Skip to content

Merge agentless scanning params into single AgentlessVulnerabilityScanning#280

Merged
k3nz0 merged 2 commits intomasterfrom
moez/merge-agentless-scanning-params
Feb 26, 2026
Merged

Merge agentless scanning params into single AgentlessVulnerabilityScanning#280
k3nz0 merged 2 commits intomasterfrom
moez/merge-agentless-scanning-params

Conversation

@k3nz0
Copy link
Member

@k3nz0 k3nz0 commented Feb 24, 2026
edited
Loading

Motivation

Most customers enable everything, keeping options as they are pre-filled.
By exposing less params, we simplify a bit the CloudFormation template.
It's more consistent with the AWS Side Panel view of the settings page where the 3 options are toggled together.
Prepares the ground for adding a new AgentlessComplianceScanning (not sure about the naming) for CSPM Agentless. (<- we remain consistent with the AWS side panel view, given that we plan to add a tile there too!)

Summary

  • Replaces three separate parameters (AgentlessHostScanning, AgentlessContainerScanning, AgentlessLambdaScanning) with a single AgentlessVulnerabilityScanning parameter across all CloudFormation templates
  • Updates the Lambda function (datadog_agentless_api_call.py) to fan out the single value to the three fine-grained API attributes (vuln_host_os, vuln_containers_os, lambda) that the Datadog API expects
  • Simplifies Fn::Or conditions and rules in main_extended.yaml and main_extended_workflow.yaml from 4 branches to 2
  • Aligns datadog_agentless_delegate_role_stackset.yaml custom resource with the new Lambda interface (single VulnerabilityScanning property instead of three)

Test plan

  • All 16 unit tests pass (python3 -m unittest datadog_agentless_api_call_test -v)
  • Grep confirms zero remaining references to AgentlessHostScanning, AgentlessContainerScanning, or AgentlessLambdaScanning
  • Deploy stack and verify agentless scanning activation via Datadog API

🤖 Generated with Claude Code

@k3nz0 k3nz0 requested review from a team as code owners February 24, 2026 15:24
mohamed-challal
mohamed-challal approved these changes Feb 24, 2026
View reviewed changes
Copy link
Contributor

@mohamed-challal mohamed-challal left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, could you add the motivation of the change in the description to keep track?

@k3nz0
Copy link
Member Author

k3nz0 commented Feb 24, 2026

LGTM, could you add the motivation of the change in the description to keep track?

Added to the PR description!

@k3nz0 k3nz0 force-pushed the moez/merge-agentless-scanning-params branch from d3f04ab to f9e4023 Compare February 25, 2026 12:39
ksirrah13
ksirrah13 approved these changes Feb 25, 2026
View reviewed changes
Copy link

@ksirrah13 ksirrah13 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❓question(nonblocking): Won't updating the parameters here cause it to break for customers using this to set those previous parameters? Or how is this template used right now and will there be followup changes to update how these parameters are being set?

@k3nz0
Copy link
Member Author

k3nz0 commented Feb 25, 2026

❓question(nonblocking): Won't updating the parameters here cause it to break for customers using this to set those previous parameters? Or how is this template used right now and will there be followup changes to update how these parameters are being set?

Right now this is not something that is controllable from Datadog UI as the 3 toggles are already bundled in one.
Most of our customers keep the same values as they are. For the small subset of customers that want fine-grained controls it's still updatable through the API.

@k3nz0 k3nz0 force-pushed the moez/merge-agentless-scanning-params branch from f9e4023 to d134e89 Compare February 26, 2026 12:05
k3nz0 and others added 2 commits February 26, 2026 17:01
@k3nz0 @claude
Merge agentless scanning params into single AgentlessVulnerabilitySca…
efa0962 
…nning

Replace AgentlessHostScanning, AgentlessContainerScanning, and AgentlessLambdaScanning
with a single AgentlessVulnerabilityScanning parameter. The Lambda function fans out the
single value to the three fine-grained API attributes (vuln_host_os, vuln_containers_os,
lambda) that the Datadog API expects.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@k3nz0 @claude
Bump quickstart version from v4.6.0 to v4.6.1
524be52 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@k3nz0 k3nz0 force-pushed the moez/merge-agentless-scanning-params branch from d134e89 to 524be52 Compare February 26, 2026 16:03
@k3nz0 k3nz0 requested a review from a team as a code owner February 26, 2026 16:03
@k3nz0 k3nz0 merged commit 175fcb0 into master Feb 26, 2026
6 checks passed
@k3nz0 k3nz0 deleted the moez/merge-agentless-scanning-params branch February 26, 2026 16:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ksirrah13 ksirrah13 ksirrah13 approved these changes

@mohamed-challal mohamed-challal mohamed-challal approved these changes

Assignees

No one assigned

Labels

mergequeue-status: error

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@k3nz0 @ksirrah13 @mohamed-challal