diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml
index 8a51fd127ec1..933b156f6395 100644
--- a/.generator/schemas/v2/openapi.yaml
+++ b/.generator/schemas/v2/openapi.yaml
@@ -57465,7 +57465,8 @@ components:
         Signal-based notification rules can filter signals based on rule types application_security, log_detection,
         workload_security, signal_correlation, cloud_configuration and infrastructure_configuration.
         Vulnerability-based notification rules can filter vulnerabilities based on rule types application_code_vulnerability,
-        application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration, api_security, host_vulnerability and iac_misconfiguration.
+        application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration,
+        api_security, host_vulnerability, iac_misconfiguration, sast_vulnerability and secret_vulnerability.
       enum:
         - application_security
         - log_detection
@@ -57482,6 +57483,8 @@ components:
         - api_security
         - host_vulnerability
         - iac_misconfiguration
+        - sast_vulnerability
+        - secret_vulnerability
       type: string
       x-enum-varnames:
         - APPLICATION_SECURITY
@@ -57499,6 +57502,8 @@ components:
         - API_SECURITY
         - HOST_VULNERABILITY
         - IAC_MISCONFIGURATION
+        - SAST_VULNERABILITY
+        - SECRET_VULNERABILITY
     RuleUser:
       description: User creating or modifying a rule.
       properties:
diff --git a/cassettes/features/v2/security_monitoring/Create-a-new-vulnerability-based-notification-rule-with-sast-and-secret-rule-types-returns-Successfully-created-the-notification-rule-response.frozen b/cassettes/features/v2/security_monitoring/Create-a-new-vulnerability-based-notification-rule-with-sast-and-secret-rule-types-returns-Successfully-created-the-notification-rule-response.frozen
new file mode 100644
index 000000000000..0a015a705ff7
--- /dev/null
+++ b/cassettes/features/v2/security_monitoring/Create-a-new-vulnerability-based-notification-rule-with-sast-and-secret-rule-types-returns-Successfully-created-the-notification-rule-response.frozen
@@ -0,0 +1 @@
+2026-04-16T13:47:18.057Z
\ No newline at end of file
diff --git a/cassettes/features/v2/security_monitoring/Create-a-new-vulnerability-based-notification-rule-with-sast-and-secret-rule-types-returns-Successfully-created-the-notification-rule-response.yml b/cassettes/features/v2/security_monitoring/Create-a-new-vulnerability-based-notification-rule-with-sast-and-secret-rule-types-returns-Successfully-created-the-notification-rule-response.yml
new file mode 100644
index 000000000000..c60de2a93964
--- /dev/null
+++ b/cassettes/features/v2/security_monitoring/Create-a-new-vulnerability-based-notification-rule-with-sast-and-secret-rule-types-returns-Successfully-created-the-notification-rule-response.yml
@@ -0,0 +1,44 @@
+http_interactions:
+- recorded_at: Thu, 16 Apr 2026 13:47:18 GMT
+  request:
+    body:
+      encoding: UTF-8
+      string: '{"data":{"attributes":{"enabled":true,"name":"Test-Create_a_new_vulnerability_based_notification_rule_with_sast_and_secret_rule_types_returns_Successfu-1776347238","selectors":{"query":"(source:production_service
+        OR env:prod)","rule_types":["sast_vulnerability","secret_vulnerability"],"severities":["critical"],"trigger_source":"security_findings"},"targets":["@john.doe@email.com"],"time_aggregation":86400},"type":"notification_rules"}}'
+    headers:
+      Accept:
+      - application/json
+      Content-Type:
+      - application/json
+    method: POST
+    uri: https://api.datadoghq.com/api/v2/security/vulnerabilities/notification_rules
+  response:
+    body:
+      encoding: UTF-8
+      string: '{"data":{"id":"exz-ipg-n1m","type":"notification_rules","attributes":{"created_at":1776347239287,"created_by":{"name":"CI
+        Account","handle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca"},"enabled":true,"modified_at":1776347239287,"modified_by":{"name":"CI
+        Account","handle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca"},"name":"Test-Create_a_new_vulnerability_based_notification_rule_with_sast_and_secret_rule_types_returns_Successfu-1776347238","selectors":{"severities":["critical"],"rule_types":["sast_vulnerability","secret_vulnerability"],"query":"(source:production_service
+        OR env:prod)","trigger_source":"security_findings"},"targets":["@john.doe@email.com"],"time_aggregation":86400,"version":1}}}'
+    headers:
+      Content-Type:
+      - application/vnd.api+json
+    status:
+      code: 201
+      message: Created
+- recorded_at: Thu, 16 Apr 2026 13:47:18 GMT
+  request:
+    body: null
+    headers:
+      Accept:
+      - '*/*'
+    method: DELETE
+    uri: https://api.datadoghq.com/api/v2/security/vulnerabilities/notification_rules/exz-ipg-n1m
+  response:
+    body:
+      encoding: UTF-8
+      string: ''
+    headers: {}
+    status:
+      code: 204
+      message: No Content
+recorded_with: VCR 6.0.0
diff --git a/examples/v2/security-monitoring/CreateVulnerabilityNotificationRule_2417112739.rb b/examples/v2/security-monitoring/CreateVulnerabilityNotificationRule_2417112739.rb
new file mode 100644
index 000000000000..837a5f37f534
--- /dev/null
+++ b/examples/v2/security-monitoring/CreateVulnerabilityNotificationRule_2417112739.rb
@@ -0,0 +1,31 @@
+# Create a new vulnerability-based notification rule with sast and secret rule types returns "Successfully created the
+# notification rule." response
+
+require "datadog_api_client"
+api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
+
+body = DatadogAPIClient::V2::CreateNotificationRuleParameters.new({
+  data: DatadogAPIClient::V2::CreateNotificationRuleParametersData.new({
+    attributes: DatadogAPIClient::V2::CreateNotificationRuleParametersDataAttributes.new({
+      enabled: true,
+      name: "Example-Security-Monitoring",
+      selectors: DatadogAPIClient::V2::Selectors.new({
+        query: "(source:production_service OR env:prod)",
+        rule_types: [
+          DatadogAPIClient::V2::RuleTypesItems::SAST_VULNERABILITY,
+          DatadogAPIClient::V2::RuleTypesItems::SECRET_VULNERABILITY,
+        ],
+        severities: [
+          DatadogAPIClient::V2::RuleSeverity::CRITICAL,
+        ],
+        trigger_source: DatadogAPIClient::V2::TriggerSource::SECURITY_FINDINGS,
+      }),
+      targets: [
+        "@john.doe@email.com",
+      ],
+      time_aggregation: 86400,
+    }),
+    type: DatadogAPIClient::V2::NotificationRulesType::NOTIFICATION_RULES,
+  }),
+})
+p api_instance.create_vulnerability_notification_rule(body)
diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature
index 1fdee4f141b9..245f23784085 100644
--- a/features/v2/security_monitoring.feature
+++ b/features/v2/security_monitoring.feature
@@ -591,6 +591,13 @@ Feature: Security Monitoring
     When the request is sent
     Then the response status is 201 Successfully created the notification rule.
 
+  @team:DataDog/cloud-security-posture-management
+  Scenario: Create a new vulnerability-based notification rule with sast and secret rule types returns "Successfully created the notification rule." response
+    Given new "CreateVulnerabilityNotificationRule" request
+    And body with value {"data": {"attributes": {"enabled": true, "name": "{{ unique }}", "selectors": {"query": "(source:production_service OR env:prod)", "rule_types": ["sast_vulnerability", "secret_vulnerability"], "severities": ["critical"], "trigger_source": "security_findings"}, "targets": ["@john.doe@email.com"], "time_aggregation": 86400}, "type": "notification_rules"}}
+    When the request is sent
+    Then the response status is 201 Successfully created the notification rule.
+
   @team:DataDog/k9-cloud-siem
   Scenario: Create a scheduled detection rule returns "OK" response
     Given new "CreateSecurityMonitoringRule" request
diff --git a/lib/datadog_api_client/v2/models/rule_types_items.rb b/lib/datadog_api_client/v2/models/rule_types_items.rb
index 37b76a3d27f0..ca6acfd481c1 100644
--- a/lib/datadog_api_client/v2/models/rule_types_items.rb
+++ b/lib/datadog_api_client/v2/models/rule_types_items.rb
@@ -21,7 +21,8 @@ module DatadogAPIClient::V2
   # Signal-based notification rules can filter signals based on rule types application_security, log_detection,
   # workload_security, signal_correlation, cloud_configuration and infrastructure_configuration.
   # Vulnerability-based notification rules can filter vulnerabilities based on rule types application_code_vulnerability,
-  # application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration, api_security, host_vulnerability and iac_misconfiguration.
+  # application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration,
+  # api_security, host_vulnerability, iac_misconfiguration, sast_vulnerability and secret_vulnerability.
   class RuleTypesItems
     include BaseEnumModel
 
@@ -40,5 +41,7 @@ class RuleTypesItems
     API_SECURITY = "api_security".freeze
     HOST_VULNERABILITY = "host_vulnerability".freeze
     IAC_MISCONFIGURATION = "iac_misconfiguration".freeze
+    SAST_VULNERABILITY = "sast_vulnerability".freeze
+    SECRET_VULNERABILITY = "secret_vulnerability".freeze
   end
 end