Ce produit n'est pas pris en charge par le site Datadog que vous avez sélectionné. ().
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

The API Findings explorer provides a central triage view of the API risks detected across your definitions, gateways, and live traffic. Default rules detect common vulnerabilities and misconfigurations. You can also add custom rules for specific use cases.

API Findings columns:

  • Severity: Each issue is ranked by risk.
  • Endpoints: Shows how many endpoints are affected and their services.
  • Status and Ticketing: Open or In Progress tracks remediation progress and workflow integration.

Use the Service facet to see each service’s endpoints to identify ownership and prioritize by business impact.

Common operations

Click a finding to view its details and perform a workflow such as Validate > Investigate > Fix > Track:

  1. Validate:
    • Review What Happened and Detected In to confirm the detection is accurate (service, endpoint, method).
    • In Next Steps, choose whether to Mute, Create Ticket, or Run Workflow depending on ownership and impact.
  2. Investigate:
    • Use the Context tab to examine the endpoint snapshot and attributes (method, path, authentication flags, tags).
    • Detected In provides information for routing ownership and remediation.
    • In Detection Rule Query, you can edit an API finding rule by clicking See Detection Rule.
  3. Fix:
    • Follow the guidance under Remediation.
  4. Track:
    • Use Create Ticket to link the issue to your tracking system.
    • Use Reference Links for developer education or code review.

Remediation

Datadog API Posture uses Bits Code to generate code fixes for vulnerabilities.

  1. In Datadog, navigate to Security > App & API Protection > Findings.
  2. Select a finding to open a side panel with details about the finding and the affected endpoint.
  3. In the Next Steps > Remediation section, click Fix with Bits.

This opens a Bits Code session to fix this single API finding. You can review the proposed diff, ask follow-up questions, edit the patch, and create a pull request to apply the remediation to your source code repository. View all Bits Code sessions on Bits AI > Bits Code > Sessions.

Remediation session details

Each Bits Code session shows the life cycle of an AI-generated fix so you can review and validate changes before merging. It includes:

  • The original security finding and proposed code change
  • An explanation of how and why Bits Code generated the fix
  • CI results (if enabled) to validate the patch is safe to deploy
  • Options to refine the fix or Create PR to apply the changes to your source code repository

To open the remediation session, select the API finding from the Findings page to open the side panel, scroll to the Remediation section, and select Expand & Chat.

You can also view all remediation sessions on Sessions.