Skip to content

Merge agentless scanning params into single AgentlessVulnerabilityScanning #280

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
k3nz0 merged 2 commits into from
Feb 26, 2026
Merged

Merge agentless scanning params into single AgentlessVulnerabilityScanning #280

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
efa0962
Merge agentless scanning params into single AgentlessVulnerabilitySca…
k3nz0 Feb 24, 2026
524be52
Bump quickstart version from v4.6.0 to v4.6.1
k3nz0 Feb 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 4 additions & 6 deletions aws_quickstart/datadog_agentless_api_call.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,7 @@ def call_datadog_agentless_api(context, event, method):
app_key = event["ResourceProperties"]["APPKey"]
dd_site = event["ResourceProperties"]["DatadogSite"]
account_id = event["ResourceProperties"]["AccountId"]
hosts = event["ResourceProperties"]["Hosts"]
containers = event["ResourceProperties"]["Containers"]
lambdas = event["ResourceProperties"]["Lambdas"]
vulnerability_scanning = event["ResourceProperties"]["VulnerabilityScanning"]
sensitive_data = event["ResourceProperties"]["SensitiveData"]
# Optional parameters
launch_template_id = event["ResourceProperties"].get("LaunchTemplateId")
Expand Down Expand Up @@ -76,9 +74,9 @@ def call_datadog_agentless_api(context, event, method):
"id": account_id,
"type": "aws_scan_options",
"attributes": {
"vuln_containers_os": containers == "true",
"vuln_host_os": hosts == "true",
"lambda": lambdas == "true",
"vuln_containers_os": vulnerability_scanning == "true",
"vuln_host_os": vulnerability_scanning == "true",
"lambda": vulnerability_scanning == "true",
"sensitive_data": sensitive_data == "true",
},
},
Expand Down
4 changes: 1 addition & 3 deletions aws_quickstart/datadog_agentless_api_call_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,7 @@ def setUp(self):
"APPKey": "0123456789abcdef0123456789abcdef12345678",
"DatadogSite": "datadoghq.com",
"AccountId": "123456789012",
"Hosts": "true",
"Containers": "false",
"Lambdas": "true",
"VulnerabilityScanning": "true",
"SensitiveData": "false",
},
"StackId": "arn:aws:cloudformation:us-east-1:358251252154:stack/DatadogAgentlessIntegration/22b23bca-de8b-451c-99e4-c69b9ad20ec7",
Expand Down
24 changes: 3 additions & 21 deletions aws_quickstart/datadog_agentless_delegate_role.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,28 +32,12 @@ Parameters:
- ap1.datadoghq.com
- ap2.datadoghq.com

AgentlessHostScanning:
AgentlessVulnerabilityScanning:
Type: String
AllowedValues:
- true
- false
Description: Enable Agentless Scanning of host vulnerabilities.
Default: false

AgentlessContainerScanning:
Type: String
AllowedValues:
- true
- false
Description: Enable Agentless Scanning of container vulnerabilities.
Default: false

AgentlessLambdaScanning:
Type: String
AllowedValues:
- true
- false
Description: Enable Agentless Scanning of Lambda vulnerabilities.
Description: Enable Agentless Vulnerability Scanning (hosts, containers, and Lambda functions).
Default: false

AgentlessSensitiveDataScanning:
Expand Down Expand Up @@ -353,9 +337,7 @@ Resources:
APPKey: !Ref "DatadogAPPKey"
DatadogSite: !Ref "DatadogSite"
AccountId: !Ref "AWS::AccountId"
Hosts: !Ref "AgentlessHostScanning"
Containers: !Ref "AgentlessContainerScanning"
Lambdas: !Ref "AgentlessLambdaScanning"
VulnerabilityScanning: !Ref "AgentlessVulnerabilityScanning"
SensitiveData: !Ref "AgentlessSensitiveDataScanning"
IntegrationRoleName: !Ref "DatadogIntegrationRoleName"
Partition: !Ref "AWS::Partition"
Expand Down
4 changes: 1 addition & 3 deletions aws_quickstart/datadog_agentless_delegate_role_stackset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -321,9 +321,7 @@ Resources:
APPKey: !Ref "DatadogAPPKey"
DatadogSite: !Ref "DatadogSite"
AccountId: !Ref "AWS::AccountId"
Hosts: !Ref "AgentlessVulnerabilityScanning"
Containers: !Ref "AgentlessVulnerabilityScanning"
Lambdas: !Ref "AgentlessVulnerabilityScanning"
VulnerabilityScanning: !Ref "AgentlessVulnerabilityScanning"
SensitiveData: !Ref "AgentlessSensitiveDataScanning"
IntegrationRoleName: !Ref "DatadogIntegrationRoleName"
Partition: !Ref "AWS::Partition"
Expand Down
38 changes: 6 additions & 32 deletions aws_quickstart/datadog_agentless_scanning.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,31 +26,13 @@ Parameters:
Description: Your current AWS account ID for stack deployment
AllowedPattern: "^[0-9]{12}$"

AgentlessHostScanning:
AgentlessVulnerabilityScanning:
Type: String
AllowedValues:
- true
- false
Description: >-
Enable Agentless Scanning of host vulnerabilities.
Default: false

AgentlessContainerScanning:
Type: String
AllowedValues:
- true
- false
Description: >-
Enable Agentless Scanning of container vulnerabilities.
Default: false

AgentlessLambdaScanning:
Type: String
AllowedValues:
- true
- false
Description: >-
Enable Agentless Scanning of Lambda vulnerabilities.
Enable Agentless Vulnerability Scanning (hosts, containers, and Lambda functions).
Default: false

AgentlessSensitiveDataScanning:
Expand Down Expand Up @@ -1074,9 +1056,7 @@ Resources:
APPKey: !Ref "DatadogAPPKey"
DatadogSite: !Ref "DatadogSite"
AccountId: !Ref "AWS::AccountId"
Hosts: !Ref "AgentlessHostScanning"
Containers: !Ref "AgentlessContainerScanning"
Lambdas: !Ref "AgentlessLambdaScanning"
VulnerabilityScanning: !Ref "AgentlessVulnerabilityScanning"
SensitiveData: !Ref "AgentlessSensitiveDataScanning"
IntegrationRoleName: !Ref "DatadogIntegrationRoleName"
Partition: !Ref "AWS::Partition"
Expand Down Expand Up @@ -1117,9 +1097,7 @@ Metadata:
- DatadogIntegrationRoleName
- AccountId
- DatadogSite
- AgentlessHostScanning
- AgentlessContainerScanning
- AgentlessLambdaScanning
- AgentlessVulnerabilityScanning
- AgentlessSensitiveDataScanning
- Label:
default: Advanced
Expand Down Expand Up @@ -1148,11 +1126,7 @@ Metadata:
default: "AWS Account ID *"
DatadogSite:
default: "DatadogSite *"
AgentlessHostScanning:
default: "AgentlessHostScanning *"
AgentlessContainerScanning:
default: "AgentlessContainerScanning *"
AgentlessLambdaScanning:
default: "AgentlessLambdaScanning *"
AgentlessVulnerabilityScanning:
default: "AgentlessVulnerabilityScanning *"
AgentlessSensitiveDataScanning:
default: "AgentlessSensitiveDataScanning *"
52 changes: 8 additions & 44 deletions aws_quickstart/main_extended.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,29 +87,13 @@ Parameters:
Datadog CSPM is a product that automatically detects resource misconfigurations in your AWS account according to
industry benchmarks. More info: https://www.datadoghq.com/product/security-platform/cloud-security-posture-management/
Default: false
AgentlessHostScanning:
AgentlessVulnerabilityScanning:
Type: String
AllowedValues:
- true
- false
Description: >-
Enable Agentless Scanning of host vulnerabilities.
Default: false
AgentlessContainerScanning:
Type: String
AllowedValues:
- true
- false
Description: >-
Enable Agentless Scanning of container vulnerabilities.
Default: false
AgentlessLambdaScanning:
Type: String
AllowedValues:
- true
- false
Description: >-
Enable Agentless Scanning of Lambda vulnerabilities.
Enable Agentless Vulnerability Scanning (hosts, containers, and Lambda functions).
Default: false
AgentlessSensitiveDataScanning:
Type: String
Expand Down Expand Up @@ -152,13 +136,7 @@ Rules:
- 'true'
- Fn::Or:
- Fn::Equals:
- Ref: AgentlessHostScanning
- 'true'
- Fn::Equals:
- Ref: AgentlessContainerScanning
- 'true'
- Fn::Equals:
- Ref: AgentlessLambdaScanning
- Ref: AgentlessVulnerabilityScanning
- 'true'
- Fn::Equals:
- Ref: AgentlessSensitiveDataScanning
Expand All @@ -181,13 +159,7 @@ Conditions:
- ddog-gov.com
- Fn::Or:
- Fn::Equals:
- !Ref AgentlessHostScanning
- true
- Fn::Equals:
- !Ref AgentlessContainerScanning
- true
- Fn::Equals:
- !Ref AgentlessLambdaScanning
- !Ref AgentlessVulnerabilityScanning
- true
- Fn::Equals:
- !Ref AgentlessSensitiveDataScanning
Expand Down Expand Up @@ -229,9 +201,7 @@ Resources:
DatadogAPPKey: !Ref APPKey
DatadogSite: !Ref DatadogSite
AccountId: !Ref AWS::AccountId
AgentlessHostScanning: !Ref AgentlessHostScanning
AgentlessContainerScanning: !Ref AgentlessContainerScanning
AgentlessLambdaScanning: !Ref AgentlessLambdaScanning
AgentlessVulnerabilityScanning: !Ref AgentlessVulnerabilityScanning
AgentlessSensitiveDataScanning: !Ref AgentlessSensitiveDataScanning
ScannerDelegateRoleName: !Ref ScannerDelegateRoleName
ScannerInstanceRoleARN: !If [IsCrossAccountScanning, !Join [",", !Ref "ScannerInstanceRoleARN"], !Ref "AWS::NoValue"]
Expand Down Expand Up @@ -311,9 +281,7 @@ Metadata:
- DatadogSite
- InstallLambdaLogForwarder
- CloudSecurityPostureManagement
- AgentlessHostScanning
- AgentlessContainerScanning
- AgentlessLambdaScanning
- AgentlessVulnerabilityScanning
- AgentlessSensitiveDataScanning
- Label:
default: Advanced
Expand All @@ -331,12 +299,8 @@ Metadata:
default: "DatadogSite *"
CloudSecurityPostureManagement:
default: "CloudSecurityPostureManagement *"
AgentlessHostScanning:
default: "AgentlessHostScanning *"
AgentlessContainerScanning:
default: "AgentlessContainerScanning *"
AgentlessLambdaScanning:
default: "AgentlessLambdaScanning *"
AgentlessVulnerabilityScanning:
default: "AgentlessVulnerabilityScanning *"
AgentlessSensitiveDataScanning:
default: "AgentlessSensitiveDataScanning *"
InstallLambdaLogForwarder:
Expand Down
52 changes: 8 additions & 44 deletions aws_quickstart/main_extended_workflow.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,29 +97,13 @@ Parameters:
Datadog CSPM is a product that automatically detects resource misconfigurations in your AWS account according to
industry benchmarks. More info: https://www.datadoghq.com/product/security-platform/cloud-security-posture-management/
Default: false
AgentlessHostScanning:
AgentlessVulnerabilityScanning:
Type: String
AllowedValues:
- true
- false
Description: >-
Enable Agentless Scanning of host vulnerabilities.
Default: false
AgentlessContainerScanning:
Type: String
AllowedValues:
- true
- false
Description: >-
Enable Agentless Scanning of container vulnerabilities.
Default: false
AgentlessLambdaScanning:
Type: String
AllowedValues:
- true
- false
Description: >-
Enable Agentless Scanning of Lambda vulnerabilities.
Enable Agentless Vulnerability Scanning (hosts, containers, and Lambda functions).
Default: false
AgentlessSensitiveDataScanning:
Type: String
Expand Down Expand Up @@ -172,13 +156,7 @@ Rules:
- 'true'
- Fn::Or:
- Fn::Equals:
- Ref: AgentlessHostScanning
- 'true'
- Fn::Equals:
- Ref: AgentlessContainerScanning
- 'true'
- Fn::Equals:
- Ref: AgentlessLambdaScanning
- Ref: AgentlessVulnerabilityScanning
- 'true'
- Fn::Equals:
- Ref: AgentlessSensitiveDataScanning
Expand All @@ -204,13 +182,7 @@ Conditions:
- ddog-gov.com
- Fn::Or:
- Fn::Equals:
- !Ref AgentlessHostScanning
- true
- Fn::Equals:
- !Ref AgentlessContainerScanning
- true
- Fn::Equals:
- !Ref AgentlessLambdaScanning
- !Ref AgentlessVulnerabilityScanning
- true
- Fn::Equals:
- !Ref AgentlessSensitiveDataScanning
Expand Down Expand Up @@ -575,9 +547,7 @@ Resources:
DatadogAPPKey: !Ref APPKey
DatadogSite: !Ref DatadogSite
AccountId: !Ref AWS::AccountId
AgentlessHostScanning: !Ref AgentlessHostScanning
AgentlessContainerScanning: !Ref AgentlessContainerScanning
AgentlessLambdaScanning: !Ref AgentlessLambdaScanning
AgentlessVulnerabilityScanning: !Ref AgentlessVulnerabilityScanning
AgentlessSensitiveDataScanning: !Ref AgentlessSensitiveDataScanning
ScannerDelegateRoleName: !Ref ScannerDelegateRoleName
ScannerInstanceRoleARN: !If [IsCrossAccountScanning, !Join [",", !Ref "ScannerInstanceRoleARN"], !Ref "AWS::NoValue"]
Expand Down Expand Up @@ -730,9 +700,7 @@ Metadata:
- ExternalId
- InstallLambdaLogForwarder
- CloudSecurityPostureManagement
- AgentlessHostScanning
- AgentlessContainerScanning
- AgentlessLambdaScanning
- AgentlessVulnerabilityScanning
- AgentlessSensitiveDataScanning
- Label:
default: Advanced
Expand All @@ -754,12 +722,8 @@ Metadata:
default: "ExternalId *"
CloudSecurityPostureManagement:
default: "CloudSecurityPostureManagement *"
AgentlessHostScanning:
default: "AgentlessHostScanning *"
AgentlessContainerScanning:
default: "AgentlessContainerScanning *"
AgentlessLambdaScanning:
default: "AgentlessLambdaScanning *"
AgentlessVulnerabilityScanning:
default: "AgentlessVulnerabilityScanning *"
AgentlessSensitiveDataScanning:
default: "AgentlessSensitiveDataScanning *"
InstallLambdaLogForwarder:
Expand Down
4 changes: 1 addition & 3 deletions aws_quickstart/taskcat/.taskcat_extended.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,5 @@ tests:
DisableMetricCollection: "false"
CloudSecurityPostureManagement: "false"
DisableResourceCollection: "false"
AgentlessHostScanning: "true"
AgentlessContainerScanning: "true"
AgentlessLambdaScanning: "true"
AgentlessVulnerabilityScanning: "true"
AgentlessSensitiveDataScanning: "true"
2 changes: 1 addition & 1 deletion aws_quickstart/version.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
v4.6.3
v4.6.4
Loading