Security notifications - Add SAST and secret rule types (#3425)

Co-authored-by: ci.datadog-api-spec <packages@datadoghq.com>

Author: api-clients-generation-pipeline[bot]

.generator/schemas/v2/openapi.yaml

@@ -57796,7 +57796,8 @@ components:
         Signal-based notification rules can filter signals based on rule types application_security, log_detection,
         workload_security, signal_correlation, cloud_configuration and infrastructure_configuration.
         Vulnerability-based notification rules can filter vulnerabilities based on rule types application_code_vulnerability,
-        application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration, api_security, host_vulnerability and iac_misconfiguration.
+        application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration,
+        api_security, host_vulnerability, iac_misconfiguration, sast_vulnerability and secret_vulnerability.
       enum:
         - application_security
         - log_detection
@@ -57813,6 +57814,8 @@ components:
         - api_security
         - host_vulnerability
         - iac_misconfiguration
+        - sast_vulnerability
+        - secret_vulnerability
       type: string
       x-enum-varnames:
         - APPLICATION_SECURITY
@@ -57830,6 +57833,8 @@ components:
         - API_SECURITY
         - HOST_VULNERABILITY
         - IAC_MISCONFIGURATION
+        - SAST_VULNERABILITY
+        - SECRET_VULNERABILITY
     RuleUser:
       description: User creating or modifying a rule.
       properties:

examples/v2/security-monitoring/CreateVulnerabilityNotificationRule_2417112739.py

@@ -0,0 +1,49 @@
+"""
+Create a new vulnerability-based notification rule with sast and secret rule types returns "Successfully created the
+notification rule." response
+"""
+
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
+from datadog_api_client.v2.model.create_notification_rule_parameters import CreateNotificationRuleParameters
+from datadog_api_client.v2.model.create_notification_rule_parameters_data import CreateNotificationRuleParametersData
+from datadog_api_client.v2.model.create_notification_rule_parameters_data_attributes import (
+    CreateNotificationRuleParametersDataAttributes,
+)
+from datadog_api_client.v2.model.notification_rules_type import NotificationRulesType
+from datadog_api_client.v2.model.rule_severity import RuleSeverity
+from datadog_api_client.v2.model.rule_types_items import RuleTypesItems
+from datadog_api_client.v2.model.selectors import Selectors
+from datadog_api_client.v2.model.trigger_source import TriggerSource
+
+body = CreateNotificationRuleParameters(
+    data=CreateNotificationRuleParametersData(
+        attributes=CreateNotificationRuleParametersDataAttributes(
+            enabled=True,
+            name="Example-Security-Monitoring",
+            selectors=Selectors(
+                query="(source:production_service OR env:prod)",
+                rule_types=[
+                    RuleTypesItems.SAST_VULNERABILITY,
+                    RuleTypesItems.SECRET_VULNERABILITY,
+                ],
+                severities=[
+                    RuleSeverity.CRITICAL,
+                ],
+                trigger_source=TriggerSource.SECURITY_FINDINGS,
+            ),
+            targets=[
+                "@john.doe@email.com",
+            ],
+            time_aggregation=86400,
+        ),
+        type=NotificationRulesType.NOTIFICATION_RULES,
+    ),
+)
+
+configuration = Configuration()
+with ApiClient(configuration) as api_client:
+    api_instance = SecurityMonitoringApi(api_client)
+    response = api_instance.create_vulnerability_notification_rule(body=body)
+
+    print(response)

src/datadog_api_client/v2/model/rule_types_items.py

@@ -18,9 +18,10 @@ class RuleTypesItems(ModelSimple):
         Signal-based notification rules can filter signals based on rule types application_security, log_detection,
         workload_security, signal_correlation, cloud_configuration and infrastructure_configuration.
         Vulnerability-based notification rules can filter vulnerabilities based on rule types application_code_vulnerability,
-        application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration, api_security, host_vulnerability and iac_misconfiguration.
+        application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration,
+        api_security, host_vulnerability, iac_misconfiguration, sast_vulnerability and secret_vulnerability.
 
-    :param value: Must be one of ["application_security", "log_detection", "workload_security", "signal_correlation", "cloud_configuration", "infrastructure_configuration", "application_code_vulnerability", "application_library_vulnerability", "attack_path", "container_image_vulnerability", "identity_risk", "misconfiguration", "api_security", "host_vulnerability", "iac_misconfiguration"].
+    :param value: Must be one of ["application_security", "log_detection", "workload_security", "signal_correlation", "cloud_configuration", "infrastructure_configuration", "application_code_vulnerability", "application_library_vulnerability", "attack_path", "container_image_vulnerability", "identity_risk", "misconfiguration", "api_security", "host_vulnerability", "iac_misconfiguration", "sast_vulnerability", "secret_vulnerability"].
     :type value: str
     """
 
@@ -40,6 +41,8 @@ class RuleTypesItems(ModelSimple):
         "api_security",
         "host_vulnerability",
         "iac_misconfiguration",
+        "sast_vulnerability",
+        "secret_vulnerability",
     }
     APPLICATION_SECURITY: ClassVar["RuleTypesItems"]
     LOG_DETECTION: ClassVar["RuleTypesItems"]
@@ -56,6 +59,8 @@ class RuleTypesItems(ModelSimple):
     API_SECURITY: ClassVar["RuleTypesItems"]
     HOST_VULNERABILITY: ClassVar["RuleTypesItems"]
     IAC_MISCONFIGURATION: ClassVar["RuleTypesItems"]
+    SAST_VULNERABILITY: ClassVar["RuleTypesItems"]
+    SECRET_VULNERABILITY: ClassVar["RuleTypesItems"]
 
     @cached_property
     def openapi_types(_):
@@ -79,3 +84,5 @@ def openapi_types(_):
 RuleTypesItems.API_SECURITY = RuleTypesItems("api_security")
 RuleTypesItems.HOST_VULNERABILITY = RuleTypesItems("host_vulnerability")
 RuleTypesItems.IAC_MISCONFIGURATION = RuleTypesItems("iac_misconfiguration")
+RuleTypesItems.SAST_VULNERABILITY = RuleTypesItems("sast_vulnerability")
+RuleTypesItems.SECRET_VULNERABILITY = RuleTypesItems("secret_vulnerability")

tests/v2/cassettes/test_scenarios/test_create_a_new_vulnerabilitybased_notification_rule_with_sast_and_secret_rule_types_returns_successfully_created_the_notification_rule_response.frozen

@@ -0,0 +1 @@
+2026-04-16T13:47:18.057Z

tests/v2/cassettes/test_scenarios/test_create_a_new_vulnerabilitybased_notification_rule_with_sast_and_secret_rule_types_returns_successfully_created_the_notification_rule_response.yaml

@@ -0,0 +1,38 @@
+interactions:
+- request:
+    body: '{"data":{"attributes":{"enabled":true,"name":"Test-Create_a_new_vulnerability_based_notification_rule_with_sast_and_secret_rule_types_returns_Successfu-1776347238","selectors":{"query":"(source:production_service
+      OR env:prod)","rule_types":["sast_vulnerability","secret_vulnerability"],"severities":["critical"],"trigger_source":"security_findings"},"targets":["@john.doe@email.com"],"time_aggregation":86400},"type":"notification_rules"}}'
+    headers:
+      accept:
+      - application/json
+      content-type:
+      - application/json
+    method: POST
+    uri: https://api.datadoghq.com/api/v2/security/vulnerabilities/notification_rules
+  response:
+    body:
+      string: '{"data":{"id":"exz-ipg-n1m","type":"notification_rules","attributes":{"created_at":1776347239287,"created_by":{"name":"CI
+        Account","handle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca"},"enabled":true,"modified_at":1776347239287,"modified_by":{"name":"CI
+        Account","handle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca"},"name":"Test-Create_a_new_vulnerability_based_notification_rule_with_sast_and_secret_rule_types_returns_Successfu-1776347238","selectors":{"severities":["critical"],"rule_types":["sast_vulnerability","secret_vulnerability"],"query":"(source:production_service
+        OR env:prod)","trigger_source":"security_findings"},"targets":["@john.doe@email.com"],"time_aggregation":86400,"version":1}}}'
+    headers:
+      content-type:
+      - application/vnd.api+json
+    status:
+      code: 201
+      message: Created
+- request:
+    body: null
+    headers:
+      accept:
+      - '*/*'
+    method: DELETE
+    uri: https://api.datadoghq.com/api/v2/security/vulnerabilities/notification_rules/exz-ipg-n1m
+  response:
+    body:
+      string: ''
+    headers: {}
+    status:
+      code: 204
+      message: No Content
+version: 1

tests/v2/features/security_monitoring.feature

@@ -591,6 +591,13 @@ Feature: Security Monitoring
     When the request is sent
     Then the response status is 201 Successfully created the notification rule.
 
+  @team:DataDog/cloud-security-posture-management
+  Scenario: Create a new vulnerability-based notification rule with sast and secret rule types returns "Successfully created the notification rule." response
+    Given new "CreateVulnerabilityNotificationRule" request
+    And body with value {"data": {"attributes": {"enabled": true, "name": "{{ unique }}", "selectors": {"query": "(source:production_service OR env:prod)", "rule_types": ["sast_vulnerability", "secret_vulnerability"], "severities": ["critical"], "trigger_source": "security_findings"}, "targets": ["@john.doe@email.com"], "time_aggregation": 86400}, "type": "notification_rules"}}
+    When the request is sent
+    Then the response status is 201 Successfully created the notification rule.
+
   @team:DataDog/k9-cloud-siem
   Scenario: Create a scheduled detection rule returns "OK" response
     Given new "CreateSecurityMonitoringRule" request