Alibaba Cloud v3.93.0 published on Tuesday, Jan 27, 2026 by Pulumi
Alibaba Cloud v3.93.0 published on Tuesday, Jan 27, 2026 by Pulumi
Provides a CR Scan Rule resource.
Artifact Scan Rule.
For information about CR Scan Rule and how to use it, see What is Scan Rule.
NOTE: Available since v1.265.0.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
const config = new pulumi.Config();
const name = config.get("name") || "terraform-example";
const default2Aqoce = new alicloud.cr.RegistryEnterpriseInstance("default2Aqoce", {
defaultOssBucket: "false",
renewalStatus: "ManualRenewal",
period: 1,
instanceName: "pl-example-2",
paymentType: "Subscription",
instanceType: "Basic",
});
const _default = new alicloud.cr.ScanRule("default", {
repoTagFilterPattern: ".*",
scanScope: "REPO",
triggerType: "MANUAL",
scanType: "VUL",
ruleName: name,
namespaces: ["aa"],
repoNames: [
"bb",
"cc",
"dd",
"ee",
],
instanceId: default2Aqoce.id,
});
import pulumi
import pulumi_alicloud as alicloud
config = pulumi.Config()
name = config.get("name")
if name is None:
name = "terraform-example"
default2_aqoce = alicloud.cr.RegistryEnterpriseInstance("default2Aqoce",
default_oss_bucket="false",
renewal_status="ManualRenewal",
period=1,
instance_name="pl-example-2",
payment_type="Subscription",
instance_type="Basic")
default = alicloud.cr.ScanRule("default",
repo_tag_filter_pattern=".*",
scan_scope="REPO",
trigger_type="MANUAL",
scan_type="VUL",
rule_name=name,
namespaces=["aa"],
repo_names=[
"bb",
"cc",
"dd",
"ee",
],
instance_id=default2_aqoce.id)
package main
import (
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/cr"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
name := "terraform-example"
if param := cfg.Get("name"); param != "" {
name = param
}
default2Aqoce, err := cr.NewRegistryEnterpriseInstance(ctx, "default2Aqoce", &cr.RegistryEnterpriseInstanceArgs{
DefaultOssBucket: pulumi.String("false"),
RenewalStatus: pulumi.String("ManualRenewal"),
Period: pulumi.Int(1),
InstanceName: pulumi.String("pl-example-2"),
PaymentType: pulumi.String("Subscription"),
InstanceType: pulumi.String("Basic"),
})
if err != nil {
return err
}
_, err = cr.NewScanRule(ctx, "default", &cr.ScanRuleArgs{
RepoTagFilterPattern: pulumi.String(".*"),
ScanScope: pulumi.String("REPO"),
TriggerType: pulumi.String("MANUAL"),
ScanType: pulumi.String("VUL"),
RuleName: pulumi.String(name),
Namespaces: pulumi.StringArray{
pulumi.String("aa"),
},
RepoNames: pulumi.StringArray{
pulumi.String("bb"),
pulumi.String("cc"),
pulumi.String("dd"),
pulumi.String("ee"),
},
InstanceId: default2Aqoce.ID(),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var name = config.Get("name") ?? "terraform-example";
var default2Aqoce = new AliCloud.CR.RegistryEnterpriseInstance("default2Aqoce", new()
{
DefaultOssBucket = "false",
RenewalStatus = "ManualRenewal",
Period = 1,
InstanceName = "pl-example-2",
PaymentType = "Subscription",
InstanceType = "Basic",
});
var @default = new AliCloud.CR.ScanRule("default", new()
{
RepoTagFilterPattern = ".*",
ScanScope = "REPO",
TriggerType = "MANUAL",
ScanType = "VUL",
RuleName = name,
Namespaces = new[]
{
"aa",
},
RepoNames = new[]
{
"bb",
"cc",
"dd",
"ee",
},
InstanceId = default2Aqoce.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.cr.RegistryEnterpriseInstance;
import com.pulumi.alicloud.cr.RegistryEnterpriseInstanceArgs;
import com.pulumi.alicloud.cr.ScanRule;
import com.pulumi.alicloud.cr.ScanRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var name = config.get("name").orElse("terraform-example");
var default2Aqoce = new RegistryEnterpriseInstance("default2Aqoce", RegistryEnterpriseInstanceArgs.builder()
.defaultOssBucket("false")
.renewalStatus("ManualRenewal")
.period(1)
.instanceName("pl-example-2")
.paymentType("Subscription")
.instanceType("Basic")
.build());
var default_ = new ScanRule("default", ScanRuleArgs.builder()
.repoTagFilterPattern(".*")
.scanScope("REPO")
.triggerType("MANUAL")
.scanType("VUL")
.ruleName(name)
.namespaces("aa")
.repoNames(
"bb",
"cc",
"dd",
"ee")
.instanceId(default2Aqoce.id())
.build());
}
}
configuration:
name:
type: string
default: terraform-example
resources:
default2Aqoce:
type: alicloud:cr:RegistryEnterpriseInstance
properties:
defaultOssBucket: 'false'
renewalStatus: ManualRenewal
period: '1'
instanceName: pl-example-2
paymentType: Subscription
instanceType: Basic
default:
type: alicloud:cr:ScanRule
properties:
repoTagFilterPattern: .*
scanScope: REPO
triggerType: MANUAL
scanType: VUL
ruleName: ${name}
namespaces:
- aa
repoNames:
- bb
- cc
- dd
- ee
instanceId: ${default2Aqoce.id}
📚 Need more examples? VIEW MORE EXAMPLES
Create ScanRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ScanRule(name: string, args: ScanRuleArgs, opts?: CustomResourceOptions);@overload
def ScanRule(resource_name: str,
args: ScanRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ScanRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
instance_id: Optional[str] = None,
repo_tag_filter_pattern: Optional[str] = None,
rule_name: Optional[str] = None,
scan_scope: Optional[str] = None,
scan_type: Optional[str] = None,
trigger_type: Optional[str] = None,
namespaces: Optional[Sequence[str]] = None,
repo_names: Optional[Sequence[str]] = None)func NewScanRule(ctx *Context, name string, args ScanRuleArgs, opts ...ResourceOption) (*ScanRule, error)public ScanRule(string name, ScanRuleArgs args, CustomResourceOptions? opts = null)
public ScanRule(String name, ScanRuleArgs args)
public ScanRule(String name, ScanRuleArgs args, CustomResourceOptions options)
type: alicloud:cr:ScanRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ScanRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ScanRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ScanRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ScanRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ScanRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var scanRuleResource = new AliCloud.CR.ScanRule("scanRuleResource", new()
{
InstanceId = "string",
RepoTagFilterPattern = "string",
RuleName = "string",
ScanScope = "string",
ScanType = "string",
TriggerType = "string",
Namespaces = new[]
{
"string",
},
RepoNames = new[]
{
"string",
},
});
example, err := cr.NewScanRule(ctx, "scanRuleResource", &cr.ScanRuleArgs{
InstanceId: pulumi.String("string"),
RepoTagFilterPattern: pulumi.String("string"),
RuleName: pulumi.String("string"),
ScanScope: pulumi.String("string"),
ScanType: pulumi.String("string"),
TriggerType: pulumi.String("string"),
Namespaces: pulumi.StringArray{
pulumi.String("string"),
},
RepoNames: pulumi.StringArray{
pulumi.String("string"),
},
})
var scanRuleResource = new ScanRule("scanRuleResource", ScanRuleArgs.builder()
.instanceId("string")
.repoTagFilterPattern("string")
.ruleName("string")
.scanScope("string")
.scanType("string")
.triggerType("string")
.namespaces("string")
.repoNames("string")
.build());
scan_rule_resource = alicloud.cr.ScanRule("scanRuleResource",
instance_id="string",
repo_tag_filter_pattern="string",
rule_name="string",
scan_scope="string",
scan_type="string",
trigger_type="string",
namespaces=["string"],
repo_names=["string"])
const scanRuleResource = new alicloud.cr.ScanRule("scanRuleResource", {
instanceId: "string",
repoTagFilterPattern: "string",
ruleName: "string",
scanScope: "string",
scanType: "string",
triggerType: "string",
namespaces: ["string"],
repoNames: ["string"],
});
type: alicloud:cr:ScanRule
properties:
instanceId: string
namespaces:
- string
repoNames:
- string
repoTagFilterPattern: string
ruleName: string
scanScope: string
scanType: string
triggerType: string
ScanRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ScanRule resource accepts the following input properties:
- Instance
Id string - Instance ID
- Repo
Tag stringFilter Pattern - Regular expression for matching tags that trigger a scan
- Rule
Name string - Event rule name
- Scan
Scope string - Scan scope
- Scan
Type string Scan type:
VUL: Artifact vulnerability scanSBOM: Artifact content analysis
The default value of this parameter is
VUL.- Trigger
Type string - Trigger type
- Namespaces List<string>
- Set of namespaces:
- This parameter must not be empty when the scan scope is NAMESPACE.
- This parameter must contain exactly one namespace when the scan scope is REPO.
- Repo
Names List<string> - Repository list:
- This parameter must be empty when the scan scope is NAMESPACE.
- This parameter must not be empty when the scan scope is REPO.
- Instance
Id string - Instance ID
- Repo
Tag stringFilter Pattern - Regular expression for matching tags that trigger a scan
- Rule
Name string - Event rule name
- Scan
Scope string - Scan scope
- Scan
Type string Scan type:
VUL: Artifact vulnerability scanSBOM: Artifact content analysis
The default value of this parameter is
VUL.- Trigger
Type string - Trigger type
- Namespaces []string
- Set of namespaces:
- This parameter must not be empty when the scan scope is NAMESPACE.
- This parameter must contain exactly one namespace when the scan scope is REPO.
- Repo
Names []string - Repository list:
- This parameter must be empty when the scan scope is NAMESPACE.
- This parameter must not be empty when the scan scope is REPO.
- instance
Id String - Instance ID
- repo
Tag StringFilter Pattern - Regular expression for matching tags that trigger a scan
- rule
Name String - Event rule name
- scan
Scope String - Scan scope
- scan
Type String Scan type:
VUL: Artifact vulnerability scanSBOM: Artifact content analysis
The default value of this parameter is
VUL.- trigger
Type String - Trigger type
- namespaces List<String>
- Set of namespaces:
- This parameter must not be empty when the scan scope is NAMESPACE.
- This parameter must contain exactly one namespace when the scan scope is REPO.
- repo
Names List<String> - Repository list:
- This parameter must be empty when the scan scope is NAMESPACE.
- This parameter must not be empty when the scan scope is REPO.
- instance
Id string - Instance ID
- repo
Tag stringFilter Pattern - Regular expression for matching tags that trigger a scan
- rule
Name string - Event rule name
- scan
Scope string - Scan scope
- scan
Type string Scan type:
VUL: Artifact vulnerability scanSBOM: Artifact content analysis
The default value of this parameter is
VUL.- trigger
Type string - Trigger type
- namespaces string[]
- Set of namespaces:
- This parameter must not be empty when the scan scope is NAMESPACE.
- This parameter must contain exactly one namespace when the scan scope is REPO.
- repo
Names string[] - Repository list:
- This parameter must be empty when the scan scope is NAMESPACE.
- This parameter must not be empty when the scan scope is REPO.
- instance_
id str - Instance ID
- repo_
tag_ strfilter_ pattern - Regular expression for matching tags that trigger a scan
- rule_
name str - Event rule name
- scan_
scope str - Scan scope
- scan_
type str Scan type:
VUL: Artifact vulnerability scanSBOM: Artifact content analysis
The default value of this parameter is
VUL.- trigger_
type str - Trigger type
- namespaces Sequence[str]
- Set of namespaces:
- This parameter must not be empty when the scan scope is NAMESPACE.
- This parameter must contain exactly one namespace when the scan scope is REPO.
- repo_
names Sequence[str] - Repository list:
- This parameter must be empty when the scan scope is NAMESPACE.
- This parameter must not be empty when the scan scope is REPO.
- instance
Id String - Instance ID
- repo
Tag StringFilter Pattern - Regular expression for matching tags that trigger a scan
- rule
Name String - Event rule name
- scan
Scope String - Scan scope
- scan
Type String Scan type:
VUL: Artifact vulnerability scanSBOM: Artifact content analysis
The default value of this parameter is
VUL.- trigger
Type String - Trigger type
- namespaces List<String>
- Set of namespaces:
- This parameter must not be empty when the scan scope is NAMESPACE.
- This parameter must contain exactly one namespace when the scan scope is REPO.
- repo
Names List<String> - Repository list:
- This parameter must be empty when the scan scope is NAMESPACE.
- This parameter must not be empty when the scan scope is REPO.
Outputs
All input properties are implicitly available as output properties. Additionally, the ScanRule resource produces the following output properties:
- Create
Time int - Creation time
- Id string
- The provider-assigned unique ID for this managed resource.
- Scan
Rule stringId - Rule ID
- Create
Time int - Creation time
- Id string
- The provider-assigned unique ID for this managed resource.
- Scan
Rule stringId - Rule ID
- create
Time Integer - Creation time
- id String
- The provider-assigned unique ID for this managed resource.
- scan
Rule StringId - Rule ID
- create
Time number - Creation time
- id string
- The provider-assigned unique ID for this managed resource.
- scan
Rule stringId - Rule ID
- create_
time int - Creation time
- id str
- The provider-assigned unique ID for this managed resource.
- scan_
rule_ strid - Rule ID
- create
Time Number - Creation time
- id String
- The provider-assigned unique ID for this managed resource.
- scan
Rule StringId - Rule ID
Look up Existing ScanRule Resource
Get an existing ScanRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ScanRuleState, opts?: CustomResourceOptions): ScanRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
create_time: Optional[int] = None,
instance_id: Optional[str] = None,
namespaces: Optional[Sequence[str]] = None,
repo_names: Optional[Sequence[str]] = None,
repo_tag_filter_pattern: Optional[str] = None,
rule_name: Optional[str] = None,
scan_rule_id: Optional[str] = None,
scan_scope: Optional[str] = None,
scan_type: Optional[str] = None,
trigger_type: Optional[str] = None) -> ScanRulefunc GetScanRule(ctx *Context, name string, id IDInput, state *ScanRuleState, opts ...ResourceOption) (*ScanRule, error)public static ScanRule Get(string name, Input<string> id, ScanRuleState? state, CustomResourceOptions? opts = null)public static ScanRule get(String name, Output<String> id, ScanRuleState state, CustomResourceOptions options)resources: _: type: alicloud:cr:ScanRule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Create
Time int - Creation time
- Instance
Id string - Instance ID
- Namespaces List<string>
- Set of namespaces:
- This parameter must not be empty when the scan scope is NAMESPACE.
- This parameter must contain exactly one namespace when the scan scope is REPO.
- Repo
Names List<string> - Repository list:
- This parameter must be empty when the scan scope is NAMESPACE.
- This parameter must not be empty when the scan scope is REPO.
- Repo
Tag stringFilter Pattern - Regular expression for matching tags that trigger a scan
- Rule
Name string - Event rule name
- Scan
Rule stringId - Rule ID
- Scan
Scope string - Scan scope
- Scan
Type string Scan type:
VUL: Artifact vulnerability scanSBOM: Artifact content analysis
The default value of this parameter is
VUL.- Trigger
Type string - Trigger type
- Create
Time int - Creation time
- Instance
Id string - Instance ID
- Namespaces []string
- Set of namespaces:
- This parameter must not be empty when the scan scope is NAMESPACE.
- This parameter must contain exactly one namespace when the scan scope is REPO.
- Repo
Names []string - Repository list:
- This parameter must be empty when the scan scope is NAMESPACE.
- This parameter must not be empty when the scan scope is REPO.
- Repo
Tag stringFilter Pattern - Regular expression for matching tags that trigger a scan
- Rule
Name string - Event rule name
- Scan
Rule stringId - Rule ID
- Scan
Scope string - Scan scope
- Scan
Type string Scan type:
VUL: Artifact vulnerability scanSBOM: Artifact content analysis
The default value of this parameter is
VUL.- Trigger
Type string - Trigger type
- create
Time Integer - Creation time
- instance
Id String - Instance ID
- namespaces List<String>
- Set of namespaces:
- This parameter must not be empty when the scan scope is NAMESPACE.
- This parameter must contain exactly one namespace when the scan scope is REPO.
- repo
Names List<String> - Repository list:
- This parameter must be empty when the scan scope is NAMESPACE.
- This parameter must not be empty when the scan scope is REPO.
- repo
Tag StringFilter Pattern - Regular expression for matching tags that trigger a scan
- rule
Name String - Event rule name
- scan
Rule StringId - Rule ID
- scan
Scope String - Scan scope
- scan
Type String Scan type:
VUL: Artifact vulnerability scanSBOM: Artifact content analysis
The default value of this parameter is
VUL.- trigger
Type String - Trigger type
- create
Time number - Creation time
- instance
Id string - Instance ID
- namespaces string[]
- Set of namespaces:
- This parameter must not be empty when the scan scope is NAMESPACE.
- This parameter must contain exactly one namespace when the scan scope is REPO.
- repo
Names string[] - Repository list:
- This parameter must be empty when the scan scope is NAMESPACE.
- This parameter must not be empty when the scan scope is REPO.
- repo
Tag stringFilter Pattern - Regular expression for matching tags that trigger a scan
- rule
Name string - Event rule name
- scan
Rule stringId - Rule ID
- scan
Scope string - Scan scope
- scan
Type string Scan type:
VUL: Artifact vulnerability scanSBOM: Artifact content analysis
The default value of this parameter is
VUL.- trigger
Type string - Trigger type
- create_
time int - Creation time
- instance_
id str - Instance ID
- namespaces Sequence[str]
- Set of namespaces:
- This parameter must not be empty when the scan scope is NAMESPACE.
- This parameter must contain exactly one namespace when the scan scope is REPO.
- repo_
names Sequence[str] - Repository list:
- This parameter must be empty when the scan scope is NAMESPACE.
- This parameter must not be empty when the scan scope is REPO.
- repo_
tag_ strfilter_ pattern - Regular expression for matching tags that trigger a scan
- rule_
name str - Event rule name
- scan_
rule_ strid - Rule ID
- scan_
scope str - Scan scope
- scan_
type str Scan type:
VUL: Artifact vulnerability scanSBOM: Artifact content analysis
The default value of this parameter is
VUL.- trigger_
type str - Trigger type
- create
Time Number - Creation time
- instance
Id String - Instance ID
- namespaces List<String>
- Set of namespaces:
- This parameter must not be empty when the scan scope is NAMESPACE.
- This parameter must contain exactly one namespace when the scan scope is REPO.
- repo
Names List<String> - Repository list:
- This parameter must be empty when the scan scope is NAMESPACE.
- This parameter must not be empty when the scan scope is REPO.
- repo
Tag StringFilter Pattern - Regular expression for matching tags that trigger a scan
- rule
Name String - Event rule name
- scan
Rule StringId - Rule ID
- scan
Scope String - Scan scope
- scan
Type String Scan type:
VUL: Artifact vulnerability scanSBOM: Artifact content analysis
The default value of this parameter is
VUL.- trigger
Type String - Trigger type
Import
CR Scan Rule can be imported using the id, e.g.
$ pulumi import alicloud:cr/scanRule:ScanRule example <instance_id>:<scan_rule_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Alibaba Cloud pulumi/pulumi-alicloud
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
alicloudTerraform Provider.
Alibaba Cloud v3.93.0 published on Tuesday, Jan 27, 2026 by Pulumi
