DataDog · Kaycell · Dec 16, 2025 · Dec 15, 2025
@@ -29996,6 +29996,13 @@ components:
     Library:
       description: Vulnerability library.
       properties:
+        additional_names:
+          description: Related library or package names (such as child packages or
+            affected binary paths).
+          items:
+            example: linux-tools-common
+            type: string
+          type: array
         name:
           description: Vulnerability library name.
           example: linux-aws-5.15
@@ -57371,6 +57378,12 @@ components:
           type: array
         risks:
           $ref: '#/components/schemas/VulnerabilityRisks'
+        running_kernel:
+          description: "True if the vulnerability affects a package in the host\u2019s
+            running kernel, false if it affects a non-running kernel, and omit if
+            it is not kernel-related."
+          example: true
+          type: boolean
         status:
           $ref: '#/components/schemas/VulnerabilityStatus'
         title:
@@ -57431,10 +57444,15 @@ components:
       - RubyGems
       - Go
       - Packagist
-      - Ddeb
+      - Deb
       - Rpm
       - Apk
       - Windows
+      - Generic
+      - MacOs
+      - Oci
+      - BottleRocket
+      - None
       type: string
       x-enum-varnames:
       - PYPI
@@ -57444,10 +57462,15 @@ components:
       - RUBY_GEMS
       - GO
       - PACKAGIST
-      - D_DEB
+      - DEB
       - RPM
       - APK
       - WINDOWS
+      - GENERIC
+      - MAC_OS
+      - OCI
+      - BOTTLE_ROCKET
+      - NONE
     VulnerabilityRelationships:
       description: Related entities object.
       properties:
@@ -57548,12 +57571,14 @@ components:
       - IAST
       - SCA
       - Infra
+      - SAST
       example: SCA
       type: string
       x-enum-varnames:
       - IAST
       - SCA
       - INFRA
+      - SAST
     VulnerabilityType:
       description: The vulnerability type.
       enum:
@@ -80311,6 +80336,10 @@ paths:
       summary: List assets SBOMs
       tags:
       - Security Monitoring
+      x-permission:
+        operator: OR
+        permissions:
+        - appsec_vm_read
       x-unstable: '**Note**: This endpoint is a private preview.
 
         If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).'
@@ -80382,6 +80411,10 @@ paths:
       summary: Get SBOM
       tags:
       - Security Monitoring
+      x-permission:
+        operator: OR
+        permissions:
+        - appsec_vm_read
       x-unstable: '**Note**: This endpoint is a private preview.
 
         If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).'
@@ -80496,6 +80529,10 @@ paths:
       summary: List scanned assets metadata
       tags:
       - Security Monitoring
+      x-permission:
+        operator: OR
+        permissions:
+        - appsec_vm_read
       x-unstable: '**Note**: This endpoint is a private preview.
 
         If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).'
@@ -80924,6 +80961,14 @@ paths:
         required: false
         schema:
           type: string
+      - description: Filter for whether the vulnerability affects a running kernel
+          (for vulnerabilities related to a `Host` asset).
+        example: true
+        in: query
+        name: filter[running_kernel]
+        required: false
+        schema:
+          type: boolean
       - description: Filter by asset name. This field supports the usage of wildcards
           (*).
         example: datadog-agent
@@ -81067,6 +81112,10 @@ paths:
       summary: List vulnerabilities
       tags:
       - Security Monitoring
+      x-permission:
+        operator: OR
+        permissions:
+        - appsec_vm_read
       x-unstable: '**Note**: This endpoint is a private preview.
 
         If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).'
@@ -81425,6 +81474,10 @@ paths:
       summary: List vulnerable assets
       tags:
       - Security Monitoring
+      x-permission:
+        operator: OR
+        permissions:
+        - appsec_vm_read
       x-unstable: '**Note**: This endpoint is a private preview.
 
         If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).'
@@ -84562,8 +84615,8 @@ paths:
       x-unstable: '**Note**: This endpoint may be subject to changes.'
   /api/v2/static-analysis/secrets/rules:
     get:
-      description: Returns list of Secrets rules with ID, Pattern, Description, Priority,
-        and SDS ID
+      description: Returns a list of Secrets rules with ID, Pattern, Description,
+        Priority, and SDS ID.
       operationId: GetSecretsRules
       responses:
         '200':
@@ -84579,7 +84632,7 @@ paths:
         appKeyAuth: []
       - AuthZ:
         - code_analysis_read
-      summary: Returns list of Secrets rules
+      summary: Returns a list of Secrets rules
       tags:
       - Security Monitoring
       x-unstable: '**Note**: This endpoint may be subject to changes.'

@@ -1,5 +1,5 @@
 """
-Returns list of Secrets rules returns "OK" response
+Returns a list of Secrets rules returns "OK" response
 """
 
 from datadog_api_client import ApiClient, Configuration

@@ -1773,6 +1773,11 @@ def __init__(self, api_client=None):
                     "attribute": "filter[origin]",
                     "location": "query",
                 },
+                "filter_running_kernel": {
+                    "openapi_types": (bool,),
+                    "attribute": "filter[running_kernel]",
+                    "location": "query",
+                },
                 "filter_asset_name": {
                     "openapi_types": (str,),
                     "attribute": "filter[asset.name]",
@@ -2920,9 +2925,9 @@ def get_sbom(
     def get_secrets_rules(
         self,
     ) -> SecretRuleArray:
-        """Returns list of Secrets rules.
+        """Returns a list of Secrets rules.
 
-        Returns list of Secrets rules with ID, Pattern, Description, Priority, and SDS ID
+        Returns a list of Secrets rules with ID, Pattern, Description, Priority, and SDS ID.
 
         :rtype: SecretRuleArray
         """
@@ -3938,6 +3943,7 @@ def list_vulnerabilities(
         filter_fix_available: Union[bool, UnsetType] = unset,
         filter_repo_digests: Union[str, UnsetType] = unset,
         filter_origin: Union[str, UnsetType] = unset,
+        filter_running_kernel: Union[bool, UnsetType] = unset,
         filter_asset_name: Union[str, UnsetType] = unset,
         filter_asset_type: Union[AssetType, UnsetType] = unset,
         filter_asset_version_first: Union[str, UnsetType] = unset,
@@ -4100,6 +4106,8 @@ def list_vulnerabilities(
         :type filter_repo_digests: str, optional
         :param filter_origin: Filter by origin.
         :type filter_origin: str, optional
+        :param filter_running_kernel: Filter for whether the vulnerability affects a running kernel (for vulnerabilities related to a ``Host`` asset).
+        :type filter_running_kernel: bool, optional
         :param filter_asset_name: Filter by asset name. This field supports the usage of wildcards (*).
         :type filter_asset_name: str, optional
         :param filter_asset_type: Filter by asset type.
@@ -4214,6 +4222,9 @@ def list_vulnerabilities(
         if filter_origin is not unset:
             kwargs["filter_origin"] = filter_origin
 
+        if filter_running_kernel is not unset:
+            kwargs["filter_running_kernel"] = filter_running_kernel
+
         if filter_asset_name is not unset:
             kwargs["filter_asset_name"] = filter_asset_name
 

@@ -3,7 +3,7 @@
 # Copyright 2019-Present Datadog, Inc.
 from __future__ import annotations
 
-from typing import Union
+from typing import List, Union
 
 from datadog_api_client.model_utils import (
     ModelNormal,
@@ -17,25 +17,38 @@ class Library(ModelNormal):
     @cached_property
     def openapi_types(_):
         return {
+            "additional_names": ([str],),
             "name": (str,),
             "version": (str,),
         }
 
     attribute_map = {
+        "additional_names": "additional_names",
         "name": "name",
         "version": "version",
     }
 
-    def __init__(self_, name: str, version: Union[str, UnsetType] = unset, **kwargs):
+    def __init__(
+        self_,
+        name: str,
+        additional_names: Union[List[str], UnsetType] = unset,
+        version: Union[str, UnsetType] = unset,
+        **kwargs,
+    ):
         """
         Vulnerability library.
 
+        :param additional_names: Related library or package names (such as child packages or affected binary paths).
+        :type additional_names: [str], optional
+
         :param name: Vulnerability library name.
         :type name: str
 
         :param version: Vulnerability library version.
         :type version: str, optional
         """
+        if additional_names is not unset:
+            kwargs["additional_names"] = additional_names
         if version is not unset:
             kwargs["version"] = version
         super().__init__(kwargs)

@@ -61,6 +61,7 @@ def openapi_types(_):
             "remediations": ([Remediation],),
             "repo_digests": ([str],),
             "risks": (VulnerabilityRisks,),
+            "running_kernel": (bool,),
             "status": (VulnerabilityStatus,),
             "title": (str,),
             "tool": (VulnerabilityTool,),
@@ -86,6 +87,7 @@ def openapi_types(_):
         "remediations": "remediations",
         "repo_digests": "repo_digests",
         "risks": "risks",
+        "running_kernel": "running_kernel",
         "status": "status",
         "title": "title",
         "tool": "tool",
@@ -116,6 +118,7 @@ def __init__(
         ecosystem: Union[VulnerabilityEcosystem, UnsetType] = unset,
         library: Union[Library, UnsetType] = unset,
         repo_digests: Union[List[str], UnsetType] = unset,
+        running_kernel: Union[bool, UnsetType] = unset,
         **kwargs,
     ):
         """
@@ -175,6 +178,9 @@ def __init__(
         :param risks: Vulnerability risks.
         :type risks: VulnerabilityRisks
 
+        :param running_kernel: True if the vulnerability affects a package in the host’s running kernel, false if it affects a non-running kernel, and omit if it is not kernel-related.
+        :type running_kernel: bool, optional
+
         :param status: The vulnerability status.
         :type status: VulnerabilityStatus
 
@@ -201,6 +207,8 @@ def __init__(
             kwargs["library"] = library
         if repo_digests is not unset:
             kwargs["repo_digests"] = repo_digests
+        if running_kernel is not unset:
+            kwargs["running_kernel"] = running_kernel
         super().__init__(kwargs)
 
         self_.cve_list = cve_list

@@ -16,7 +16,7 @@ class VulnerabilityEcosystem(ModelSimple):
     """
     The related vulnerability asset ecosystem.
 
-    :param value: Must be one of ["PyPI", "Maven", "NuGet", "Npm", "RubyGems", "Go", "Packagist", "Ddeb", "Rpm", "Apk", "Windows"].
+    :param value: Must be one of ["PyPI", "Maven", "NuGet", "Npm", "RubyGems", "Go", "Packagist", "Deb", "Rpm", "Apk", "Windows", "Generic", "MacOs", "Oci", "BottleRocket", "None"].
     :type value: str
     """
 
@@ -28,10 +28,15 @@ class VulnerabilityEcosystem(ModelSimple):
         "RubyGems",
         "Go",
         "Packagist",
-        "Ddeb",
+        "Deb",
         "Rpm",
         "Apk",
         "Windows",
+        "Generic",
+        "MacOs",
+        "Oci",
+        "BottleRocket",
+        "None",
     }
     PYPI: ClassVar["VulnerabilityEcosystem"]
     MAVEN: ClassVar["VulnerabilityEcosystem"]
@@ -40,10 +45,15 @@ class VulnerabilityEcosystem(ModelSimple):
     RUBY_GEMS: ClassVar["VulnerabilityEcosystem"]
     GO: ClassVar["VulnerabilityEcosystem"]
     PACKAGIST: ClassVar["VulnerabilityEcosystem"]
-    D_DEB: ClassVar["VulnerabilityEcosystem"]
+    DEB: ClassVar["VulnerabilityEcosystem"]
     RPM: ClassVar["VulnerabilityEcosystem"]
     APK: ClassVar["VulnerabilityEcosystem"]
     WINDOWS: ClassVar["VulnerabilityEcosystem"]
+    GENERIC: ClassVar["VulnerabilityEcosystem"]
+    MAC_OS: ClassVar["VulnerabilityEcosystem"]
+    OCI: ClassVar["VulnerabilityEcosystem"]
+    BOTTLE_ROCKET: ClassVar["VulnerabilityEcosystem"]
+    NONE: ClassVar["VulnerabilityEcosystem"]
 
     @cached_property
     def openapi_types(_):
@@ -59,7 +69,12 @@ def openapi_types(_):
 VulnerabilityEcosystem.RUBY_GEMS = VulnerabilityEcosystem("RubyGems")
 VulnerabilityEcosystem.GO = VulnerabilityEcosystem("Go")
 VulnerabilityEcosystem.PACKAGIST = VulnerabilityEcosystem("Packagist")
-VulnerabilityEcosystem.D_DEB = VulnerabilityEcosystem("Ddeb")
+VulnerabilityEcosystem.DEB = VulnerabilityEcosystem("Deb")
 VulnerabilityEcosystem.RPM = VulnerabilityEcosystem("Rpm")
 VulnerabilityEcosystem.APK = VulnerabilityEcosystem("Apk")
 VulnerabilityEcosystem.WINDOWS = VulnerabilityEcosystem("Windows")
+VulnerabilityEcosystem.GENERIC = VulnerabilityEcosystem("Generic")
+VulnerabilityEcosystem.MAC_OS = VulnerabilityEcosystem("MacOs")
+VulnerabilityEcosystem.OCI = VulnerabilityEcosystem("Oci")
+VulnerabilityEcosystem.BOTTLE_ROCKET = VulnerabilityEcosystem("BottleRocket")
+VulnerabilityEcosystem.NONE = VulnerabilityEcosystem("None")
@@ -16,18 +16,20 @@ class VulnerabilityTool(ModelSimple):
     """
     The vulnerability tool.
 
-    :param value: Must be one of ["IAST", "SCA", "Infra"].
+    :param value: Must be one of ["IAST", "SCA", "Infra", "SAST"].
     :type value: str
     """
 
     allowed_values = {
         "IAST",
         "SCA",
         "Infra",
+        "SAST",
     }
     IAST: ClassVar["VulnerabilityTool"]
     SCA: ClassVar["VulnerabilityTool"]
     INFRA: ClassVar["VulnerabilityTool"]
+    SAST: ClassVar["VulnerabilityTool"]
 
     @cached_property
     def openapi_types(_):
@@ -39,3 +41,4 @@ def openapi_types(_):
 VulnerabilityTool.IAST = VulnerabilityTool("IAST")
 VulnerabilityTool.SCA = VulnerabilityTool("SCA")
 VulnerabilityTool.INFRA = VulnerabilityTool("Infra")
+VulnerabilityTool.SAST = VulnerabilityTool("SAST")