provider Security Monitoring GET /api/v2/security/vulnerabilities
@utdk/datadog /api/v2/security/vulnerabilities
List vulnerabilities
Get a list of vulnerabilities. ### Pagination Pagination is enabled by default in both `vulnerabilities` and `assets`. The size of the page varies depending on the endpoint and cannot be modified. To automate the request of the next page, you can use the links section in the response. This endpoint will return paginated responses. The pages are stored in the links section of the response: ```JSON { "data": [...], "meta": {...}, "links": { "self": "https://.../api/v2/security/vulnerabilities", "first": "https://.../api/v2/security/vulnerabilities?page[number]=1&page[token]=abc", "last": "https://.../api/v2/security/vulnerabilities?page[number]=43&page[token]=abc", "next": "https://.../api/v2/security/vulnerabilities?page[number]=2&page[token]=abc" } } ``` - `links.previous` is empty if the first page is requested. - `links.next` is empty if the last page is requested. #### Token Vulnerabilities can be created, updated or deleted at any point in time. Upon the first request, a token is created to ensure consistency across subsequent paginated requests. A token is valid only for 24 hours. #### First request We consider a request to be the first request when there is no `page[token]` parameter. The response of this first request contains the newly created token in the `links` section. This token can then be used in the subsequent paginated requests. *Note: The first request may take longer to complete than subsequent requests.* #### Subsequent requests Any request containing valid `page[token]` and `page[number]` parameters will be considered a subsequent request. If the `token` is invalid, a `404` response will be returned. If the page `number` is invalid, a `400` response will be returned. The returned `token` is valid for all requests in the pagination sequence. To send paginated requests in parallel, reuse the same `token` and change only the `page[number]` parameter. ### Filtering The request can include some filter parameters to filter the data to be retrieved. The format of the filter parameters follows the [JSON:API format](https://jsonapi.org/format/#fetching-filtering): `filter[$prop_name]`, where `prop_name` is the property name in the entity being filtered by. All filters can include multiple values, where data will be filtered with an OR clause: `filter[title]=Title1,Title2` will filter all vulnerabilities where title is equal to `Title1` OR `Title2`. String filters are case sensitive. Boolean filters accept `true` or `false` as values. Number filters must include an operator as a second filter input: `filter[$prop_name][$operator]`. For example, for the vulnerabilities endpoint: `filter[cvss.base.score][lte]=8`. Available operators are: `eq` (==), `lt` (<), `lte` (<=), `gt` (>) and `gte` (>=). ### Metadata Following [JSON:API format](https://jsonapi.org/format/#document-meta), object including non-standard meta-information. This endpoint includes the meta member in the response. For more details on each of the properties included in this section, check the endpoints response tables. ```JSON { "data": [...], "meta": { "total": 1500, "count": 18732, "token": "some_token" }, "links": {...} } ``` ### Extensions Requests may include extensions to modify the behavior of the requested endpoint. The filter parameters follow the [JSON:API format](https://jsonapi.org/extensions/#extensions) format: `ext:$extension_name`, where `extension_name` is the name of the modifier that is being applied. Extensions can only include one value: `ext:modifier=value`.
page[token] query
Its value must come from the `links` section of the response of the first request. Do not manually edit it.
string
page[number] query
The page number to be retrieved. It should be equal or greater than `1`
integer
filter[type] query
Filter by vulnerability type.
enum: AdminConsoleActive, CodeInjection, CommandInjection, ComponentWithKnownVulnerability…
filter[cvss.base.score][`$op`] query
Filter by vulnerability base (i.e. from the original advisory) severity score.
number
filter[cvss.base.severity] query
Filter by vulnerability base severity.
enum: Unknown, None, Low, Medium…
filter[cvss.base.vector] query
Filter by vulnerability base CVSS vector.
string
filter[cvss.datadog.score][`$op`] query
Filter by vulnerability Datadog severity score.
number
filter[cvss.datadog.severity] query
Filter by vulnerability Datadog severity.
enum: Unknown, None, Low, Medium…
filter[cvss.datadog.vector] query
Filter by vulnerability Datadog CVSS vector.
string
filter[status] query
Filter by the status of the vulnerability.
enum: Open, Muted, Remediated, InProgress…
filter[tool] query
Filter by the tool of the vulnerability.
enum: IAST, SCA, Infra, SAST
filter[library.name] query
Filter by library name.
string
filter[library.version] query
Filter by library version.
string
filter[advisory.id] query
Filter by advisory ID.
string
filter[risks.exploitation_probability] query
Filter by exploitation probability.
boolean
filter[risks.poc_exploit_available] query
Filter by POC exploit availability.
boolean
filter[risks.exploit_available] query
Filter by public exploit availability.
boolean
filter[risks.epss.score][`$op`] query
Filter by vulnerability [EPSS](https://www.first.org/epss/) severity score.
number
filter[risks.epss.severity] query
Filter by vulnerability [EPSS](https://www.first.org/epss/) severity.
enum: Unknown, None, Low, Medium…
filter[language] query
Filter by language.
string
filter[ecosystem] query
Filter by ecosystem.
enum: PyPI, Maven, NuGet, Npm…
filter[code_location.location] query
Filter by vulnerability location.
string
filter[code_location.file_path] query
Filter by vulnerability file path.
string
filter[code_location.method] query
Filter by method.
string
filter[fix_available] query
Filter by fix availability.
boolean
filter[repo_digests] query
Filter by vulnerability `repo_digest` (when the vulnerability is related to `Image` asset).
string
filter[origin] query
Filter by origin.
string
filter[running_kernel] query
Filter for whether the vulnerability affects a running kernel (for vulnerabilities related to a `Host` asset).
boolean
filter[asset.name] query
Filter by asset name. This field supports the usage of wildcards (*).
string
filter[asset.type] query
Filter by asset type.
enum: Repository, Service, Host, HostImage…
filter[asset.version.first] query
Filter by the first version of the asset this vulnerability has been detected on.
string
filter[asset.version.last] query
Filter by the last version of the asset this vulnerability has been detected on.
string
filter[asset.repository_url] query
Filter by the repository url associated to the asset.
string
filter[asset.risks.in_production] query
Filter whether the asset is in production or not.
boolean
filter[asset.risks.under_attack] query
Filter whether the asset is under attack or not.
boolean
filter[asset.risks.is_publicly_accessible] query
Filter whether the asset is publicly accessible or not.
boolean
filter[asset.risks.has_privileged_access] query
Filter whether the asset is publicly accessible or not.
boolean
filter[asset.risks.has_access_to_sensitive_data] query
Filter whether the asset has access to sensitive data or not.
boolean
filter[asset.environments] query
Filter by asset environments.
string
filter[asset.teams] query
Filter by asset teams.
string
filter[asset.arch] query
Filter by asset architecture.
string
filter[asset.operating_system.name] query
Filter by asset operating system name.
string
filter[asset.operating_system.version] query
Filter by asset operating system version.
string

Try it

Authentication
Configure credentials for Datadog API V2 Collection
Gateway
The gateway proxies requests and injects credentials server-side. Configure credentials above, then enter your gateway URL.

Saved automatically to browser storage.

listvulnerabilities
GET/api/v2/security/vulnerabilities
Get a list of vulnerabilities. ### Pagination Pagination is enabled by default in both `vulnerabilities` and `assets`. The size of the page varies depending on the endpoint and cannot be modified. To automate the request of the next page, you can use the links section in the response. This endpoint will return paginated responses. The pages are stored in the links section of the response: ```JSON { "data": [...], "meta": {...}, "links": { "self": "https://.../api/v2/security/vulnerabilities", "first": "https://.../api/v2/security/vulnerabilities?page[number]=1&page[token]=abc", "last": "https://.../api/v2/security/vulnerabilities?page[number]=43&page[token]=abc", "next": "https://.../api/v2/security/vulnerabilities?page[number]=2&page[token]=abc" } } ``` - `links.previous` is empty if the first page is requested. - `links.next` is empty if the last page is requested. #### Token Vulnerabilities can be created, updated or deleted at any point in time. Upon the first request, a token is created to ensure consistency across subsequent paginated requests. A token is valid only for 24 hours. #### First request We consider a request to be the first request when there is no `page[token]` parameter. The response of this first request contains the newly created token in the `links` section. This token can then be used in the subsequent paginated requests. *Note: The first request may take longer to complete than subsequent requests.* #### Subsequent requests Any request containing valid `page[token]` and `page[number]` parameters will be considered a subsequent request. If the `token` is invalid, a `404` response will be returned. If the page `number` is invalid, a `400` response will be returned. The returned `token` is valid for all requests in the pagination sequence. To send paginated requests in parallel, reuse the same `token` and change only the `page[number]` parameter. ### Filtering The request can include some filter parameters to filter the data to be retrieved. The format of the filter parameters follows the [JSON:API format](https://jsonapi.org/format/#fetching-filtering): `filter[$prop_name]`, where `prop_name` is the property name in the entity being filtered by. All filters can include multiple values, where data will be filtered with an OR clause: `filter[title]=Title1,Title2` will filter all vulnerabilities where title is equal to `Title1` OR `Title2`. String filters are case sensitive. Boolean filters accept `true` or `false` as values. Number filters must include an operator as a second filter input: `filter[$prop_name][$operator]`. For example, for the vulnerabilities endpoint: `filter[cvss.base.score][lte]=8`. Available operators are: `eq` (==), `lt` (<), `lte` (<=), `gt` (>) and `gte` (>=). ### Metadata Following [JSON:API format](https://jsonapi.org/format/#document-meta), object including non-standard meta-information. This endpoint includes the meta member in the response. For more details on each of the properties included in this section, check the endpoints response tables. ```JSON { "data": [...], "meta": { "total": 1500, "count": 18732, "token": "some_token" }, "links": {...} } ``` ### Extensions Requests may include extensions to modify the behavior of the requested endpoint. The filter parameters follow the [JSON:API format](https://jsonapi.org/extensions/#extensions) format: `ext:$extension_name`, where `extension_name` is the name of the modifier that is being applied. Extensions can only include one value: `ext:modifier=value`.

Its value must come from the `links` section of the response of the first request. Do not manually edit it.

The page number to be retrieved. It should be equal or greater than `1`

Filter by vulnerability type.

Filter by vulnerability base (i.e. from the original advisory) severity score.

Filter by vulnerability base severity.

Filter by vulnerability base CVSS vector.

Filter by vulnerability Datadog severity score.

Filter by vulnerability Datadog severity.

Filter by vulnerability Datadog CVSS vector.

Filter by the status of the vulnerability.

Filter by the tool of the vulnerability.

Filter by library name.

Filter by library version.

Filter by advisory ID.

Filter by exploitation probability.

Filter by POC exploit availability.

Filter by public exploit availability.

Filter by vulnerability [EPSS](https://www.first.org/epss/) severity score.

Filter by vulnerability [EPSS](https://www.first.org/epss/) severity.

Filter by language.

Filter by ecosystem.

Filter by vulnerability location.

Filter by vulnerability file path.

Filter by method.

Filter by fix availability.

Filter by vulnerability `repo_digest` (when the vulnerability is related to `Image` asset).

Filter by origin.

Filter for whether the vulnerability affects a running kernel (for vulnerabilities related to a `Host` asset).

Filter by asset name. This field supports the usage of wildcards (*).

Filter by asset type.

Filter by the first version of the asset this vulnerability has been detected on.

Filter by the last version of the asset this vulnerability has been detected on.

Filter by the repository url associated to the asset.

Filter whether the asset is in production or not.

Filter whether the asset is under attack or not.

Filter whether the asset is publicly accessible or not.

Filter whether the asset is publicly accessible or not.

Filter whether the asset has access to sensitive data or not.

Filter by asset environments.

Filter by asset teams.

Filter by asset architecture.

Filter by asset operating system name.

Filter by asset operating system version.

Enter a gateway URL above to enable sending.

Code snippet
Updates live as you fill in the form above.

TypeScript

import datadog from '@utdk/datadog';

await datadog.listvulnerabilities()