--- title: Create Custom Ruleset description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Static Analysis --- # Create Custom Ruleset{% #create-custom-ruleset %} {% tab title="v2" %} **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). | Datadog site | API endpoint | | ----------------- | ------------------------------------------------------------------------ | | ap1.datadoghq.com | PUT https://api.ap1.datadoghq.com/api/v2/static-analysis/custom/rulesets | | ap2.datadoghq.com | PUT https://api.ap2.datadoghq.com/api/v2/static-analysis/custom/rulesets | | app.datadoghq.eu | PUT https://api.datadoghq.eu/api/v2/static-analysis/custom/rulesets | | app.ddog-gov.com | PUT https://api.ddog-gov.com/api/v2/static-analysis/custom/rulesets | | us2.ddog-gov.com | PUT https://api.us2.ddog-gov.com/api/v2/static-analysis/custom/rulesets | | app.datadoghq.com | PUT https://api.datadoghq.com/api/v2/static-analysis/custom/rulesets | | us3.datadoghq.com | PUT https://api.us3.datadoghq.com/api/v2/static-analysis/custom/rulesets | | us5.datadoghq.com | PUT https://api.us5.datadoghq.com/api/v2/static-analysis/custom/rulesets | ### Overview Create a new custom ruleset for the authenticated organization. OAuth apps require the `code_analysis_read` authorization [scope](https://docs.datadoghq.com/api/latest/scopes.md#static-analysis) to access this endpoint. ### Request #### Body Data (required) {% tab title="Model" %} | Parent field | Field | Type | Description | | ------------- | ----------------------------------- | --------- | ------------------------------------------------------------------------------------------------------------ | | | data | object | Data object for a custom ruleset create or update request. | | data | attributes | object | Attributes for creating or updating a custom ruleset. | | attributes | description | string | Base64-encoded full description | | attributes | name | string | Ruleset name | | attributes | rules | [object] | Rules in the ruleset | | rules | created_at [*required*] | date-time | Creation timestamp | | rules | created_by [*required*] | string | Creator identifier | | rules | last_revision [*required*] | object | Most recent revision | | last_revision | attributes [*required*] | object | Attributes of a custom rule revision, including code, metadata, and test cases. | | attributes | arguments [*required*] | [object] | Rule arguments | | arguments | description [*required*] | string | Base64-encoded argument description | | arguments | name [*required*] | string | Base64-encoded argument name | | attributes | category [*required*] | enum | Rule category Allowed enum values: `SECURITY,BEST_PRACTICES,CODE_STYLE,ERROR_PRONE,PERFORMANCE` | | attributes | checksum [*required*] | string | Code checksum | | attributes | code [*required*] | string | Rule code | | attributes | created_at [*required*] | date-time | Creation timestamp | | attributes | created_by [*required*] | string | Creator identifier | | attributes | creation_message [*required*] | string | Revision creation message | | attributes | cve [*required*] | string | Associated CVE | | attributes | cwe [*required*] | string | Associated CWE | | attributes | description [*required*] | string | Full description | | attributes | documentation_url [*required*] | string | Documentation URL | | attributes | is_published [*required*] | boolean | Whether the revision is published | | attributes | is_testing [*required*] | boolean | Whether this is a testing revision | | attributes | language [*required*] | enum | Programming language Allowed enum values: `PYTHON,JAVASCRIPT,TYPESCRIPT,JAVA,GO,YAML,RUBY,CSHARP,PHP,KOTLIN` | | attributes | severity [*required*] | enum | Rule severity Allowed enum values: `ERROR,WARNING,NOTICE` | | attributes | short_description [*required*] | string | Short description | | attributes | should_use_ai_fix [*required*] | boolean | Whether to use AI for fixes | | attributes | tags [*required*] | [string] | Rule tags | | attributes | tests [*required*] | [object] | Rule tests | | tests | annotation_count [*required*] | int64 | Expected violation count | | tests | code [*required*] | string | Test code | | tests | filename [*required*] | string | Test filename | | attributes | tree_sitter_query [*required*] | string | Tree-sitter query | | last_revision | id [*required*] | string | Revision identifier | | last_revision | type [*required*] | enum | Resource type Allowed enum values: `custom_rule_revision` | | rules | name [*required*] | string | Rule name | | attributes | short_description | string | Base64-encoded short description | | data | id | string | Ruleset identifier | | data | type | enum | Resource type Allowed enum values: `custom_ruleset` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "description": "string", "name": "string", "rules": [ { "created_at": "2026-01-09T13:00:57.473141Z", "created_by": "foobarbaz", "last_revision": { "attributes": { "arguments": [ { "description": "YXJndW1lbnQgZGVzY3JpcHRpb24=", "name": "YXJndW1lbnRfbmFtZQ==" } ], "category": "SECURITY", "checksum": "8a66c4e4e631099ad71be3c1ea3ea8fc2d57193e56db2c296e2dd8a508b26b99", "code": "Y29uZHVjdG9yOgogICAgLSBkZXBsb3lfb25seTogdHJ1ZQ==", "created_at": "2026-01-09T13:00:57.473141Z", "created_by": "foobarbaz", "creation_message": "Initial revision", "cve": "CVE-2024-1234", "cwe": "CWE-79", "description": "bG9uZyBkZXNjcmlwdGlvbg==", "documentation_url": "https://docs.example.com/rules/my-rule", "is_published": false, "is_testing": false, "language": "PYTHON", "severity": "ERROR", "short_description": "c2hvcnQgZGVzY3JpcHRpb24=", "should_use_ai_fix": false, "tags": [ "security", "custom" ], "tests": [ { "annotation_count": 1, "code": "Y29uZHVjdG9yOgogICAgLSBkZXBsb3lfb25seTogdHJ1ZQ==", "filename": "test.yaml" } ], "tree_sitter_query": "Y29uZHVjdG9yOgogICAgLSBkZXBsb3lfb25seTogdHJ1ZQ==" }, "id": "revision-123", "type": "custom_rule_revision" }, "name": "my-rule" } ], "short_description": "string" }, "id": "string", "type": "custom_ruleset" } } ``` {% /tab %} ### Response {% tab title="200" %} OK {% tab title="Model" %} Response containing a single custom ruleset. | Parent field | Field | Type | Description | | ------------- | ----------------------------------- | --------- | ------------------------------------------------------------------------------------------------------------ | | | data [*required*] | object | A custom static analysis ruleset containing a set of user-defined rules. | | data | attributes [*required*] | object | Attributes of a custom ruleset, including its name, description, and rules. | | attributes | created_at [*required*] | date-time | Creation timestamp | | attributes | created_by [*required*] | string | Creator identifier | | attributes | description [*required*] | string | Base64-encoded full description | | attributes | name [*required*] | string | Ruleset name | | attributes | rules [*required*] | [object] | Rules in the ruleset | | rules | created_at [*required*] | date-time | Creation timestamp | | rules | created_by [*required*] | string | Creator identifier | | rules | last_revision [*required*] | object | Most recent revision | | last_revision | attributes [*required*] | object | Attributes of a custom rule revision, including code, metadata, and test cases. | | attributes | arguments [*required*] | [object] | Rule arguments | | arguments | description [*required*] | string | Base64-encoded argument description | | arguments | name [*required*] | string | Base64-encoded argument name | | attributes | category [*required*] | enum | Rule category Allowed enum values: `SECURITY,BEST_PRACTICES,CODE_STYLE,ERROR_PRONE,PERFORMANCE` | | attributes | checksum [*required*] | string | Code checksum | | attributes | code [*required*] | string | Rule code | | attributes | created_at [*required*] | date-time | Creation timestamp | | attributes | created_by [*required*] | string | Creator identifier | | attributes | creation_message [*required*] | string | Revision creation message | | attributes | cve [*required*] | string | Associated CVE | | attributes | cwe [*required*] | string | Associated CWE | | attributes | description [*required*] | string | Full description | | attributes | documentation_url [*required*] | string | Documentation URL | | attributes | is_published [*required*] | boolean | Whether the revision is published | | attributes | is_testing [*required*] | boolean | Whether this is a testing revision | | attributes | language [*required*] | enum | Programming language Allowed enum values: `PYTHON,JAVASCRIPT,TYPESCRIPT,JAVA,GO,YAML,RUBY,CSHARP,PHP,KOTLIN` | | attributes | severity [*required*] | enum | Rule severity Allowed enum values: `ERROR,WARNING,NOTICE` | | attributes | short_description [*required*] | string | Short description | | attributes | should_use_ai_fix [*required*] | boolean | Whether to use AI for fixes | | attributes | tags [*required*] | [string] | Rule tags | | attributes | tests [*required*] | [object] | Rule tests | | tests | annotation_count [*required*] | int64 | Expected violation count | | tests | code [*required*] | string | Test code | | tests | filename [*required*] | string | Test filename | | attributes | tree_sitter_query [*required*] | string | Tree-sitter query | | last_revision | id [*required*] | string | Revision identifier | | last_revision | type [*required*] | enum | Resource type Allowed enum values: `custom_rule_revision` | | rules | name [*required*] | string | Rule name | | attributes | short_description [*required*] | string | Base64-encoded short description | | data | id [*required*] | string | Ruleset identifier | | data | type [*required*] | enum | Resource type Allowed enum values: `custom_ruleset` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "created_at": "2026-01-09T13:00:57.473141Z", "created_by": "foobarbaz", "description": "bG9uZyBkZXNjcmlwdGlvbg==", "name": "my-ruleset", "rules": [ { "created_at": "2026-01-09T13:00:57.473141Z", "created_by": "foobarbaz", "last_revision": { "attributes": { "arguments": [ { "description": "YXJndW1lbnQgZGVzY3JpcHRpb24=", "name": "YXJndW1lbnRfbmFtZQ==" } ], "category": "SECURITY", "checksum": "8a66c4e4e631099ad71be3c1ea3ea8fc2d57193e56db2c296e2dd8a508b26b99", "code": "Y29uZHVjdG9yOgogICAgLSBkZXBsb3lfb25seTogdHJ1ZQ==", "created_at": "2026-01-09T13:00:57.473141Z", "created_by": "foobarbaz", "creation_message": "Initial revision", "cve": "CVE-2024-1234", "cwe": "CWE-79", "description": "bG9uZyBkZXNjcmlwdGlvbg==", "documentation_url": "https://docs.example.com/rules/my-rule", "is_published": false, "is_testing": false, "language": "PYTHON", "severity": "ERROR", "short_description": "c2hvcnQgZGVzY3JpcHRpb24=", "should_use_ai_fix": false, "tags": [ "security", "custom" ], "tests": [ { "annotation_count": 1, "code": "Y29uZHVjdG9yOgogICAgLSBkZXBsb3lfb25seTogdHJ1ZQ==", "filename": "test.yaml" } ], "tree_sitter_query": "Y29uZHVjdG9yOgogICAgLSBkZXBsb3lfb25seTogdHJ1ZQ==" }, "id": "revision-123", "type": "custom_rule_revision" }, "name": "my-rule" } ], "short_description": "c2hvcnQgZGVzY3JpcHRpb24=" }, "id": "my-ruleset", "type": "custom_ruleset" } } ``` {% /tab %} {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} API error response. | Parent field | Field | Type | Description | | ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- | | | errors [*required*] | [object] | A list of errors. | | errors | detail | string | A human-readable explanation specific to this occurrence of the error. | | errors | meta | object | Non-standard meta-information about the error | | errors | source | object | References to the source of the error. | | source | header | string | A string indicating the name of a single request header which caused the error. | | source | parameter | string | A string indicating which URI query parameter caused the error. | | source | pointer | string | A JSON pointer to the value in the request document that caused the error. | | errors | status | string | Status code of the response. | | errors | title | string | Short human-readable summary of the error. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ { "detail": "Missing required attribute in body", "meta": {}, "source": { "header": "Authorization", "parameter": "limit", "pointer": "/data/attributes/title" }, "status": "400", "title": "Bad Request" } ] } ``` {% /tab %} {% /tab %} {% tab title="401" %} Unauthorized {% tab title="Model" %} API error response. | Parent field | Field | Type | Description | | ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- | | | errors [*required*] | [object] | A list of errors. | | errors | detail | string | A human-readable explanation specific to this occurrence of the error. | | errors | meta | object | Non-standard meta-information about the error | | errors | source | object | References to the source of the error. | | source | header | string | A string indicating the name of a single request header which caused the error. | | source | parameter | string | A string indicating which URI query parameter caused the error. | | source | pointer | string | A JSON pointer to the value in the request document that caused the error. | | errors | status | string | Status code of the response. | | errors | title | string | Short human-readable summary of the error. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ { "detail": "Missing required attribute in body", "meta": {}, "source": { "header": "Authorization", "parameter": "limit", "pointer": "/data/attributes/title" }, "status": "400", "title": "Bad Request" } ] } ``` {% /tab %} {% /tab %} {% tab title="409" %} Conflict {% tab title="Model" %} API error response. | Parent field | Field | Type | Description | | ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- | | | errors [*required*] | [object] | A list of errors. | | errors | detail | string | A human-readable explanation specific to this occurrence of the error. | | errors | meta | object | Non-standard meta-information about the error | | errors | source | object | References to the source of the error. | | source | header | string | A string indicating the name of a single request header which caused the error. | | source | parameter | string | A string indicating which URI query parameter caused the error. | | source | pointer | string | A JSON pointer to the value in the request document that caused the error. | | errors | status | string | Status code of the response. | | errors | title | string | Short human-readable summary of the error. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ { "detail": "Missing required attribute in body", "meta": {}, "source": { "header": "Authorization", "parameter": "limit", "pointer": "/data/attributes/title" }, "status": "400", "title": "Bad Request" } ] } ``` {% /tab %} {% /tab %} {% tab title="412" %} Precondition Failed {% tab title="Model" %} API error response. | Parent field | Field | Type | Description | | ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- | | | errors [*required*] | [object] | A list of errors. | | errors | detail | string | A human-readable explanation specific to this occurrence of the error. | | errors | meta | object | Non-standard meta-information about the error | | errors | source | object | References to the source of the error. | | source | header | string | A string indicating the name of a single request header which caused the error. | | source | parameter | string | A string indicating which URI query parameter caused the error. | | source | pointer | string | A JSON pointer to the value in the request document that caused the error. | | errors | status | string | Status code of the response. | | errors | title | string | Short human-readable summary of the error. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ { "detail": "Missing required attribute in body", "meta": {}, "source": { "header": "Authorization", "parameter": "limit", "pointer": "/data/attributes/title" }, "status": "400", "title": "Bad Request" } ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \## default # \# Curl command curl -X PUT "https://api.datadoghq.com/api/v2/static-analysis/custom/rulesets" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "description": "My custom ruleset.", "name": "my-custom-ruleset" }, "type": "custom_ruleset" } } EOF {% /tab %}