Skip to content

[K9VULN-12046] Add compliance_host option for Agentless Scanning#285

Merged
ktmq merged 5 commits intomasterfrom
antoine.valette/K9VULN-12046
Mar 9, 2026
Merged

[K9VULN-12046] Add compliance_host option for Agentless Scanning#285
ktmq merged 5 commits intomasterfrom
antoine.valette/K9VULN-12046

Conversation

@Valette-DataDog
Copy link
Contributor

@Valette-DataDog Valette-DataDog commented Mar 2, 2026
edited
Loading

Summary

  • Adds AgentlessComplianceHostScanning parameter to all agentless CloudFormation templates (datadog_agentless_scanning.yaml, datadog_agentless_delegate_role.yaml, datadog_agentless_delegate_role_stackset.yaml, main_extended.yaml, main_extended_workflow.yaml).
  • Passes the new ComplianceHost property through the custom resource Lambda to the Datadog API as compliance_host in the scan options payload.
  • Updates conditions, validation rules, and metadata in parent templates to include the new option.

Test plan

  • Unit tests pass (datadog_agentless_api_call_test.py -- 21 tests)
  • Deploy stack with AgentlessComplianceHostScanning: true and verify the API receives compliance_host: true
  • Deploy stack with AgentlessComplianceHostScanning: false (default) and verify the API receives compliance_host: false
  • Verify EnableAgentlessScanning condition activates when only AgentlessComplianceHostScanning is true

QA

Screenshot 2026-03-04 at 15 17 42

Made with Cursor

@Valette-DataDog
[K9VULN-12046] Add compliance_host option for Agentless Scanning
c3ed9a5 
Add AgentlessComplianceHostScanning parameter across all agentless
CloudFormation templates, mirroring the existing sensitive_data pattern.
The option flows from CFN parameters through the custom resource Lambda
to the Datadog API payload as compliance_host.

Made-with: Cursor
@Valette-DataDog Valette-DataDog requested review from a team as code owners March 2, 2026 20:53
k3nz0
k3nz0 approved these changes Mar 4, 2026
View reviewed changes
Copy link
Member

@k3nz0 k3nz0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! 🎉

@Valette-DataDog
Copy link
Contributor Author

Valette-DataDog commented Mar 5, 2026

/merge

@gh-worker-devflow-routing-ef8351
Copy link

gh-worker-devflow-routing-ef8351 bot commented Mar 5, 2026
edited
Loading

View all feedbacks in Devflow UI.

2026-03-05 13:11:52 UTC ℹ️ Start processing command /merge

2026-03-05 13:11:57 UTC ℹ️ MergeQueue: waiting for PR to be ready

This pull request is not mergeable according to GitHub. Common reasons include pending required checks, missing approvals, or merge conflicts — but it could also be blocked by other repository rules or settings.
It will be added to the queue as soon as checks pass and/or get approvals. View in MergeQueue UI.
Note: if you pushed new commits since the last approval, you may need additional approval.
You can remove it from the waiting list with /remove command.

2026-03-05 15:06:14 UTC ⚠️ MergeQueue: This merge request was unqueued

antoine.valette@datadoghq.com unqueued this merge request

@Valette-DataDog
Copy link
Contributor Author

Valette-DataDog commented Mar 5, 2026

/remove

@gh-worker-devflow-routing-ef8351
Copy link

gh-worker-devflow-routing-ef8351 bot commented Mar 5, 2026
edited
Loading

View all feedbacks in Devflow UI.

2026-03-05 16:11:48 UTC ℹ️ Start processing command /remove

2026-03-05 16:11:51 UTC ℹ️ Devflow: /remove

@Valette-DataDog
Copy link
Contributor Author

Valette-DataDog commented Mar 9, 2026

/remove

@gh-worker-devflow-routing-ef8351
Copy link

gh-worker-devflow-routing-ef8351 bot commented Mar 9, 2026
edited
Loading

View all feedbacks in Devflow UI.

2026-03-09 09:28:29 UTC ℹ️ Start processing command /remove

2026-03-09 09:28:32 UTC ℹ️ Devflow: /remove

@Valette-DataDog
Copy link
Contributor Author

Valette-DataDog commented Mar 9, 2026

/merge

@gh-worker-devflow-routing-ef8351
Copy link

gh-worker-devflow-routing-ef8351 bot commented Mar 9, 2026
edited
Loading

View all feedbacks in Devflow UI.

2026-03-09 09:43:21 UTC ℹ️ Start processing command /merge

2026-03-09 09:43:26 UTC ℹ️ MergeQueue: waiting for PR to be ready

This pull request is not mergeable according to GitHub. Common reasons include pending required checks, missing approvals, or merge conflicts — but it could also be blocked by other repository rules or settings.
It will be added to the queue as soon as checks pass and/or get approvals. View in MergeQueue UI.
Note: if you pushed new commits since the last approval, you may need additional approval.
You can remove it from the waiting list with /remove command.

2026-03-09 10:20:56 UTC ⚠️ MergeQueue: This merge request was unqueued

antoine.valette@datadoghq.com unqueued this merge request

@Valette-DataDog
Copy link
Contributor Author

Valette-DataDog commented Mar 9, 2026

/remove

@gh-worker-devflow-routing-ef8351
Copy link

gh-worker-devflow-routing-ef8351 bot commented Mar 9, 2026
edited
Loading

View all feedbacks in Devflow UI.

2026-03-09 10:20:51 UTC ℹ️ Start processing command /remove

2026-03-09 10:20:54 UTC ℹ️ Devflow: /remove

@ktmq ktmq merged commit 934e778 into master Mar 9, 2026
5 checks passed
@ktmq ktmq deleted the antoine.valette/K9VULN-12046 branch March 9, 2026 10:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@k3nz0 k3nz0 k3nz0 approved these changes

@RaphaelAllier RaphaelAllier RaphaelAllier approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Valette-DataDog @k3nz0 @RaphaelAllier @ktmq