_types_returns_Successfu-1776347238\",\"selectors\":{\"severities\":[\"critical\"],\"rule_types\":[\"sast_vulnerability\",\"secret_vulnerability\"],\"query\":\"(source:production_service OR env:prod)\",\"trigger_source\":\"security_findings\"},\"targets\":[\"@john.doe@email.com\"],\"time_aggregation\":86400,\"version\":1}}}",
+      "headers": {
+        "Content-Type": [
+          "application/vnd.api+json"
+        ]
+      },
+      "statusCode": 201,
+      "reasonPhrase": "Created"
+    },
+    "times": {
+      "remainingTimes": 1
+    },
+    "timeToLive": {
+      "unlimited": true
+    },
+    "id": "c063ba47-07a3-14ad-0932-fc744f457fd5"
+  },
+  {
+    "httpRequest": {
+      "headers": {},
+      "method": "DELETE",
+      "path": "/api/v2/security/vulnerabilities/notification_rules/exz-ipg-n1m",
+      "keepAlive": false,
+      "secure": true
+    },
+    "httpResponse": {
+      "headers": {},
+      "statusCode": 204,
+      "reasonPhrase": "No Content"
+    },
+    "times": {
+      "remainingTimes": 1
+    },
+    "timeToLive": {
+      "unlimited": true
+    },
+    "id": "9dbd8db3-f734-efcb-f0da-5e234a383dd7"
+  }
+]

src/test/resources/com/datadog/api/client/v2/api/security_monitoring.feature

@@ -591,6 +591,13 @@ Feature: Security Monitoring
     When the request is sent
     Then the response status is 201 Successfully created the notification rule.
 
+  @team:DataDog/cloud-security-posture-management
+  Scenario: Create a new vulnerability-based notification rule with sast and secret rule types returns "Successfully created the notification rule." response
+    Given new "CreateVulnerabilityNotificationRule" request
+    And body with value {"data": {"attributes": {"enabled": true, "name": "{{ unique }}", "selectors": {"query": "(source:production_service OR env:prod)", "rule_types": ["sast_vulnerability", "secret_vulnerability"], "severities": ["critical"], "trigger_source": "security_findings"}, "targets": ["@john.doe@email.com"], "time_aggregation": 86400}, "type": "notification_rules"}}
+    When the request is sent
+    Then the response status is 201 Successfully created the notification rule.
+
   @team:DataDog/k9-cloud-siem
   Scenario: Create a scheduled detection rule returns "OK" response
     Given new "CreateSecurityMonitoringRule" request