Update Vulnerabilities endpoints documentation (#2732)

Co-authored-by: ci.datadog-api-spec <packages@datadoghq.com>

Author: api-clients-generation-pipeline[bot]

.apigentools-info

@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-02-27 14:00:46.641282",
-            "spec_repo_commit": "240ec82d"
+            "regenerated": "2025-02-27 21:31:36.139846",
+            "spec_repo_commit": "0b2e3d20"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-02-27 14:00:46.657419",
-            "spec_repo_commit": "240ec82d"
+            "regenerated": "2025-02-27 21:31:36.154973",
+            "spec_repo_commit": "0b2e3d20"
         }
     }
 }

.generator/schemas/v2/openapi.yaml

@@ -32353,6 +32353,9 @@ components:
             apm_service_catalog_read: View service catalog and service definitions.
             apm_service_catalog_write: Add, modify, and delete service catalog definitions
               when those definitions are maintained by Datadog.
+            appsec_vm_read: View infrastructure, application code, and library vulnerabilities.
+              This does not restrict API or inventory SQL access to the vulnerability
+              data source.
             cases_read: View Cases.
             cases_write: Create and update cases.
             ci_visibility_pipelines_write: Create CI Visibility pipeline spans using
@@ -45204,9 +45207,14 @@ paths:
       security:
       - apiKeyAuth: []
         appKeyAuth: []
+      - AuthZ:
+        - appsec_vm_read
       summary: List vulnerable assets
       tags:
       - Security Monitoring
+      x-unstable: '**Note**: This endpoint is a private preview.
+
+        If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).'
   /api/v2/security/cloud_workload/policy/download:
     get:
       description: 'The download endpoint generates a Cloud Workload Security policy
@@ -45296,12 +45304,14 @@ paths:
       security:
       - apiKeyAuth: []
         appKeyAuth: []
+      - AuthZ:
+        - appsec_vm_read
       summary: Get SBOM
       tags:
       - Security Monitoring
       x-unstable: '**Note**: This endpoint is a private preview.
 
-        If you are interested in accessing this API, please [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).'
+        If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).'
   /api/v2/security/signals/notification_rules:
     get:
       description: Returns the list of notification rules for security signals.
@@ -45857,9 +45867,14 @@ paths:
       security:
       - apiKeyAuth: []
         appKeyAuth: []
+      - AuthZ:
+        - appsec_vm_read
       summary: List vulnerabilities
       tags:
       - Security Monitoring
+      x-unstable: '**Note**: This endpoint is a private preview.
+
+        If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).'
   /api/v2/security/vulnerabilities/notification_rules:
     get:
       description: Returns the list of notification rules for security vulnerabilities.

examples/v2/security-monitoring/ListVulnerabilities.java

@@ -12,6 +12,7 @@
 public class Example {
   public static void main(String[] args) {
     ApiClient defaultClient = ApiClient.getDefaultApiClient();
+    defaultClient.setUnstableOperationEnabled("v2.listVulnerabilities", true);
     SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);
 
     try {

examples/v2/security-monitoring/ListVulnerableAssets.java

@@ -10,6 +10,7 @@
 public class Example {
   public static void main(String[] args) {
     ApiClient defaultClient = ApiClient.getDefaultApiClient();
+    defaultClient.setUnstableOperationEnabled("v2.listVulnerableAssets", true);
     SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);
 
     try {

src/main/java/com/datadog/api/client/ApiClient.java

@@ -425,6 +425,8 @@ public class ApiClient {
           put("v2.getSBOM", false);
           put("v2.listFindings", false);
           put("v2.listHistoricalJobs", false);
+          put("v2.listVulnerabilities", false);
+          put("v2.listVulnerableAssets", false);
           put("v2.muteFindings", false);
           put("v2.runHistoricalJob", false);
           put("v2.createScorecardOutcomesBatch", false);

src/main/java/com/datadog/api/client/v2/api/SecurityMonitoringApi.java

@@ -3501,7 +3501,7 @@ public ApiResponse<GetSBOMResponse> getSBOMWithHttpInfo(
             localVarHeaderParams,
             new HashMap<String, String>(),
             new String[] {"application/json"},
-            new String[] {"apiKeyAuth", "appKeyAuth"});
+            new String[] {"AuthZ", "apiKeyAuth", "appKeyAuth"});
     return apiClient.invokeAPI(
         "GET",
         builder,
@@ -3577,7 +3577,7 @@ public CompletableFuture<ApiResponse<GetSBOMResponse>> getSBOMWithHttpInfoAsync(
               localVarHeaderParams,
               new HashMap<String, String>(),
               new String[] {"application/json"},
-              new String[] {"apiKeyAuth", "appKeyAuth"});
+              new String[] {"AuthZ", "apiKeyAuth", "appKeyAuth"});
     } catch (ApiException ex) {
       CompletableFuture<ApiResponse<GetSBOMResponse>> result = new CompletableFuture<>();
       result.completeExceptionally(ex);
@@ -6821,6 +6821,13 @@ public CompletableFuture<ListVulnerabilitiesResponse> listVulnerabilitiesAsync(
    */
   public ApiResponse<ListVulnerabilitiesResponse> listVulnerabilitiesWithHttpInfo(
       ListVulnerabilitiesOptionalParameters parameters) throws ApiException {
+    // Check if unstable operation is enabled
+    String operationId = "listVulnerabilities";
+    if (apiClient.isUnstableOperationEnabled("v2." + operationId)) {
+      apiClient.getLogger().warning(String.format("Using unstable operation '%s'", operationId));
+    } else {
+      throw new ApiException(0, String.format("Unstable operation '%s' is disabled", operationId));
+    }
     Object localVarPostBody = null;
     String pageToken = parameters.pageToken;
     Long pageNumber = parameters.pageNumber;
@@ -6969,7 +6976,7 @@ public ApiResponse<ListVulnerabilitiesResponse> listVulnerabilitiesWithHttpInfo(
             localVarHeaderParams,
             new HashMap<String, String>(),
             new String[] {"application/json"},
-            new String[] {"apiKeyAuth", "appKeyAuth"});
+            new String[] {"AuthZ", "apiKeyAuth", "appKeyAuth"});
     return apiClient.invokeAPI(
         "GET",
         builder,
@@ -6991,6 +6998,17 @@ public ApiResponse<ListVulnerabilitiesResponse> listVulnerabilitiesWithHttpInfo(
    */
   public CompletableFuture<ApiResponse<ListVulnerabilitiesResponse>>
       listVulnerabilitiesWithHttpInfoAsync(ListVulnerabilitiesOptionalParameters parameters) {
+    // Check if unstable operation is enabled
+    String operationId = "listVulnerabilities";
+    if (apiClient.isUnstableOperationEnabled("v2." + operationId)) {
+      apiClient.getLogger().warning(String.format("Using unstable operation '%s'", operationId));
+    } else {
+      CompletableFuture<ApiResponse<ListVulnerabilitiesResponse>> result =
+          new CompletableFuture<>();
+      result.completeExceptionally(
+          new ApiException(0, String.format("Unstable operation '%s' is disabled", operationId)));
+      return result;
+    }
     Object localVarPostBody = null;
     String pageToken = parameters.pageToken;
     Long pageNumber = parameters.pageNumber;
@@ -7141,7 +7159,7 @@ public ApiResponse<ListVulnerabilitiesResponse> listVulnerabilitiesWithHttpInfo(
               localVarHeaderParams,
               new HashMap<String, String>(),
               new String[] {"application/json"},
-              new String[] {"apiKeyAuth", "appKeyAuth"});
+              new String[] {"AuthZ", "apiKeyAuth", "appKeyAuth"});
     } catch (ApiException ex) {
       CompletableFuture<ApiResponse<ListVulnerabilitiesResponse>> result =
           new CompletableFuture<>();
@@ -7461,6 +7479,13 @@ public CompletableFuture<ListVulnerableAssetsResponse> listVulnerableAssetsAsync
    */
   public ApiResponse<ListVulnerableAssetsResponse> listVulnerableAssetsWithHttpInfo(
       ListVulnerableAssetsOptionalParameters parameters) throws ApiException {
+    // Check if unstable operation is enabled
+    String operationId = "listVulnerableAssets";
+    if (apiClient.isUnstableOperationEnabled("v2." + operationId)) {
+      apiClient.getLogger().warning(String.format("Using unstable operation '%s'", operationId));
+    } else {
+      throw new ApiException(0, String.format("Unstable operation '%s' is disabled", operationId));
+    }
     Object localVarPostBody = null;
     String pageToken = parameters.pageToken;
     Long pageNumber = parameters.pageNumber;
@@ -7524,7 +7549,7 @@ public ApiResponse<ListVulnerableAssetsResponse> listVulnerableAssetsWithHttpInf
             localVarHeaderParams,
             new HashMap<String, String>(),
             new String[] {"application/json"},
-            new String[] {"apiKeyAuth", "appKeyAuth"});
+            new String[] {"AuthZ", "apiKeyAuth", "appKeyAuth"});
     return apiClient.invokeAPI(
         "GET",
         builder,
@@ -7546,6 +7571,17 @@ public ApiResponse<ListVulnerableAssetsResponse> listVulnerableAssetsWithHttpInf
    */
   public CompletableFuture<ApiResponse<ListVulnerableAssetsResponse>>
       listVulnerableAssetsWithHttpInfoAsync(ListVulnerableAssetsOptionalParameters parameters) {
+    // Check if unstable operation is enabled
+    String operationId = "listVulnerableAssets";
+    if (apiClient.isUnstableOperationEnabled("v2." + operationId)) {
+      apiClient.getLogger().warning(String.format("Using unstable operation '%s'", operationId));
+    } else {
+      CompletableFuture<ApiResponse<ListVulnerableAssetsResponse>> result =
+          new CompletableFuture<>();
+      result.completeExceptionally(
+          new ApiException(0, String.format("Unstable operation '%s' is disabled", operationId)));
+      return result;
+    }
     Object localVarPostBody = null;
     String pageToken = parameters.pageToken;
     Long pageNumber = parameters.pageNumber;
@@ -7611,7 +7647,7 @@ public ApiResponse<ListVulnerableAssetsResponse> listVulnerableAssetsWithHttpInf
               localVarHeaderParams,
               new HashMap<String, String>(),
               new String[] {"application/json"},
-              new String[] {"apiKeyAuth", "appKeyAuth"});
+              new String[] {"AuthZ", "apiKeyAuth", "appKeyAuth"});
     } catch (ApiException ex) {
       CompletableFuture<ApiResponse<ListVulnerableAssetsResponse>> result =
           new CompletableFuture<>();

src/test/resources/com/datadog/api/client/v2/api/security_monitoring.feature

@@ -473,7 +473,7 @@ Feature: Security Monitoring
     When the request is sent
     Then the response status is 404 Not found: asset not found
 
-  @team:DataDog/asm-vm
+  @skip @team:DataDog/asm-vm
   Scenario: Get SBOM returns "OK" response
     Given operation "GetSBOM" enabled
     And new "GetSBOM" request
@@ -830,21 +830,24 @@ Feature: Security Monitoring
 
   @generated @skip @team:DataDog/asm-vm
   Scenario: List vulnerabilities returns "Bad request: The server cannot process the request due to invalid syntax in the request." response
-    Given new "ListVulnerabilities" request
+    Given operation "ListVulnerabilities" enabled
+    And new "ListVulnerabilities" request
     When the request is sent
     Then the response status is 400 Bad request: The server cannot process the request due to invalid syntax in the request.
 
   @team:DataDog/asm-vm
   Scenario: List vulnerabilities returns "Not found: There is no request associated with the provided token." response
-    Given new "ListVulnerabilities" request
+    Given operation "ListVulnerabilities" enabled
+    And new "ListVulnerabilities" request
     And request contains "page[token]" parameter with value "unknown"
     And request contains "page[number]" parameter with value 1
     When the request is sent
     Then the response status is 404 Not found: There is no request associated with the provided token.
 
   @team:DataDog/asm-vm
   Scenario: List vulnerabilities returns "OK" response
-    Given new "ListVulnerabilities" request
+    Given operation "ListVulnerabilities" enabled
+    And new "ListVulnerabilities" request
     And request contains "filter[cvss.base.severity]" parameter with value "High"
     And request contains "filter[asset.type]" parameter with value "Service"
     And request contains "filter[tool]" parameter with value "Infra"
@@ -853,21 +856,24 @@ Feature: Security Monitoring
 
   @generated @skip @team:DataDog/asm-vm
   Scenario: List vulnerable assets returns "Bad request: The server cannot process the request due to invalid syntax in the request." response
-    Given new "ListVulnerableAssets" request
+    Given operation "ListVulnerableAssets" enabled
+    And new "ListVulnerableAssets" request
     When the request is sent
     Then the response status is 400 Bad request: The server cannot process the request due to invalid syntax in the request.
 
   @team:DataDog/asm-vm
   Scenario: List vulnerable assets returns "Not found: There is no request associated with the provided token." response
-    Given new "ListVulnerableAssets" request
+    Given operation "ListVulnerableAssets" enabled
+    And new "ListVulnerableAssets" request
     And request contains "page[token]" parameter with value "unknown"
     And request contains "page[number]" parameter with value 1
     When the request is sent
     Then the response status is 404 Not found: There is no request associated with the provided token.
 
   @team:DataDog/asm-vm
   Scenario: List vulnerable assets returns "OK" response
-    Given new "ListVulnerableAssets" request
+    Given operation "ListVulnerableAssets" enabled
+    And new "ListVulnerableAssets" request
     And request contains "filter[type]" parameter with value "Host"
     And request contains "filter[repository_url]" parameter with value "github.com/datadog/dd-go"
     And request contains "filter[risks.in_production]" parameter with value true