Settings API - Vulnerability Analytics- Monitoring rules for code-level vulnerabilities schema table

Vulnerability Analytics: Monitoring rules for code-level vulnerabilities (builtin:appsec.code-level-vulnerability-rule-settings)

The global code-level vulnerability detection control defines the default per technology for all process groups. To override the default, define custom monitoring rules here. Note that monitoring rules are ordered; the first matching rule applies.

Schema IDSchema groupsScope
builtin:appsec.code-level-vulnerability-rule-settings
  • group:appsec.vulnerability-analytics
  • group:appsec
environment
GETManagedhttps://{your-domain}/e/{your-environment-id}/api/v2/settings/schemas/builtin:appsec.code-level-vulnerability-rule-settings
SaaShttps://{your-environment-id}.live.dynatrace.com/api/v2/settings/schemas/builtin:appsec.code-level-vulnerability-rule-settings
Environment ActiveGatehttps://{your-activegate-domain}/e/{your-environment-id}/api/v2/settings/schemas/builtin:appsec.code-level-vulnerability-rule-settings

Authentication

To execute this request, you need an access token with Read settings (settings.read) scope. To learn how to obtain and use it, see Tokens and authentication.

Parameters

PropertyTypeDescriptionRequired
Enabled
enabled		boolean-required
Rule name
ruleName		text-optional
Step 1: Select code-level vulnerability detection behavior
vulnerabilityDetectionControl		VulnerabilityDetectionControl-required
Step 2: Define conditions (optional)
resourceAttributeConditions		ResourceAttributeCondition[]

When you add multiple conditions, the rule applies if all conditions apply.

We provide suggestions for resource attribute keys and values based on what we currently see in your environment. You can also enter any value that isn't in the list. Key and value matches are case-sensitive. Resource attributes come out of the box from the OneAgent, and you can set them up from data enrichment.

required
Step 3: Leave comment (optional)
metadata		Metadata-required
The VulnerabilityDetectionControl object
PropertyTypeDescriptionRequired
Code-level vulnerability control
monitoringMode		enum
  • MONITORING_OFF
  • MONITORING_ON
required
The ResourceAttributeCondition object
PropertyTypeDescriptionRequired
Resource attribute key
resourceAttributeKey		text-required
Matcher
matcher		enum
  • EQUALS
  • NOT_EQUALS
  • CONTAINS
  • DOES_NOT_CONTAIN
  • STARTS_WITH
  • DOES_NOT_START_WITH
  • ENDS_WITH
  • DOES_NOT_END_WITH
  • EXISTS
  • DOES_NOT_EXIST
required
Resource attribute value
resourceAttributeValue		text-optional
The Metadata object
PropertyTypeDescriptionRequired
Comment
comment		text-required