naftiko: 1.0.0-alpha2 info: label: Datadog API — Vulnerabilities description: 'Datadog API — Vulnerabilities. 3 operations. Lead operation: Datadog List Vulnerabilities. Self-contained Naftiko capability covering one Datadog business surface.' tags: - Datadog - Vulnerabilities created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: DATADOG_API_KEY: DATADOG_API_KEY capability: consumes: - type: http namespace: datadog-vulnerabilities baseUri: https://{subdomain}.{site} description: Datadog API — Vulnerabilities business capability. Self-contained, no shared references. resources: - name: api-v2-security-vulnerabilities path: /api/v2/security/vulnerabilities operations: - name: listvulnerabilities method: GET description: Datadog List Vulnerabilities outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: page[token] in: query type: string description: Its value must come from the `links` section of the response of the first request. Do not manually edit it. - name: page[number] in: query type: integer description: The page number to be retrieved. It should be equal or greater than `1` - name: filter[type] in: query type: string description: Filter by vulnerability type. - name: filter[cvss.base.score][`$op`] in: query type: number description: Filter by vulnerability base (i.e. from the original advisory) severity score. - name: filter[cvss.base.severity] in: query type: string description: Filter by vulnerability base severity. - name: filter[cvss.base.vector] in: query type: string description: Filter by vulnerability base CVSS vector. - name: filter[cvss.datadog.score][`$op`] in: query type: number description: Filter by vulnerability Datadog severity score. - name: filter[cvss.datadog.severity] in: query type: string description: Filter by vulnerability Datadog severity. - name: filter[cvss.datadog.vector] in: query type: string description: Filter by vulnerability Datadog CVSS vector. - name: filter[status] in: query type: string description: Filter by the status of the vulnerability. - name: filter[tool] in: query type: string description: Filter by the tool of the vulnerability. - name: filter[library.name] in: query type: string description: Filter by library name. - name: filter[library.version] in: query type: string description: Filter by library version. - name: filter[advisory_id] in: query type: string description: Filter by advisory ID. - name: filter[risks.exploitation_probability] in: query type: boolean description: Filter by exploitation probability. - name: filter[risks.poc_exploit_available] in: query type: boolean description: Filter by POC exploit availability. - name: filter[risks.exploit_available] in: query type: boolean description: Filter by public exploit availability. - name: filter[risks.epss.score][`$op`] in: query type: number description: Filter by vulnerability [EPSS](https://www.first.org/epss/) severity score. - name: filter[risks.epss.severity] in: query type: string description: Filter by vulnerability [EPSS](https://www.first.org/epss/) severity. - name: filter[language] in: query type: string description: Filter by language. - name: filter[ecosystem] in: query type: string description: Filter by ecosystem. - name: filter[code_location.location] in: query type: string description: Filter by vulnerability location. - name: filter[code_location.file_path] in: query type: string description: Filter by vulnerability file path. - name: filter[code_location.method] in: query type: string description: Filter by method. - name: filter[fix_available] in: query type: boolean description: Filter by fix availability. - name: filter[repo_digests] in: query type: string description: Filter by vulnerability `repo_digest` (when the vulnerability is related to `Image` asset). - name: filter[asset.name] in: query type: string description: Filter by asset name. - name: filter[asset.type] in: query type: string description: Filter by asset type. - name: filter[asset.version.first] in: query type: string description: Filter by the first version of the asset this vulnerability has been detected on. - name: filter[asset.version.last] in: query type: string description: Filter by the last version of the asset this vulnerability has been detected on. - name: filter[asset.repository_url] in: query type: string description: Filter by the repository url associated to the asset. - name: filter[asset.risks.in_production] in: query type: boolean description: Filter whether the asset is in production or not. - name: filter[asset.risks.under_attack] in: query type: boolean description: Filter whether the asset is under attack or not. - name: filter[asset.risks.is_publicly_accessible] in: query type: boolean description: Filter whether the asset is publicly accessible or not. - name: filter[asset.risks.has_privileged_access] in: query type: boolean description: Filter whether the asset is publicly accessible or not. - name: filter[asset.risks.has_access_to_sensitive_data] in: query type: boolean description: Filter whether the asset has access to sensitive data or not. - name: filter[asset.environments] in: query type: string description: Filter by asset environments. - name: filter[asset.arch] in: query type: string description: Filter by asset architecture. - name: filter[asset.operating_system.name] in: query type: string description: Filter by asset operating system name. - name: filter[asset.operating_system.version] in: query type: string description: Filter by asset operating system version. - name: api-v2-security-vulnerabilities-notification_rules path: /api/v2/security/vulnerabilities/notification_rules operations: - name: getvulnerabilitynotificationrules method: GET description: Datadog Get the List of Vulnerability Notification Rules outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-v2-security-vulnerabilities-notification_rules-id path: /api/v2/security/vulnerabilities/notification_rules/{id} operations: - name: getvulnerabilitynotificationrule method: GET description: Datadog Get Details of a Vulnerability Notification Rule outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: ID of the notification rule. required: true authentication: type: bearer token: '{{env.DATADOG_API_KEY}}' exposes: - type: rest namespace: datadog-vulnerabilities-rest port: 8080 description: REST adapter for Datadog API — Vulnerabilities. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/api/v2/security/vulnerabilities name: api-v2-security-vulnerabilities description: REST surface for api-v2-security-vulnerabilities. operations: - method: GET name: listvulnerabilities description: Datadog List Vulnerabilities call: datadog-vulnerabilities.listvulnerabilities with: page[token]: rest.page[token] page[number]: rest.page[number] filter[type]: rest.filter[type] filter[cvss.base.score][`$op`]: rest.filter[cvss.base.score][`$op`] filter[cvss.base.severity]: rest.filter[cvss.base.severity] filter[cvss.base.vector]: rest.filter[cvss.base.vector] filter[cvss.datadog.score][`$op`]: rest.filter[cvss.datadog.score][`$op`] filter[cvss.datadog.severity]: rest.filter[cvss.datadog.severity] filter[cvss.datadog.vector]: rest.filter[cvss.datadog.vector] filter[status]: rest.filter[status] filter[tool]: rest.filter[tool] filter[library.name]: rest.filter[library.name] filter[library.version]: rest.filter[library.version] filter[advisory_id]: rest.filter[advisory_id] filter[risks.exploitation_probability]: rest.filter[risks.exploitation_probability] filter[risks.poc_exploit_available]: rest.filter[risks.poc_exploit_available] filter[risks.exploit_available]: rest.filter[risks.exploit_available] filter[risks.epss.score][`$op`]: rest.filter[risks.epss.score][`$op`] filter[risks.epss.severity]: rest.filter[risks.epss.severity] filter[language]: rest.filter[language] filter[ecosystem]: rest.filter[ecosystem] filter[code_location.location]: rest.filter[code_location.location] filter[code_location.file_path]: rest.filter[code_location.file_path] filter[code_location.method]: rest.filter[code_location.method] filter[fix_available]: rest.filter[fix_available] filter[repo_digests]: rest.filter[repo_digests] filter[asset.name]: rest.filter[asset.name] filter[asset.type]: rest.filter[asset.type] filter[asset.version.first]: rest.filter[asset.version.first] filter[asset.version.last]: rest.filter[asset.version.last] filter[asset.repository_url]: rest.filter[asset.repository_url] filter[asset.risks.in_production]: rest.filter[asset.risks.in_production] filter[asset.risks.under_attack]: rest.filter[asset.risks.under_attack] filter[asset.risks.is_publicly_accessible]: rest.filter[asset.risks.is_publicly_accessible] filter[asset.risks.has_privileged_access]: rest.filter[asset.risks.has_privileged_access] filter[asset.risks.has_access_to_sensitive_data]: rest.filter[asset.risks.has_access_to_sensitive_data] filter[asset.environments]: rest.filter[asset.environments] filter[asset.arch]: rest.filter[asset.arch] filter[asset.operating_system.name]: rest.filter[asset.operating_system.name] filter[asset.operating_system.version]: rest.filter[asset.operating_system.version] outputParameters: - type: object mapping: $. - path: /v1/api/v2/security/vulnerabilities/notification-rules name: api-v2-security-vulnerabilities-notification-rules description: REST surface for api-v2-security-vulnerabilities-notification_rules. operations: - method: GET name: getvulnerabilitynotificationrules description: Datadog Get the List of Vulnerability Notification Rules call: datadog-vulnerabilities.getvulnerabilitynotificationrules outputParameters: - type: object mapping: $. - path: /v1/api/v2/security/vulnerabilities/notification-rules/{id} name: api-v2-security-vulnerabilities-notification-rules-id description: REST surface for api-v2-security-vulnerabilities-notification_rules-id. operations: - method: GET name: getvulnerabilitynotificationrule description: Datadog Get Details of a Vulnerability Notification Rule call: datadog-vulnerabilities.getvulnerabilitynotificationrule with: id: rest.id outputParameters: - type: object mapping: $. - type: mcp namespace: datadog-vulnerabilities-mcp port: 9090 transport: http description: MCP adapter for Datadog API — Vulnerabilities. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: datadog-list-vulnerabilities description: Datadog List Vulnerabilities hints: readOnly: true destructive: false idempotent: true call: datadog-vulnerabilities.listvulnerabilities with: page[token]: tools.page[token] page[number]: tools.page[number] filter[type]: tools.filter[type] filter[cvss.base.score][`$op`]: tools.filter[cvss.base.score][`$op`] filter[cvss.base.severity]: tools.filter[cvss.base.severity] filter[cvss.base.vector]: tools.filter[cvss.base.vector] filter[cvss.datadog.score][`$op`]: tools.filter[cvss.datadog.score][`$op`] filter[cvss.datadog.severity]: tools.filter[cvss.datadog.severity] filter[cvss.datadog.vector]: tools.filter[cvss.datadog.vector] filter[status]: tools.filter[status] filter[tool]: tools.filter[tool] filter[library.name]: tools.filter[library.name] filter[library.version]: tools.filter[library.version] filter[advisory_id]: tools.filter[advisory_id] filter[risks.exploitation_probability]: tools.filter[risks.exploitation_probability] filter[risks.poc_exploit_available]: tools.filter[risks.poc_exploit_available] filter[risks.exploit_available]: tools.filter[risks.exploit_available] filter[risks.epss.score][`$op`]: tools.filter[risks.epss.score][`$op`] filter[risks.epss.severity]: tools.filter[risks.epss.severity] filter[language]: tools.filter[language] filter[ecosystem]: tools.filter[ecosystem] filter[code_location.location]: tools.filter[code_location.location] filter[code_location.file_path]: tools.filter[code_location.file_path] filter[code_location.method]: tools.filter[code_location.method] filter[fix_available]: tools.filter[fix_available] filter[repo_digests]: tools.filter[repo_digests] filter[asset.name]: tools.filter[asset.name] filter[asset.type]: tools.filter[asset.type] filter[asset.version.first]: tools.filter[asset.version.first] filter[asset.version.last]: tools.filter[asset.version.last] filter[asset.repository_url]: tools.filter[asset.repository_url] filter[asset.risks.in_production]: tools.filter[asset.risks.in_production] filter[asset.risks.under_attack]: tools.filter[asset.risks.under_attack] filter[asset.risks.is_publicly_accessible]: tools.filter[asset.risks.is_publicly_accessible] filter[asset.risks.has_privileged_access]: tools.filter[asset.risks.has_privileged_access] filter[asset.risks.has_access_to_sensitive_data]: tools.filter[asset.risks.has_access_to_sensitive_data] filter[asset.environments]: tools.filter[asset.environments] filter[asset.arch]: tools.filter[asset.arch] filter[asset.operating_system.name]: tools.filter[asset.operating_system.name] filter[asset.operating_system.version]: tools.filter[asset.operating_system.version] outputParameters: - type: object mapping: $. - name: datadog-get-list-vulnerability-notification description: Datadog Get the List of Vulnerability Notification Rules hints: readOnly: true destructive: false idempotent: true call: datadog-vulnerabilities.getvulnerabilitynotificationrules outputParameters: - type: object mapping: $. - name: datadog-get-details-vulnerability-notification description: Datadog Get Details of a Vulnerability Notification Rule hints: readOnly: true destructive: false idempotent: true call: datadog-vulnerabilities.getvulnerabilitynotificationrule with: id: tools.id outputParameters: - type: object mapping: $.