Language

English Français 日本語 한국어 Español

Datadog Site

Site help
US1 US3 US5 EU AP1 AP2 US1-FED US2-FED

Submit libraries for vulnerability scanning

Note: This endpoint is in preview and is subject to change. If you have any feedback, contact Datadog support.

POST https://api.ap1.datadoghq.com/api/v2/static-analysis-sca/dependencies/scanhttps://api.ap2.datadoghq.com/api/v2/static-analysis-sca/dependencies/scanhttps://api.datadoghq.eu/api/v2/static-analysis-sca/dependencies/scanhttps://api.ddog-gov.com/api/v2/static-analysis-sca/dependencies/scanhttps://api.us2.ddog-gov.com/api/v2/static-analysis-sca/dependencies/scanhttps://api.datadoghq.com/api/v2/static-analysis-sca/dependencies/scanhttps://api.us3.datadoghq.com/api/v2/static-analysis-sca/dependencies/scanhttps://api.us5.datadoghq.com/api/v2/static-analysis-sca/dependencies/scan

Overview

OAuth apps require the code_analysis_read authorization scope to access this endpoint.

Request

Body Data (required)

Expand All

Field

Type

Description

data [required]

object

The data object in an MCP SCA scan request, containing the scan attributes and request type.

attributes [required]

object

The attributes of an MCP SCA scan request, describing the libraries to scan and their context.

commit_hash [required]

string

The commit hash of the source code being scanned.

libraries [required]

[object]

The list of libraries to scan for vulnerabilities.

exclusions

[string]

The list of dependency PURLs to exclude when resolving transitive dependencies for this library.

is_dev [required]

boolean

Whether this library is a development-only dependency.

is_direct [required]

boolean

Whether this library is a direct (rather than transitive) dependency.

package_manager [required]

string

The package manager that produced this library entry (for example, npm, pip, nuget).

purl [required]

string

The Package URL (PURL) uniquely identifying the library and its version.

target_frameworks

[string]

The list of target framework identifiers associated with the library.

resource_name [required]

string

The name of the resource (typically the repository or project name) being scanned.

id

string

An optional identifier for this scan request.

type [required]

enum

The type identifier for MCP SCA scan requests. Allowed enum values: mcpscanrequest

default: mcpscanrequest

{
  "data": {
    "attributes": {
      "commit_hash": "0e9fc8de83eaabecd722e1cd0ed44fb489fe15fc",
      "libraries": [
        {
          "exclusions": [],
          "is_dev": false,
          "is_direct": true,
          "package_manager": "nuget",
          "purl": "pkg:nuget/Newtonsoft.Json@13.0.1",
          "target_frameworks": []
        }
      ],
      "resource_name": "my-org/my-repo"
    },
    "id": "string",
    "type": "mcpscanrequest"
  }
}

Response

Accepted

The top-level response object returned when an MCP SCA dependency scan request has been accepted.

Expand All

Field

Type

Description

data [required]

object

The data object returned when a scan request has been accepted.

attributes [required]

object

The attributes returned when a scan request has been accepted, containing the job identifier used to poll for results.

job_id [required]

string

The job identifier assigned to the scan, used to retrieve the scan result.

id [required]

string

The job identifier assigned to the scan.

type [required]

enum

The type identifier for MCP SCA scan request responses. Allowed enum values: mcpscanrequestresponse

default: mcpscanrequestresponse

{
  "data": {
    "attributes": {
      "job_id": "0190a3d4-1234-7000-8000-000000000000"
    },
    "id": "0190a3d4-1234-7000-8000-000000000000",
    "type": "mcpscanrequestresponse"
  }
}

Bad Request

API error response.

Expand All

Field

Type

Description

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

meta

object

Non-standard meta-information about the error

source

object

References to the source of the error.

header

string

A string indicating the name of a single request header which caused the error.

parameter

string

A string indicating which URI query parameter caused the error.

pointer

string

A JSON pointer to the value in the request document that caused the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Too many requests

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example

                  ## default
# 

# Curl command
curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/static-analysis-sca/dependencies/scan" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "commit_hash": "0e9fc8de83eaabecd722e1cd0ed44fb489fe15fc",
      "libraries": [
        {
          "exclusions": [],
          "is_dev": false,
          "is_direct": true,
          "package_manager": "nuget",
          "purl": "pkg:nuget/Newtonsoft.Json@13.0.1",
          "target_frameworks": [
            "net8.0"
          ]
        }
      ],
      "resource_name": "my-org/my-repo"
    },
    "type": "mcpscanrequest"
  }
}
EOF