--- title: Submit libraries for vulnerability scanning description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Static Analysis --- # Submit libraries for vulnerability scanning{% #submit-libraries-for-vulnerability-scanning %} Copy pageCopied {% tab title="v2" %} **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). | Datadog site | API endpoint | | ----------------- | ------------------------------------------------------------------------------- | | ap1.datadoghq.com | POST https://api.ap1.datadoghq.com/api/v2/static-analysis-sca/dependencies/scan | | ap2.datadoghq.com | POST https://api.ap2.datadoghq.com/api/v2/static-analysis-sca/dependencies/scan | | app.datadoghq.eu | POST https://api.datadoghq.eu/api/v2/static-analysis-sca/dependencies/scan | | app.ddog-gov.com | POST https://api.ddog-gov.com/api/v2/static-analysis-sca/dependencies/scan | | us2.ddog-gov.com | POST https://api.us2.ddog-gov.com/api/v2/static-analysis-sca/dependencies/scan | | app.datadoghq.com | POST https://api.datadoghq.com/api/v2/static-analysis-sca/dependencies/scan | | us3.datadoghq.com | POST https://api.us3.datadoghq.com/api/v2/static-analysis-sca/dependencies/scan | | us5.datadoghq.com | POST https://api.us5.datadoghq.com/api/v2/static-analysis-sca/dependencies/scan | ### Overview OAuth apps require the `code_analysis_read` authorization [scope](https://docs.datadoghq.com/api/latest/scopes.md#static-analysis) to access this endpoint. ### Request #### Body Data (required) {% tab title="Model" %} | Parent field | Field | Type | Description | | ------------ | --------------------------------- | -------- | ------------------------------------------------------------------------------------------------ | | | data [*required*] | object | The data object in an MCP SCA scan request, containing the scan attributes and request type. | | data | attributes [*required*] | object | The attributes of an MCP SCA scan request, describing the libraries to scan and their context. | | attributes | commit_hash [*required*] | string | The commit hash of the source code being scanned. | | attributes | libraries [*required*] | [object] | The list of libraries to scan for vulnerabilities. | | libraries | exclusions | [string] | The list of dependency PURLs to exclude when resolving transitive dependencies for this library. | | libraries | is_dev [*required*] | boolean | Whether this library is a development-only dependency. | | libraries | is_direct [*required*] | boolean | Whether this library is a direct (rather than transitive) dependency. | | libraries | package_manager [*required*] | string | The package manager that produced this library entry (for example, `npm`, `pip`, `nuget`). | | libraries | purl [*required*] | string | The Package URL (PURL) uniquely identifying the library and its version. | | libraries | target_frameworks | [string] | The list of target framework identifiers associated with the library. | | attributes | resource_name [*required*] | string | The name of the resource (typically the repository or project name) being scanned. | | data | id | string | An optional identifier for this scan request. | | data | type [*required*] | enum | The type identifier for MCP SCA scan requests. Allowed enum values: `mcpscanrequest` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "commit_hash": "0e9fc8de83eaabecd722e1cd0ed44fb489fe15fc", "libraries": [ { "exclusions": [], "is_dev": false, "is_direct": true, "package_manager": "nuget", "purl": "pkg:nuget/Newtonsoft.Json@13.0.1", "target_frameworks": [] } ], "resource_name": "my-org/my-repo" }, "id": "string", "type": "mcpscanrequest" } } ``` {% /tab %} ### Response {% tab title="202" %} Accepted {% tab title="Model" %} The top-level response object returned when an MCP SCA dependency scan request has been accepted. | Parent field | Field | Type | Description | | ------------ | ---------------------------- | ------ | ---------------------------------------------------------------------------------------------------------------------- | | | data [*required*] | object | The data object returned when a scan request has been accepted. | | data | attributes [*required*] | object | The attributes returned when a scan request has been accepted, containing the job identifier used to poll for results. | | attributes | job_id [*required*] | string | The job identifier assigned to the scan, used to retrieve the scan result. | | data | id [*required*] | string | The job identifier assigned to the scan. | | data | type [*required*] | enum | The type identifier for MCP SCA scan request responses. Allowed enum values: `mcpscanrequestresponse` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "job_id": "0190a3d4-1234-7000-8000-000000000000" }, "id": "0190a3d4-1234-7000-8000-000000000000", "type": "mcpscanrequestresponse" } } ``` {% /tab %} {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} API error response. | Parent field | Field | Type | Description | | ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- | | | errors [*required*] | [object] | A list of errors. | | errors | detail | string | A human-readable explanation specific to this occurrence of the error. | | errors | meta | object | Non-standard meta-information about the error | | errors | source | object | References to the source of the error. | | source | header | string | A string indicating the name of a single request header which caused the error. | | source | parameter | string | A string indicating which URI query parameter caused the error. | | source | pointer | string | A JSON pointer to the value in the request document that caused the error. | | errors | status | string | Status code of the response. | | errors | title | string | Short human-readable summary of the error. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ { "detail": "Missing required attribute in body", "meta": {}, "source": { "header": "Authorization", "parameter": "limit", "pointer": "/data/attributes/title" }, "status": "400", "title": "Bad Request" } ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \## default # \# Curl command curl -X POST "https://api.datadoghq.com/api/v2/static-analysis-sca/dependencies/scan" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "commit_hash": "0e9fc8de83eaabecd722e1cd0ed44fb489fe15fc", "libraries": [ { "exclusions": [], "is_dev": false, "is_direct": true, "package_manager": "nuget", "purl": "pkg:nuget/Newtonsoft.Json@13.0.1", "target_frameworks": [ "net8.0" ] } ], "resource_name": "my-org/my-repo" }, "type": "mcpscanrequest" } } EOF ##### ```python """ Submit libraries for vulnerability scanning returns "Accepted" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.static_analysis_api import StaticAnalysisApi from datadog_api_client.v2.model.mcp_scan_request import McpScanRequest from datadog_api_client.v2.model.mcp_scan_request_data import McpScanRequestData from datadog_api_client.v2.model.mcp_scan_request_data_attributes import McpScanRequestDataAttributes from datadog_api_client.v2.model.mcp_scan_request_data_attributes_libraries_items import ( McpScanRequestDataAttributesLibrariesItems, ) from datadog_api_client.v2.model.mcp_scan_request_data_type import McpScanRequestDataType body = McpScanRequest( data=McpScanRequestData( attributes=McpScanRequestDataAttributes( commit_hash="0e9fc8de83eaabecd722e1cd0ed44fb489fe15fc", libraries=[ McpScanRequestDataAttributesLibrariesItems( exclusions=[], is_dev=False, is_direct=True, package_manager="nuget", purl="pkg:nuget/Newtonsoft.Json@13.0.1", target_frameworks=[], ), ], resource_name="my-org/my-repo", ), type=McpScanRequestDataType.MCPSCANREQUEST, ), ) configuration = Configuration() configuration.unstable_operations["create_sca_scan"] = True with ApiClient(configuration) as api_client: api_instance = StaticAnalysisApi(api_client) response = api_instance.create_sca_scan(body=body) print(response) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" python3 "example.py" ##### ```ruby # Submit libraries for vulnerability scanning returns "Accepted" response require "datadog_api_client" DatadogAPIClient.configure do |config| config.unstable_operations["v2.create_sca_scan".to_sym] = true end api_instance = DatadogAPIClient::V2::StaticAnalysisAPI.new body = DatadogAPIClient::V2::McpScanRequest.new({ data: DatadogAPIClient::V2::McpScanRequestData.new({ attributes: DatadogAPIClient::V2::McpScanRequestDataAttributes.new({ commit_hash: "0e9fc8de83eaabecd722e1cd0ed44fb489fe15fc", libraries: [ DatadogAPIClient::V2::McpScanRequestDataAttributesLibrariesItems.new({ exclusions: [], is_dev: false, is_direct: true, package_manager: "nuget", purl: "pkg:nuget/Newtonsoft.Json@13.0.1", target_frameworks: [], }), ], resource_name: "my-org/my-repo", }), type: DatadogAPIClient::V2::McpScanRequestDataType::MCPSCANREQUEST, }), }) p api_instance.create_sca_scan(body) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" rb "example.rb" ##### ```go // Submit libraries for vulnerability scanning returns "Accepted" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { body := datadogV2.McpScanRequest{ Data: datadogV2.McpScanRequestData{ Attributes: datadogV2.McpScanRequestDataAttributes{ CommitHash: "0e9fc8de83eaabecd722e1cd0ed44fb489fe15fc", Libraries: []datadogV2.McpScanRequestDataAttributesLibrariesItems{ { Exclusions: []string{}, IsDev: false, IsDirect: true, PackageManager: "nuget", Purl: "pkg:nuget/Newtonsoft.Json@13.0.1", TargetFrameworks: []string{}, }, }, ResourceName: "my-org/my-repo", }, Type: datadogV2.MCPSCANREQUESTDATATYPE_MCPSCANREQUEST, }, } ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() configuration.SetUnstableOperationEnabled("v2.CreateSCAScan", true) apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewStaticAnalysisApi(apiClient) resp, r, err := api.CreateSCAScan(ctx, body) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `StaticAnalysisApi.CreateSCAScan`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `StaticAnalysisApi.CreateSCAScan`:\n%s\n", responseContent) } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" go run "main.go" ##### ```java // Submit libraries for vulnerability scanning returns "Accepted" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.StaticAnalysisApi; import com.datadog.api.client.v2.model.McpScanRequest; import com.datadog.api.client.v2.model.McpScanRequestData; import com.datadog.api.client.v2.model.McpScanRequestDataAttributes; import com.datadog.api.client.v2.model.McpScanRequestDataAttributesLibrariesItems; import com.datadog.api.client.v2.model.McpScanRequestDataType; import com.datadog.api.client.v2.model.McpScanRequestResponse; import java.util.Collections; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); defaultClient.setUnstableOperationEnabled("v2.createSCAScan", true); StaticAnalysisApi apiInstance = new StaticAnalysisApi(defaultClient); McpScanRequest body = new McpScanRequest() .data( new McpScanRequestData() .attributes( new McpScanRequestDataAttributes() .commitHash("0e9fc8de83eaabecd722e1cd0ed44fb489fe15fc") .libraries( Collections.singletonList( new McpScanRequestDataAttributesLibrariesItems() .isDev(false) .isDirect(true) .packageManager("nuget") .purl("pkg:nuget/Newtonsoft.Json@13.0.1"))) .resourceName("my-org/my-repo")) .type(McpScanRequestDataType.MCPSCANREQUEST)); try { McpScanRequestResponse result = apiInstance.createSCAScan(body); System.out.println(result); } catch (ApiException e) { System.err.println("Exception when calling StaticAnalysisApi#createSCAScan"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" java "Example.java" ##### ```rust // Submit libraries for vulnerability scanning returns "Accepted" response use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_static_analysis::StaticAnalysisAPI; use datadog_api_client::datadogV2::model::McpScanRequest; use datadog_api_client::datadogV2::model::McpScanRequestData; use datadog_api_client::datadogV2::model::McpScanRequestDataAttributes; use datadog_api_client::datadogV2::model::McpScanRequestDataAttributesLibrariesItems; use datadog_api_client::datadogV2::model::McpScanRequestDataType; #[tokio::main] async fn main() { let body = McpScanRequest::new(McpScanRequestData::new( McpScanRequestDataAttributes::new( "0e9fc8de83eaabecd722e1cd0ed44fb489fe15fc".to_string(), vec![McpScanRequestDataAttributesLibrariesItems::new( false, true, "nuget".to_string(), "pkg:nuget/Newtonsoft.Json@13.0.1".to_string(), ) .exclusions(vec![]) .target_frameworks(vec![])], "my-org/my-repo".to_string(), ), McpScanRequestDataType::MCPSCANREQUEST, )); let mut configuration = datadog::Configuration::new(); configuration.set_unstable_operation_enabled("v2.CreateSCAScan", true); let api = StaticAnalysisAPI::with_config(configuration); let resp = api.create_sca_scan(body).await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" cargo run ##### ```typescript /** * Submit libraries for vulnerability scanning returns "Accepted" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); configuration.unstableOperations["v2.createSCAScan"] = true; const apiInstance = new v2.StaticAnalysisApi(configuration); const params: v2.StaticAnalysisApiCreateSCAScanRequest = { body: { data: { attributes: { commitHash: "0e9fc8de83eaabecd722e1cd0ed44fb489fe15fc", libraries: [ { exclusions: [], isDev: false, isDirect: true, packageManager: "nuget", purl: "pkg:nuget/Newtonsoft.Json@13.0.1", targetFrameworks: [], }, ], resourceName: "my-org/my-repo", }, type: "mcpscanrequest", }, }, }; apiInstance .createSCAScan(params) .then((data: v2.McpScanRequestResponse) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" tsc "example.ts" {% /tab %}