Datadog · Capability
Datadog API — Vulnerabilities
Datadog API — Vulnerabilities. 3 operations. Lead operation: Datadog List Vulnerabilities. Self-contained Naftiko capability covering one Datadog business surface.
What You Can Do
GET
Listvulnerabilities
— Datadog List Vulnerabilities
/v1/api/v2/security/vulnerabilities
GET
Getvulnerabilitynotificationrules
— Datadog Get the List of Vulnerability Notification Rules
/v1/api/v2/security/vulnerabilities/notification-rules
GET
Getvulnerabilitynotificationrule
— Datadog Get Details of a Vulnerability Notification Rule
/v1/api/v2/security/vulnerabilities/notification-rules/{id}
MCP Tools
datadog-list-vulnerabilities
Datadog List Vulnerabilities
read-only
idempotent
datadog-get-list-vulnerability-notification
Datadog Get the List of Vulnerability Notification Rules
read-only
idempotent
datadog-get-details-vulnerability-notification
Datadog Get Details of a Vulnerability Notification Rule
read-only
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Datadog API — Vulnerabilities
description: 'Datadog API — Vulnerabilities. 3 operations. Lead operation: Datadog List Vulnerabilities. Self-contained
Naftiko capability covering one Datadog business surface.'
tags:
- Datadog
- Vulnerabilities
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
DATADOG_API_KEY: DATADOG_API_KEY
capability:
consumes:
- type: http
namespace: datadog-vulnerabilities
baseUri: https://{subdomain}.{site}
description: Datadog API — Vulnerabilities business capability. Self-contained, no shared references.
resources:
- name: api-v2-security-vulnerabilities
path: /api/v2/security/vulnerabilities
operations:
- name: listvulnerabilities
method: GET
description: Datadog List Vulnerabilities
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: page[token]
in: query
type: string
description: Its value must come from the `links` section of the response of the first request. Do not manually
edit it.
- name: page[number]
in: query
type: integer
description: The page number to be retrieved. It should be equal or greater than `1`
- name: filter[type]
in: query
type: string
description: Filter by vulnerability type.
- name: filter[cvss.base.score][`$op`]
in: query
type: number
description: Filter by vulnerability base (i.e. from the original advisory) severity score.
- name: filter[cvss.base.severity]
in: query
type: string
description: Filter by vulnerability base severity.
- name: filter[cvss.base.vector]
in: query
type: string
description: Filter by vulnerability base CVSS vector.
- name: filter[cvss.datadog.score][`$op`]
in: query
type: number
description: Filter by vulnerability Datadog severity score.
- name: filter[cvss.datadog.severity]
in: query
type: string
description: Filter by vulnerability Datadog severity.
- name: filter[cvss.datadog.vector]
in: query
type: string
description: Filter by vulnerability Datadog CVSS vector.
- name: filter[status]
in: query
type: string
description: Filter by the status of the vulnerability.
- name: filter[tool]
in: query
type: string
description: Filter by the tool of the vulnerability.
- name: filter[library.name]
in: query
type: string
description: Filter by library name.
- name: filter[library.version]
in: query
type: string
description: Filter by library version.
- name: filter[advisory_id]
in: query
type: string
description: Filter by advisory ID.
- name: filter[risks.exploitation_probability]
in: query
type: boolean
description: Filter by exploitation probability.
- name: filter[risks.poc_exploit_available]
in: query
type: boolean
description: Filter by POC exploit availability.
- name: filter[risks.exploit_available]
in: query
type: boolean
description: Filter by public exploit availability.
- name: filter[risks.epss.score][`$op`]
in: query
type: number
description: Filter by vulnerability [EPSS](https://www.first.org/epss/) severity score.
- name: filter[risks.epss.severity]
in: query
type: string
description: Filter by vulnerability [EPSS](https://www.first.org/epss/) severity.
- name: filter[language]
in: query
type: string
description: Filter by language.
- name: filter[ecosystem]
in: query
type: string
description: Filter by ecosystem.
- name: filter[code_location.location]
in: query
type: string
description: Filter by vulnerability location.
- name: filter[code_location.file_path]
in: query
type: string
description: Filter by vulnerability file path.
- name: filter[code_location.method]
in: query
type: string
description: Filter by method.
- name: filter[fix_available]
in: query
type: boolean
description: Filter by fix availability.
- name: filter[repo_digests]
in: query
type: string
description: Filter by vulnerability `repo_digest` (when the vulnerability is related to `Image` asset).
- name: filter[asset.name]
in: query
type: string
description: Filter by asset name.
- name: filter[asset.type]
in: query
type: string
description: Filter by asset type.
- name: filter[asset.version.first]
in: query
type: string
description: Filter by the first version of the asset this vulnerability has been detected on.
- name: filter[asset.version.last]
in: query
type: string
description: Filter by the last version of the asset this vulnerability has been detected on.
- name: filter[asset.repository_url]
in: query
type: string
description: Filter by the repository url associated to the asset.
- name: filter[asset.risks.in_production]
in: query
type: boolean
description: Filter whether the asset is in production or not.
- name: filter[asset.risks.under_attack]
in: query
type: boolean
description: Filter whether the asset is under attack or not.
- name: filter[asset.risks.is_publicly_accessible]
in: query
type: boolean
description: Filter whether the asset is publicly accessible or not.
- name: filter[asset.risks.has_privileged_access]
in: query
type: boolean
description: Filter whether the asset is publicly accessible or not.
- name: filter[asset.risks.has_access_to_sensitive_data]
in: query
type: boolean
description: Filter whether the asset has access to sensitive data or not.
- name: filter[asset.environments]
in: query
type: string
description: Filter by asset environments.
- name: filter[asset.arch]
in: query
type: string
description: Filter by asset architecture.
- name: filter[asset.operating_system.name]
in: query
type: string
description: Filter by asset operating system name.
- name: filter[asset.operating_system.version]
in: query
type: string
description: Filter by asset operating system version.
- name: api-v2-security-vulnerabilities-notification_rules
path: /api/v2/security/vulnerabilities/notification_rules
operations:
- name: getvulnerabilitynotificationrules
method: GET
description: Datadog Get the List of Vulnerability Notification Rules
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
- name: api-v2-security-vulnerabilities-notification_rules-id
path: /api/v2/security/vulnerabilities/notification_rules/{id}
operations:
- name: getvulnerabilitynotificationrule
method: GET
description: Datadog Get Details of a Vulnerability Notification Rule
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: ID of the notification rule.
required: true
authentication:
type: bearer
token: '{{env.DATADOG_API_KEY}}'
exposes:
- type: rest
namespace: datadog-vulnerabilities-rest
port: 8080
description: REST adapter for Datadog API — Vulnerabilities. One Spectral-compliant resource per consumed operation, prefixed
with /v1.
resources:
- path: /v1/api/v2/security/vulnerabilities
name: api-v2-security-vulnerabilities
description: REST surface for api-v2-security-vulnerabilities.
operations:
- method: GET
name: listvulnerabilities
description: Datadog List Vulnerabilities
call: datadog-vulnerabilities.listvulnerabilities
with:
page[token]: rest.page[token]
page[number]: rest.page[number]
filter[type]: rest.filter[type]
filter[cvss.base.score][`$op`]: rest.filter[cvss.base.score][`$op`]
filter[cvss.base.severity]: rest.filter[cvss.base.severity]
filter[cvss.base.vector]: rest.filter[cvss.base.vector]
filter[cvss.datadog.score][`$op`]: rest.filter[cvss.datadog.score][`$op`]
filter[cvss.datadog.severity]: rest.filter[cvss.datadog.severity]
filter[cvss.datadog.vector]: rest.filter[cvss.datadog.vector]
filter[status]: rest.filter[status]
filter[tool]: rest.filter[tool]
filter[library.name]: rest.filter[library.name]
filter[library.version]: rest.filter[library.version]
filter[advisory_id]: rest.filter[advisory_id]
filter[risks.exploitation_probability]: rest.filter[risks.exploitation_probability]
filter[risks.poc_exploit_available]: rest.filter[risks.poc_exploit_available]
filter[risks.exploit_available]: rest.filter[risks.exploit_available]
filter[risks.epss.score][`$op`]: rest.filter[risks.epss.score][`$op`]
filter[risks.epss.severity]: rest.filter[risks.epss.severity]
filter[language]: rest.filter[language]
filter[ecosystem]: rest.filter[ecosystem]
filter[code_location.location]: rest.filter[code_location.location]
filter[code_location.file_path]: rest.filter[code_location.file_path]
filter[code_location.method]: rest.filter[code_location.method]
filter[fix_available]: rest.filter[fix_available]
filter[repo_digests]: rest.filter[repo_digests]
filter[asset.name]: rest.filter[asset.name]
filter[asset.type]: rest.filter[asset.type]
filter[asset.version.first]: rest.filter[asset.version.first]
filter[asset.version.last]: rest.filter[asset.version.last]
filter[asset.repository_url]: rest.filter[asset.repository_url]
filter[asset.risks.in_production]: rest.filter[asset.risks.in_production]
filter[asset.risks.under_attack]: rest.filter[asset.risks.under_attack]
filter[asset.risks.is_publicly_accessible]: rest.filter[asset.risks.is_publicly_accessible]
filter[asset.risks.has_privileged_access]: rest.filter[asset.risks.has_privileged_access]
filter[asset.risks.has_access_to_sensitive_data]: rest.filter[asset.risks.has_access_to_sensitive_data]
filter[asset.environments]: rest.filter[asset.environments]
filter[asset.arch]: rest.filter[asset.arch]
filter[asset.operating_system.name]: rest.filter[asset.operating_system.name]
filter[asset.operating_system.version]: rest.filter[asset.operating_system.version]
outputParameters:
- type: object
mapping: $.
- path: /v1/api/v2/security/vulnerabilities/notification-rules
name: api-v2-security-vulnerabilities-notification-rules
description: REST surface for api-v2-security-vulnerabilities-notification_rules.
operations:
- method: GET
name: getvulnerabilitynotificationrules
description: Datadog Get the List of Vulnerability Notification Rules
call: datadog-vulnerabilities.getvulnerabilitynotificationrules
outputParameters:
- type: object
mapping: $.
- path: /v1/api/v2/security/vulnerabilities/notification-rules/{id}
name: api-v2-security-vulnerabilities-notification-rules-id
description: REST surface for api-v2-security-vulnerabilities-notification_rules-id.
operations:
- method: GET
name: getvulnerabilitynotificationrule
description: Datadog Get Details of a Vulnerability Notification Rule
call: datadog-vulnerabilities.getvulnerabilitynotificationrule
with:
id: rest.id
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: datadog-vulnerabilities-mcp
port: 9090
transport: http
description: MCP adapter for Datadog API — Vulnerabilities. One tool per consumed operation, routed inline through this
capability's consumes block.
tools:
- name: datadog-list-vulnerabilities
description: Datadog List Vulnerabilities
hints:
readOnly: true
destructive: false
idempotent: true
call: datadog-vulnerabilities.listvulnerabilities
with:
page[token]: tools.page[token]
page[number]: tools.page[number]
filter[type]: tools.filter[type]
filter[cvss.base.score][`$op`]: tools.filter[cvss.base.score][`$op`]
filter[cvss.base.severity]: tools.filter[cvss.base.severity]
filter[cvss.base.vector]: tools.filter[cvss.base.vector]
filter[cvss.datadog.score][`$op`]: tools.filter[cvss.datadog.score][`$op`]
filter[cvss.datadog.severity]: tools.filter[cvss.datadog.severity]
filter[cvss.datadog.vector]: tools.filter[cvss.datadog.vector]
filter[status]: tools.filter[status]
filter[tool]: tools.filter[tool]
filter[library.name]: tools.filter[library.name]
filter[library.version]: tools.filter[library.version]
filter[advisory_id]: tools.filter[advisory_id]
filter[risks.exploitation_probability]: tools.filter[risks.exploitation_probability]
filter[risks.poc_exploit_available]: tools.filter[risks.poc_exploit_available]
filter[risks.exploit_available]: tools.filter[risks.exploit_available]
filter[risks.epss.score][`$op`]: tools.filter[risks.epss.score][`$op`]
filter[risks.epss.severity]: tools.filter[risks.epss.severity]
filter[language]: tools.filter[language]
filter[ecosystem]: tools.filter[ecosystem]
filter[code_location.location]: tools.filter[code_location.location]
filter[code_location.file_path]: tools.filter[code_location.file_path]
filter[code_location.method]: tools.filter[code_location.method]
filter[fix_available]: tools.filter[fix_available]
filter[repo_digests]: tools.filter[repo_digests]
filter[asset.name]: tools.filter[asset.name]
filter[asset.type]: tools.filter[asset.type]
filter[asset.version.first]: tools.filter[asset.version.first]
filter[asset.version.last]: tools.filter[asset.version.last]
filter[asset.repository_url]: tools.filter[asset.repository_url]
filter[asset.risks.in_production]: tools.filter[asset.risks.in_production]
filter[asset.risks.under_attack]: tools.filter[asset.risks.under_attack]
filter[asset.risks.is_publicly_accessible]: tools.filter[asset.risks.is_publicly_accessible]
filter[asset.risks.has_privileged_access]: tools.filter[asset.risks.has_privileged_access]
filter[asset.risks.has_access_to_sensitive_data]: tools.filter[asset.risks.has_access_to_sensitive_data]
filter[asset.environments]: tools.filter[asset.environments]
filter[asset.arch]: tools.filter[asset.arch]
filter[asset.operating_system.name]: tools.filter[asset.operating_system.name]
filter[asset.operating_system.version]: tools.filter[asset.operating_system.version]
outputParameters:
- type: object
mapping: $.
- name: datadog-get-list-vulnerability-notification
description: Datadog Get the List of Vulnerability Notification Rules
hints:
readOnly: true
destructive: false
idempotent: true
call: datadog-vulnerabilities.getvulnerabilitynotificationrules
outputParameters:
- type: object
mapping: $.
- name: datadog-get-details-vulnerability-notification
description: Datadog Get Details of a Vulnerability Notification Rule
hints:
readOnly: true
destructive: false
idempotent: true
call: datadog-vulnerabilities.getvulnerabilitynotificationrule
with:
id: tools.id
outputParameters:
- type: object
mapping: $.