Settings API - Vulnerability Analytics- Monitoring rules for code-level vulnerabilities schema table

  • Published Dec 05, 2023

Vulnerability Analytics: Monitoring rules for code-level vulnerabilities (builtin:appsec.code-level-vulnerability-rule-settings)

The global code-level vulnerability detection control defines the default per technology for all process groups. To override the default, define custom monitoring rules here. Note that monitoring rules are ordered; the first matching rule applies.

Schema IDSchema groupsScope
builtin:appsec.code-level-vulnerability-rule-settings
  • group:appsec.vulnerability-analytics
  • group:appsec
environment
Retrieve schema via Settings API
GETManagedhttps://{your-domain}/e/{your-environment-id}/api/v2/settings/schemas/builtin:appsec.code-level-vulnerability-rule-settings
GETSaaShttps://{your-environment-id}.live.dynatrace.com/api/v2/settings/schemas/builtin:appsec.code-level-vulnerability-rule-settings
GETEnvironment ActiveGatehttps://{your-activegate-domain}/e/{your-environment-id}/api/v2/settings/schemas/builtin:appsec.code-level-vulnerability-rule-settings

Authentication

To execute this request, you need an access token with Read settings (settings.read) scope. To learn how to obtain and use it, see Tokens and authentication.

Parameters

PropertyTypeDescriptionRequired
Enabled
enabled		boolean-Required
Rule name
ruleName		text-Optional
Step 1: Select code-level vulnerability detection behavior
vulnerabilityDetectionControl		VulnerabilityDetectionControl-Required
Step 2: Specify where the rule is applied (optional)
resourceAttributeConditions		ResourceAttributeCondition[]

When you add multiple conditions, the rule applies if all conditions apply.

If you want the rule to apply only to a subset of your environment, provide the resource attributes that should be used to identify that part of the environment.

Required
Step 3: Leave comment (optional)
metadata		Metadata-Required
The VulnerabilityDetectionControl object
PropertyTypeDescriptionRequired
Code-level vulnerability control
monitoringMode		enum
The element has these enums
  • MONITORING_OFF
  • MONITORING_ON
Required
The ResourceAttributeCondition object
PropertyTypeDescriptionRequired
Resource attribute key
resourceAttributeKey		text-Required
Matcher
matcher		enum
The element has these enums
  • EQUALS
  • NOT_EQUALS
  • CONTAINS
  • DOES_NOT_CONTAIN
  • STARTS_WITH
  • DOES_NOT_START_WITH
  • ENDS_WITH
  • DOES_NOT_END_WITH
  • EXISTS
  • DOES_NOT_EXIST
Required
Resource attribute value
resourceAttributeValue		text-Optional
The Metadata object
PropertyTypeDescriptionRequired
Comment
comment		text-Required