1. Packages
  2. Aquasec
  3. API Docs
  4. FunctionAssurancePolicy
Aquasec v0.8.25 published on Tuesday, Apr 25, 2023 by Pulumiverse

aquasec.FunctionAssurancePolicy

Explore with Pulumi AI

aquasec logo
Aquasec v0.8.25 published on Tuesday, Apr 25, 2023 by Pulumiverse

    Create FunctionAssurancePolicy Resource

    new FunctionAssurancePolicy(name: string, args: FunctionAssurancePolicyArgs, opts?: CustomResourceOptions);
    @overload
    def FunctionAssurancePolicy(resource_name: str,
                                opts: Optional[ResourceOptions] = None,
                                allowed_images: Optional[Sequence[str]] = None,
                                application_scopes: Optional[Sequence[str]] = None,
                                audit_on_failure: Optional[bool] = None,
                                auto_scan_configured: Optional[bool] = None,
                                auto_scan_enabled: Optional[bool] = None,
                                auto_scan_times: Optional[Sequence[FunctionAssurancePolicyAutoScanTimeArgs]] = None,
                                blacklist_permissions: Optional[Sequence[str]] = None,
                                blacklist_permissions_enabled: Optional[bool] = None,
                                blacklisted_licenses: Optional[Sequence[str]] = None,
                                blacklisted_licenses_enabled: Optional[bool] = None,
                                block_failed: Optional[bool] = None,
                                control_exclude_no_fix: Optional[bool] = None,
                                custom_checks: Optional[Sequence[FunctionAssurancePolicyCustomCheckArgs]] = None,
                                custom_checks_enabled: Optional[bool] = None,
                                custom_severity_enabled: Optional[bool] = None,
                                cves_black_list_enabled: Optional[bool] = None,
                                cves_black_lists: Optional[Sequence[str]] = None,
                                cves_white_list_enabled: Optional[bool] = None,
                                cves_white_lists: Optional[Sequence[str]] = None,
                                cvss_severity: Optional[str] = None,
                                cvss_severity_enabled: Optional[bool] = None,
                                cvss_severity_exclude_no_fix: Optional[bool] = None,
                                description: Optional[str] = None,
                                disallow_malware: Optional[bool] = None,
                                docker_cis_enabled: Optional[bool] = None,
                                domain: Optional[str] = None,
                                domain_name: Optional[str] = None,
                                dta_enabled: Optional[bool] = None,
                                dta_severity: Optional[str] = None,
                                enabled: Optional[bool] = None,
                                enforce: Optional[bool] = None,
                                enforce_after_days: Optional[int] = None,
                                enforce_excessive_permissions: Optional[bool] = None,
                                exceptional_monitored_malware_paths: Optional[Sequence[str]] = None,
                                fail_cicd: Optional[bool] = None,
                                forbidden_labels: Optional[Sequence[FunctionAssurancePolicyForbiddenLabelArgs]] = None,
                                forbidden_labels_enabled: Optional[bool] = None,
                                force_microenforcer: Optional[bool] = None,
                                function_integrity_enabled: Optional[bool] = None,
                                ignore_recently_published_vln: Optional[bool] = None,
                                ignore_risk_resources_enabled: Optional[bool] = None,
                                ignored_risk_resources: Optional[Sequence[str]] = None,
                                images: Optional[Sequence[str]] = None,
                                kube_cis_enabled: Optional[bool] = None,
                                labels: Optional[Sequence[str]] = None,
                                malware_action: Optional[str] = None,
                                maximum_score: Optional[float] = None,
                                maximum_score_enabled: Optional[bool] = None,
                                maximum_score_exclude_no_fix: Optional[bool] = None,
                                monitored_malware_paths: Optional[Sequence[str]] = None,
                                name: Optional[str] = None,
                                only_none_root_users: Optional[bool] = None,
                                packages_black_list_enabled: Optional[bool] = None,
                                packages_black_lists: Optional[Sequence[FunctionAssurancePolicyPackagesBlackListArgs]] = None,
                                packages_white_list_enabled: Optional[bool] = None,
                                packages_white_lists: Optional[Sequence[FunctionAssurancePolicyPackagesWhiteListArgs]] = None,
                                partial_results_image_fail: Optional[bool] = None,
                                read_only: Optional[bool] = None,
                                registries: Optional[Sequence[str]] = None,
                                registry: Optional[str] = None,
                                required_labels: Optional[Sequence[FunctionAssurancePolicyRequiredLabelArgs]] = None,
                                required_labels_enabled: Optional[bool] = None,
                                scan_nfs_mounts: Optional[bool] = None,
                                scan_sensitive_data: Optional[bool] = None,
                                scap_enabled: Optional[bool] = None,
                                scap_files: Optional[Sequence[str]] = None,
                                scopes: Optional[Sequence[FunctionAssurancePolicyScopeArgs]] = None,
                                trusted_base_images: Optional[Sequence[FunctionAssurancePolicyTrustedBaseImageArgs]] = None,
                                trusted_base_images_enabled: Optional[bool] = None,
                                whitelisted_licenses: Optional[Sequence[str]] = None,
                                whitelisted_licenses_enabled: Optional[bool] = None)
    @overload
    def FunctionAssurancePolicy(resource_name: str,
                                args: FunctionAssurancePolicyArgs,
                                opts: Optional[ResourceOptions] = None)
    func NewFunctionAssurancePolicy(ctx *Context, name string, args FunctionAssurancePolicyArgs, opts ...ResourceOption) (*FunctionAssurancePolicy, error)
    public FunctionAssurancePolicy(string name, FunctionAssurancePolicyArgs args, CustomResourceOptions? opts = null)
    public FunctionAssurancePolicy(String name, FunctionAssurancePolicyArgs args)
    public FunctionAssurancePolicy(String name, FunctionAssurancePolicyArgs args, CustomResourceOptions options)
    
    type: aquasec:FunctionAssurancePolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args FunctionAssurancePolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args FunctionAssurancePolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args FunctionAssurancePolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args FunctionAssurancePolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args FunctionAssurancePolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    FunctionAssurancePolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The FunctionAssurancePolicy resource accepts the following input properties:

    ApplicationScopes List<string>
    AllowedImages List<string>

    List of explicitly allowed images.

    AuditOnFailure bool

    Indicates if auditing for failures.

    AutoScanConfigured bool
    AutoScanEnabled bool
    AutoScanTimes List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyAutoScanTime>
    BlacklistPermissions List<string>

    List of function's forbidden permissions.

    BlacklistPermissionsEnabled bool

    Indicates if blacklist permissions is relevant.

    BlacklistedLicenses List<string>

    List of blacklisted licenses.

    BlacklistedLicensesEnabled bool

    Lndicates if license blacklist is relevant.

    BlockFailed bool

    Indicates if failed images are blocked.

    ControlExcludeNoFix bool
    CustomChecks List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyCustomCheck>

    List of Custom user scripts for checks.

    CustomChecksEnabled bool

    Indicates if scanning should include custom checks.

    CustomSeverityEnabled bool
    CvesBlackListEnabled bool

    Indicates if cves blacklist is relevant.

    CvesBlackLists List<string>

    List of cves blacklisted items.

    CvesWhiteListEnabled bool

    Indicates if cves whitelist is relevant.

    CvesWhiteLists List<string>

    List of cves whitelisted licenses

    CvssSeverity string

    Identifier of the cvss severity.

    CvssSeverityEnabled bool

    Indicates if the cvss severity is scanned.

    CvssSeverityExcludeNoFix bool

    Indicates that policy should ignore cvss cases that do not have a known fix.

    Description string
    DisallowMalware bool

    Indicates if malware should block the image.

    DockerCisEnabled bool
    Domain string

    Name of the container image.

    DomainName string
    DtaEnabled bool
    DtaSeverity string
    Enabled bool
    Enforce bool
    EnforceAfterDays int
    EnforceExcessivePermissions bool
    ExceptionalMonitoredMalwarePaths List<string>
    FailCicd bool

    Indicates if cicd failures will fail the image.

    ForbiddenLabels List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyForbiddenLabel>
    ForbiddenLabelsEnabled bool
    ForceMicroenforcer bool
    FunctionIntegrityEnabled bool
    IgnoreRecentlyPublishedVln bool
    IgnoreRiskResourcesEnabled bool

    Indicates if risk resources are ignored.

    IgnoredRiskResources List<string>

    List of ignored risk resources.

    Images List<string>

    List of images.

    KubeCisEnabled bool
    Labels List<string>

    List of labels.

    MalwareAction string
    MaximumScore double

    Value of allowed maximum score.

    MaximumScoreEnabled bool

    Indicates if exceeding the maximum score is scanned.

    MaximumScoreExcludeNoFix bool

    Indicates that policy should ignore cases that do not have a known fix.

    MonitoredMalwarePaths List<string>
    Name string
    OnlyNoneRootUsers bool

    Indicates if raise a warning for images that should only be run as root.

    PackagesBlackListEnabled bool

    Indicates if packages blacklist is relevant.

    PackagesBlackLists List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyPackagesBlackList>

    List of backlisted images.

    PackagesWhiteListEnabled bool

    Indicates if packages whitelist is relevant.

    PackagesWhiteLists List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyPackagesWhiteList>

    List of whitelisted images.

    PartialResultsImageFail bool
    ReadOnly bool
    Registries List<string>

    List of registries.

    Registry string
    RequiredLabels List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyRequiredLabel>
    RequiredLabelsEnabled bool
    ScanNfsMounts bool
    ScanSensitiveData bool

    Indicates if scan should include sensitive data in the image.

    ScapEnabled bool

    Indicates if scanning should include scap.

    ScapFiles List<string>

    List of SCAP user scripts for checks.

    Scopes List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyScope>
    TrustedBaseImages List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyTrustedBaseImage>

    List of trusted images.

    TrustedBaseImagesEnabled bool

    Indicates if list of trusted base images is relevant.

    WhitelistedLicenses List<string>

    List of whitelisted licenses.

    WhitelistedLicensesEnabled bool

    Indicates if license blacklist is relevant.

    ApplicationScopes []string
    AllowedImages []string

    List of explicitly allowed images.

    AuditOnFailure bool

    Indicates if auditing for failures.

    AutoScanConfigured bool
    AutoScanEnabled bool
    AutoScanTimes []FunctionAssurancePolicyAutoScanTimeArgs
    BlacklistPermissions []string

    List of function's forbidden permissions.

    BlacklistPermissionsEnabled bool

    Indicates if blacklist permissions is relevant.

    BlacklistedLicenses []string

    List of blacklisted licenses.

    BlacklistedLicensesEnabled bool

    Lndicates if license blacklist is relevant.

    BlockFailed bool

    Indicates if failed images are blocked.

    ControlExcludeNoFix bool
    CustomChecks []FunctionAssurancePolicyCustomCheckArgs

    List of Custom user scripts for checks.

    CustomChecksEnabled bool

    Indicates if scanning should include custom checks.

    CustomSeverityEnabled bool
    CvesBlackListEnabled bool

    Indicates if cves blacklist is relevant.

    CvesBlackLists []string

    List of cves blacklisted items.

    CvesWhiteListEnabled bool

    Indicates if cves whitelist is relevant.

    CvesWhiteLists []string

    List of cves whitelisted licenses

    CvssSeverity string

    Identifier of the cvss severity.

    CvssSeverityEnabled bool

    Indicates if the cvss severity is scanned.

    CvssSeverityExcludeNoFix bool

    Indicates that policy should ignore cvss cases that do not have a known fix.

    Description string
    DisallowMalware bool

    Indicates if malware should block the image.

    DockerCisEnabled bool
    Domain string

    Name of the container image.

    DomainName string
    DtaEnabled bool
    DtaSeverity string
    Enabled bool
    Enforce bool
    EnforceAfterDays int
    EnforceExcessivePermissions bool
    ExceptionalMonitoredMalwarePaths []string
    FailCicd bool

    Indicates if cicd failures will fail the image.

    ForbiddenLabels []FunctionAssurancePolicyForbiddenLabelArgs
    ForbiddenLabelsEnabled bool
    ForceMicroenforcer bool
    FunctionIntegrityEnabled bool
    IgnoreRecentlyPublishedVln bool
    IgnoreRiskResourcesEnabled bool

    Indicates if risk resources are ignored.

    IgnoredRiskResources []string

    List of ignored risk resources.

    Images []string

    List of images.

    KubeCisEnabled bool
    Labels []string

    List of labels.

    MalwareAction string
    MaximumScore float64

    Value of allowed maximum score.

    MaximumScoreEnabled bool

    Indicates if exceeding the maximum score is scanned.

    MaximumScoreExcludeNoFix bool

    Indicates that policy should ignore cases that do not have a known fix.

    MonitoredMalwarePaths []string
    Name string
    OnlyNoneRootUsers bool

    Indicates if raise a warning for images that should only be run as root.

    PackagesBlackListEnabled bool

    Indicates if packages blacklist is relevant.

    PackagesBlackLists []FunctionAssurancePolicyPackagesBlackListArgs

    List of backlisted images.

    PackagesWhiteListEnabled bool

    Indicates if packages whitelist is relevant.

    PackagesWhiteLists []FunctionAssurancePolicyPackagesWhiteListArgs

    List of whitelisted images.

    PartialResultsImageFail bool
    ReadOnly bool
    Registries []string

    List of registries.

    Registry string
    RequiredLabels []FunctionAssurancePolicyRequiredLabelArgs
    RequiredLabelsEnabled bool
    ScanNfsMounts bool
    ScanSensitiveData bool

    Indicates if scan should include sensitive data in the image.

    ScapEnabled bool

    Indicates if scanning should include scap.

    ScapFiles []string

    List of SCAP user scripts for checks.

    Scopes []FunctionAssurancePolicyScopeArgs
    TrustedBaseImages []FunctionAssurancePolicyTrustedBaseImageArgs

    List of trusted images.

    TrustedBaseImagesEnabled bool

    Indicates if list of trusted base images is relevant.

    WhitelistedLicenses []string

    List of whitelisted licenses.

    WhitelistedLicensesEnabled bool

    Indicates if license blacklist is relevant.

    applicationScopes List<String>
    allowedImages List<String>

    List of explicitly allowed images.

    auditOnFailure Boolean

    Indicates if auditing for failures.

    autoScanConfigured Boolean
    autoScanEnabled Boolean
    autoScanTimes List<FunctionAssurancePolicyAutoScanTime>
    blacklistPermissions List<String>

    List of function's forbidden permissions.

    blacklistPermissionsEnabled Boolean

    Indicates if blacklist permissions is relevant.

    blacklistedLicenses List<String>

    List of blacklisted licenses.

    blacklistedLicensesEnabled Boolean

    Lndicates if license blacklist is relevant.

    blockFailed Boolean

    Indicates if failed images are blocked.

    controlExcludeNoFix Boolean
    customChecks List<FunctionAssurancePolicyCustomCheck>

    List of Custom user scripts for checks.

    customChecksEnabled Boolean

    Indicates if scanning should include custom checks.

    customSeverityEnabled Boolean
    cvesBlackListEnabled Boolean

    Indicates if cves blacklist is relevant.

    cvesBlackLists List<String>

    List of cves blacklisted items.

    cvesWhiteListEnabled Boolean

    Indicates if cves whitelist is relevant.

    cvesWhiteLists List<String>

    List of cves whitelisted licenses

    cvssSeverity String

    Identifier of the cvss severity.

    cvssSeverityEnabled Boolean

    Indicates if the cvss severity is scanned.

    cvssSeverityExcludeNoFix Boolean

    Indicates that policy should ignore cvss cases that do not have a known fix.

    description String
    disallowMalware Boolean

    Indicates if malware should block the image.

    dockerCisEnabled Boolean
    domain String

    Name of the container image.

    domainName String
    dtaEnabled Boolean
    dtaSeverity String
    enabled Boolean
    enforce Boolean
    enforceAfterDays Integer
    enforceExcessivePermissions Boolean
    exceptionalMonitoredMalwarePaths List<String>
    failCicd Boolean

    Indicates if cicd failures will fail the image.

    forbiddenLabels List<FunctionAssurancePolicyForbiddenLabel>
    forbiddenLabelsEnabled Boolean
    forceMicroenforcer Boolean
    functionIntegrityEnabled Boolean
    ignoreRecentlyPublishedVln Boolean
    ignoreRiskResourcesEnabled Boolean

    Indicates if risk resources are ignored.

    ignoredRiskResources List<String>

    List of ignored risk resources.

    images List<String>

    List of images.

    kubeCisEnabled Boolean
    labels List<String>

    List of labels.

    malwareAction String
    maximumScore Double

    Value of allowed maximum score.

    maximumScoreEnabled Boolean

    Indicates if exceeding the maximum score is scanned.

    maximumScoreExcludeNoFix Boolean

    Indicates that policy should ignore cases that do not have a known fix.

    monitoredMalwarePaths List<String>
    name String
    onlyNoneRootUsers Boolean

    Indicates if raise a warning for images that should only be run as root.

    packagesBlackListEnabled Boolean

    Indicates if packages blacklist is relevant.

    packagesBlackLists List<FunctionAssurancePolicyPackagesBlackList>

    List of backlisted images.

    packagesWhiteListEnabled Boolean

    Indicates if packages whitelist is relevant.

    packagesWhiteLists List<FunctionAssurancePolicyPackagesWhiteList>

    List of whitelisted images.

    partialResultsImageFail Boolean
    readOnly Boolean
    registries List<String>

    List of registries.

    registry String
    requiredLabels List<FunctionAssurancePolicyRequiredLabel>
    requiredLabelsEnabled Boolean
    scanNfsMounts Boolean
    scanSensitiveData Boolean

    Indicates if scan should include sensitive data in the image.

    scapEnabled Boolean

    Indicates if scanning should include scap.

    scapFiles List<String>

    List of SCAP user scripts for checks.

    scopes List<FunctionAssurancePolicyScope>
    trustedBaseImages List<FunctionAssurancePolicyTrustedBaseImage>

    List of trusted images.

    trustedBaseImagesEnabled Boolean

    Indicates if list of trusted base images is relevant.

    whitelistedLicenses List<String>

    List of whitelisted licenses.

    whitelistedLicensesEnabled Boolean

    Indicates if license blacklist is relevant.

    applicationScopes string[]
    allowedImages string[]

    List of explicitly allowed images.

    auditOnFailure boolean

    Indicates if auditing for failures.

    autoScanConfigured boolean
    autoScanEnabled boolean
    autoScanTimes FunctionAssurancePolicyAutoScanTime[]
    blacklistPermissions string[]

    List of function's forbidden permissions.

    blacklistPermissionsEnabled boolean

    Indicates if blacklist permissions is relevant.

    blacklistedLicenses string[]

    List of blacklisted licenses.

    blacklistedLicensesEnabled boolean

    Lndicates if license blacklist is relevant.

    blockFailed boolean

    Indicates if failed images are blocked.

    controlExcludeNoFix boolean
    customChecks FunctionAssurancePolicyCustomCheck[]

    List of Custom user scripts for checks.

    customChecksEnabled boolean

    Indicates if scanning should include custom checks.

    customSeverityEnabled boolean
    cvesBlackListEnabled boolean

    Indicates if cves blacklist is relevant.

    cvesBlackLists string[]

    List of cves blacklisted items.

    cvesWhiteListEnabled boolean

    Indicates if cves whitelist is relevant.

    cvesWhiteLists string[]

    List of cves whitelisted licenses

    cvssSeverity string

    Identifier of the cvss severity.

    cvssSeverityEnabled boolean

    Indicates if the cvss severity is scanned.

    cvssSeverityExcludeNoFix boolean

    Indicates that policy should ignore cvss cases that do not have a known fix.

    description string
    disallowMalware boolean

    Indicates if malware should block the image.

    dockerCisEnabled boolean
    domain string

    Name of the container image.

    domainName string
    dtaEnabled boolean
    dtaSeverity string
    enabled boolean
    enforce boolean
    enforceAfterDays number
    enforceExcessivePermissions boolean
    exceptionalMonitoredMalwarePaths string[]
    failCicd boolean

    Indicates if cicd failures will fail the image.

    forbiddenLabels FunctionAssurancePolicyForbiddenLabel[]
    forbiddenLabelsEnabled boolean
    forceMicroenforcer boolean
    functionIntegrityEnabled boolean
    ignoreRecentlyPublishedVln boolean
    ignoreRiskResourcesEnabled boolean

    Indicates if risk resources are ignored.

    ignoredRiskResources string[]

    List of ignored risk resources.

    images string[]

    List of images.

    kubeCisEnabled boolean
    labels string[]

    List of labels.

    malwareAction string
    maximumScore number

    Value of allowed maximum score.

    maximumScoreEnabled boolean

    Indicates if exceeding the maximum score is scanned.

    maximumScoreExcludeNoFix boolean

    Indicates that policy should ignore cases that do not have a known fix.

    monitoredMalwarePaths string[]
    name string
    onlyNoneRootUsers boolean

    Indicates if raise a warning for images that should only be run as root.

    packagesBlackListEnabled boolean

    Indicates if packages blacklist is relevant.

    packagesBlackLists FunctionAssurancePolicyPackagesBlackList[]

    List of backlisted images.

    packagesWhiteListEnabled boolean

    Indicates if packages whitelist is relevant.

    packagesWhiteLists FunctionAssurancePolicyPackagesWhiteList[]

    List of whitelisted images.

    partialResultsImageFail boolean
    readOnly boolean
    registries string[]

    List of registries.

    registry string
    requiredLabels FunctionAssurancePolicyRequiredLabel[]
    requiredLabelsEnabled boolean
    scanNfsMounts boolean
    scanSensitiveData boolean

    Indicates if scan should include sensitive data in the image.

    scapEnabled boolean

    Indicates if scanning should include scap.

    scapFiles string[]

    List of SCAP user scripts for checks.

    scopes FunctionAssurancePolicyScope[]
    trustedBaseImages FunctionAssurancePolicyTrustedBaseImage[]

    List of trusted images.

    trustedBaseImagesEnabled boolean

    Indicates if list of trusted base images is relevant.

    whitelistedLicenses string[]

    List of whitelisted licenses.

    whitelistedLicensesEnabled boolean

    Indicates if license blacklist is relevant.

    application_scopes Sequence[str]
    allowed_images Sequence[str]

    List of explicitly allowed images.

    audit_on_failure bool

    Indicates if auditing for failures.

    auto_scan_configured bool
    auto_scan_enabled bool
    auto_scan_times Sequence[FunctionAssurancePolicyAutoScanTimeArgs]
    blacklist_permissions Sequence[str]

    List of function's forbidden permissions.

    blacklist_permissions_enabled bool

    Indicates if blacklist permissions is relevant.

    blacklisted_licenses Sequence[str]

    List of blacklisted licenses.

    blacklisted_licenses_enabled bool

    Lndicates if license blacklist is relevant.

    block_failed bool

    Indicates if failed images are blocked.

    control_exclude_no_fix bool
    custom_checks Sequence[FunctionAssurancePolicyCustomCheckArgs]

    List of Custom user scripts for checks.

    custom_checks_enabled bool

    Indicates if scanning should include custom checks.

    custom_severity_enabled bool
    cves_black_list_enabled bool

    Indicates if cves blacklist is relevant.

    cves_black_lists Sequence[str]

    List of cves blacklisted items.

    cves_white_list_enabled bool

    Indicates if cves whitelist is relevant.

    cves_white_lists Sequence[str]

    List of cves whitelisted licenses

    cvss_severity str

    Identifier of the cvss severity.

    cvss_severity_enabled bool

    Indicates if the cvss severity is scanned.

    cvss_severity_exclude_no_fix bool

    Indicates that policy should ignore cvss cases that do not have a known fix.

    description str
    disallow_malware bool

    Indicates if malware should block the image.

    docker_cis_enabled bool
    domain str

    Name of the container image.

    domain_name str
    dta_enabled bool
    dta_severity str
    enabled bool
    enforce bool
    enforce_after_days int
    enforce_excessive_permissions bool
    exceptional_monitored_malware_paths Sequence[str]
    fail_cicd bool

    Indicates if cicd failures will fail the image.

    forbidden_labels Sequence[FunctionAssurancePolicyForbiddenLabelArgs]
    forbidden_labels_enabled bool
    force_microenforcer bool
    function_integrity_enabled bool
    ignore_recently_published_vln bool
    ignore_risk_resources_enabled bool

    Indicates if risk resources are ignored.

    ignored_risk_resources Sequence[str]

    List of ignored risk resources.

    images Sequence[str]

    List of images.

    kube_cis_enabled bool
    labels Sequence[str]

    List of labels.

    malware_action str
    maximum_score float

    Value of allowed maximum score.

    maximum_score_enabled bool

    Indicates if exceeding the maximum score is scanned.

    maximum_score_exclude_no_fix bool

    Indicates that policy should ignore cases that do not have a known fix.

    monitored_malware_paths Sequence[str]
    name str
    only_none_root_users bool

    Indicates if raise a warning for images that should only be run as root.

    packages_black_list_enabled bool

    Indicates if packages blacklist is relevant.

    packages_black_lists Sequence[FunctionAssurancePolicyPackagesBlackListArgs]

    List of backlisted images.

    packages_white_list_enabled bool

    Indicates if packages whitelist is relevant.

    packages_white_lists Sequence[FunctionAssurancePolicyPackagesWhiteListArgs]

    List of whitelisted images.

    partial_results_image_fail bool
    read_only bool
    registries Sequence[str]

    List of registries.

    registry str
    required_labels Sequence[FunctionAssurancePolicyRequiredLabelArgs]
    required_labels_enabled bool
    scan_nfs_mounts bool
    scan_sensitive_data bool

    Indicates if scan should include sensitive data in the image.

    scap_enabled bool

    Indicates if scanning should include scap.

    scap_files Sequence[str]

    List of SCAP user scripts for checks.

    scopes Sequence[FunctionAssurancePolicyScopeArgs]
    trusted_base_images Sequence[FunctionAssurancePolicyTrustedBaseImageArgs]

    List of trusted images.

    trusted_base_images_enabled bool

    Indicates if list of trusted base images is relevant.

    whitelisted_licenses Sequence[str]

    List of whitelisted licenses.

    whitelisted_licenses_enabled bool

    Indicates if license blacklist is relevant.

    applicationScopes List<String>
    allowedImages List<String>

    List of explicitly allowed images.

    auditOnFailure Boolean

    Indicates if auditing for failures.

    autoScanConfigured Boolean
    autoScanEnabled Boolean
    autoScanTimes List<Property Map>
    blacklistPermissions List<String>

    List of function's forbidden permissions.

    blacklistPermissionsEnabled Boolean

    Indicates if blacklist permissions is relevant.

    blacklistedLicenses List<String>

    List of blacklisted licenses.

    blacklistedLicensesEnabled Boolean

    Lndicates if license blacklist is relevant.

    blockFailed Boolean

    Indicates if failed images are blocked.

    controlExcludeNoFix Boolean
    customChecks List<Property Map>

    List of Custom user scripts for checks.

    customChecksEnabled Boolean

    Indicates if scanning should include custom checks.

    customSeverityEnabled Boolean
    cvesBlackListEnabled Boolean

    Indicates if cves blacklist is relevant.

    cvesBlackLists List<String>

    List of cves blacklisted items.

    cvesWhiteListEnabled Boolean

    Indicates if cves whitelist is relevant.

    cvesWhiteLists List<String>

    List of cves whitelisted licenses

    cvssSeverity String

    Identifier of the cvss severity.

    cvssSeverityEnabled Boolean

    Indicates if the cvss severity is scanned.

    cvssSeverityExcludeNoFix Boolean

    Indicates that policy should ignore cvss cases that do not have a known fix.

    description String
    disallowMalware Boolean

    Indicates if malware should block the image.

    dockerCisEnabled Boolean
    domain String

    Name of the container image.

    domainName String
    dtaEnabled Boolean
    dtaSeverity String
    enabled Boolean
    enforce Boolean
    enforceAfterDays Number
    enforceExcessivePermissions Boolean
    exceptionalMonitoredMalwarePaths List<String>
    failCicd Boolean

    Indicates if cicd failures will fail the image.

    forbiddenLabels List<Property Map>
    forbiddenLabelsEnabled Boolean
    forceMicroenforcer Boolean
    functionIntegrityEnabled Boolean
    ignoreRecentlyPublishedVln Boolean
    ignoreRiskResourcesEnabled Boolean

    Indicates if risk resources are ignored.

    ignoredRiskResources List<String>

    List of ignored risk resources.

    images List<String>

    List of images.

    kubeCisEnabled Boolean
    labels List<String>

    List of labels.

    malwareAction String
    maximumScore Number

    Value of allowed maximum score.

    maximumScoreEnabled Boolean

    Indicates if exceeding the maximum score is scanned.

    maximumScoreExcludeNoFix Boolean

    Indicates that policy should ignore cases that do not have a known fix.

    monitoredMalwarePaths List<String>
    name String
    onlyNoneRootUsers Boolean

    Indicates if raise a warning for images that should only be run as root.

    packagesBlackListEnabled Boolean

    Indicates if packages blacklist is relevant.

    packagesBlackLists List<Property Map>

    List of backlisted images.

    packagesWhiteListEnabled Boolean

    Indicates if packages whitelist is relevant.

    packagesWhiteLists List<Property Map>

    List of whitelisted images.

    partialResultsImageFail Boolean
    readOnly Boolean
    registries List<String>

    List of registries.

    registry String
    requiredLabels List<Property Map>
    requiredLabelsEnabled Boolean
    scanNfsMounts Boolean
    scanSensitiveData Boolean

    Indicates if scan should include sensitive data in the image.

    scapEnabled Boolean

    Indicates if scanning should include scap.

    scapFiles List<String>

    List of SCAP user scripts for checks.

    scopes List<Property Map>
    trustedBaseImages List<Property Map>

    List of trusted images.

    trustedBaseImagesEnabled Boolean

    Indicates if list of trusted base images is relevant.

    whitelistedLicenses List<String>

    List of whitelisted licenses.

    whitelistedLicensesEnabled Boolean

    Indicates if license blacklist is relevant.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the FunctionAssurancePolicy resource produces the following output properties:

    Author string

    Name of user account that created the policy.

    Id string

    The provider-assigned unique ID for this managed resource.

    IgnoreRecentlyPublishedVlnPeriod int
    Author string

    Name of user account that created the policy.

    Id string

    The provider-assigned unique ID for this managed resource.

    IgnoreRecentlyPublishedVlnPeriod int
    author String

    Name of user account that created the policy.

    id String

    The provider-assigned unique ID for this managed resource.

    ignoreRecentlyPublishedVlnPeriod Integer
    author string

    Name of user account that created the policy.

    id string

    The provider-assigned unique ID for this managed resource.

    ignoreRecentlyPublishedVlnPeriod number
    author str

    Name of user account that created the policy.

    id str

    The provider-assigned unique ID for this managed resource.

    ignore_recently_published_vln_period int
    author String

    Name of user account that created the policy.

    id String

    The provider-assigned unique ID for this managed resource.

    ignoreRecentlyPublishedVlnPeriod Number

    Look up Existing FunctionAssurancePolicy Resource

    Get an existing FunctionAssurancePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: FunctionAssurancePolicyState, opts?: CustomResourceOptions): FunctionAssurancePolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            allowed_images: Optional[Sequence[str]] = None,
            application_scopes: Optional[Sequence[str]] = None,
            audit_on_failure: Optional[bool] = None,
            author: Optional[str] = None,
            auto_scan_configured: Optional[bool] = None,
            auto_scan_enabled: Optional[bool] = None,
            auto_scan_times: Optional[Sequence[FunctionAssurancePolicyAutoScanTimeArgs]] = None,
            blacklist_permissions: Optional[Sequence[str]] = None,
            blacklist_permissions_enabled: Optional[bool] = None,
            blacklisted_licenses: Optional[Sequence[str]] = None,
            blacklisted_licenses_enabled: Optional[bool] = None,
            block_failed: Optional[bool] = None,
            control_exclude_no_fix: Optional[bool] = None,
            custom_checks: Optional[Sequence[FunctionAssurancePolicyCustomCheckArgs]] = None,
            custom_checks_enabled: Optional[bool] = None,
            custom_severity_enabled: Optional[bool] = None,
            cves_black_list_enabled: Optional[bool] = None,
            cves_black_lists: Optional[Sequence[str]] = None,
            cves_white_list_enabled: Optional[bool] = None,
            cves_white_lists: Optional[Sequence[str]] = None,
            cvss_severity: Optional[str] = None,
            cvss_severity_enabled: Optional[bool] = None,
            cvss_severity_exclude_no_fix: Optional[bool] = None,
            description: Optional[str] = None,
            disallow_malware: Optional[bool] = None,
            docker_cis_enabled: Optional[bool] = None,
            domain: Optional[str] = None,
            domain_name: Optional[str] = None,
            dta_enabled: Optional[bool] = None,
            dta_severity: Optional[str] = None,
            enabled: Optional[bool] = None,
            enforce: Optional[bool] = None,
            enforce_after_days: Optional[int] = None,
            enforce_excessive_permissions: Optional[bool] = None,
            exceptional_monitored_malware_paths: Optional[Sequence[str]] = None,
            fail_cicd: Optional[bool] = None,
            forbidden_labels: Optional[Sequence[FunctionAssurancePolicyForbiddenLabelArgs]] = None,
            forbidden_labels_enabled: Optional[bool] = None,
            force_microenforcer: Optional[bool] = None,
            function_integrity_enabled: Optional[bool] = None,
            ignore_recently_published_vln: Optional[bool] = None,
            ignore_recently_published_vln_period: Optional[int] = None,
            ignore_risk_resources_enabled: Optional[bool] = None,
            ignored_risk_resources: Optional[Sequence[str]] = None,
            images: Optional[Sequence[str]] = None,
            kube_cis_enabled: Optional[bool] = None,
            labels: Optional[Sequence[str]] = None,
            malware_action: Optional[str] = None,
            maximum_score: Optional[float] = None,
            maximum_score_enabled: Optional[bool] = None,
            maximum_score_exclude_no_fix: Optional[bool] = None,
            monitored_malware_paths: Optional[Sequence[str]] = None,
            name: Optional[str] = None,
            only_none_root_users: Optional[bool] = None,
            packages_black_list_enabled: Optional[bool] = None,
            packages_black_lists: Optional[Sequence[FunctionAssurancePolicyPackagesBlackListArgs]] = None,
            packages_white_list_enabled: Optional[bool] = None,
            packages_white_lists: Optional[Sequence[FunctionAssurancePolicyPackagesWhiteListArgs]] = None,
            partial_results_image_fail: Optional[bool] = None,
            read_only: Optional[bool] = None,
            registries: Optional[Sequence[str]] = None,
            registry: Optional[str] = None,
            required_labels: Optional[Sequence[FunctionAssurancePolicyRequiredLabelArgs]] = None,
            required_labels_enabled: Optional[bool] = None,
            scan_nfs_mounts: Optional[bool] = None,
            scan_sensitive_data: Optional[bool] = None,
            scap_enabled: Optional[bool] = None,
            scap_files: Optional[Sequence[str]] = None,
            scopes: Optional[Sequence[FunctionAssurancePolicyScopeArgs]] = None,
            trusted_base_images: Optional[Sequence[FunctionAssurancePolicyTrustedBaseImageArgs]] = None,
            trusted_base_images_enabled: Optional[bool] = None,
            whitelisted_licenses: Optional[Sequence[str]] = None,
            whitelisted_licenses_enabled: Optional[bool] = None) -> FunctionAssurancePolicy
    func GetFunctionAssurancePolicy(ctx *Context, name string, id IDInput, state *FunctionAssurancePolicyState, opts ...ResourceOption) (*FunctionAssurancePolicy, error)
    public static FunctionAssurancePolicy Get(string name, Input<string> id, FunctionAssurancePolicyState? state, CustomResourceOptions? opts = null)
    public static FunctionAssurancePolicy get(String name, Output<String> id, FunctionAssurancePolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AllowedImages List<string>

    List of explicitly allowed images.

    ApplicationScopes List<string>
    AuditOnFailure bool

    Indicates if auditing for failures.

    Author string

    Name of user account that created the policy.

    AutoScanConfigured bool
    AutoScanEnabled bool
    AutoScanTimes List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyAutoScanTime>
    BlacklistPermissions List<string>

    List of function's forbidden permissions.

    BlacklistPermissionsEnabled bool

    Indicates if blacklist permissions is relevant.

    BlacklistedLicenses List<string>

    List of blacklisted licenses.

    BlacklistedLicensesEnabled bool

    Lndicates if license blacklist is relevant.

    BlockFailed bool

    Indicates if failed images are blocked.

    ControlExcludeNoFix bool
    CustomChecks List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyCustomCheck>

    List of Custom user scripts for checks.

    CustomChecksEnabled bool

    Indicates if scanning should include custom checks.

    CustomSeverityEnabled bool
    CvesBlackListEnabled bool

    Indicates if cves blacklist is relevant.

    CvesBlackLists List<string>

    List of cves blacklisted items.

    CvesWhiteListEnabled bool

    Indicates if cves whitelist is relevant.

    CvesWhiteLists List<string>

    List of cves whitelisted licenses

    CvssSeverity string

    Identifier of the cvss severity.

    CvssSeverityEnabled bool

    Indicates if the cvss severity is scanned.

    CvssSeverityExcludeNoFix bool

    Indicates that policy should ignore cvss cases that do not have a known fix.

    Description string
    DisallowMalware bool

    Indicates if malware should block the image.

    DockerCisEnabled bool
    Domain string

    Name of the container image.

    DomainName string
    DtaEnabled bool
    DtaSeverity string
    Enabled bool
    Enforce bool
    EnforceAfterDays int
    EnforceExcessivePermissions bool
    ExceptionalMonitoredMalwarePaths List<string>
    FailCicd bool

    Indicates if cicd failures will fail the image.

    ForbiddenLabels List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyForbiddenLabel>
    ForbiddenLabelsEnabled bool
    ForceMicroenforcer bool
    FunctionIntegrityEnabled bool
    IgnoreRecentlyPublishedVln bool
    IgnoreRecentlyPublishedVlnPeriod int
    IgnoreRiskResourcesEnabled bool

    Indicates if risk resources are ignored.

    IgnoredRiskResources List<string>

    List of ignored risk resources.

    Images List<string>

    List of images.

    KubeCisEnabled bool
    Labels List<string>

    List of labels.

    MalwareAction string
    MaximumScore double

    Value of allowed maximum score.

    MaximumScoreEnabled bool

    Indicates if exceeding the maximum score is scanned.

    MaximumScoreExcludeNoFix bool

    Indicates that policy should ignore cases that do not have a known fix.

    MonitoredMalwarePaths List<string>
    Name string
    OnlyNoneRootUsers bool

    Indicates if raise a warning for images that should only be run as root.

    PackagesBlackListEnabled bool

    Indicates if packages blacklist is relevant.

    PackagesBlackLists List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyPackagesBlackList>

    List of backlisted images.

    PackagesWhiteListEnabled bool

    Indicates if packages whitelist is relevant.

    PackagesWhiteLists List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyPackagesWhiteList>

    List of whitelisted images.

    PartialResultsImageFail bool
    ReadOnly bool
    Registries List<string>

    List of registries.

    Registry string
    RequiredLabels List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyRequiredLabel>
    RequiredLabelsEnabled bool
    ScanNfsMounts bool
    ScanSensitiveData bool

    Indicates if scan should include sensitive data in the image.

    ScapEnabled bool

    Indicates if scanning should include scap.

    ScapFiles List<string>

    List of SCAP user scripts for checks.

    Scopes List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyScope>
    TrustedBaseImages List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyTrustedBaseImage>

    List of trusted images.

    TrustedBaseImagesEnabled bool

    Indicates if list of trusted base images is relevant.

    WhitelistedLicenses List<string>

    List of whitelisted licenses.

    WhitelistedLicensesEnabled bool

    Indicates if license blacklist is relevant.

    AllowedImages []string

    List of explicitly allowed images.

    ApplicationScopes []string
    AuditOnFailure bool

    Indicates if auditing for failures.

    Author string

    Name of user account that created the policy.

    AutoScanConfigured bool
    AutoScanEnabled bool
    AutoScanTimes []FunctionAssurancePolicyAutoScanTimeArgs
    BlacklistPermissions []string

    List of function's forbidden permissions.

    BlacklistPermissionsEnabled bool

    Indicates if blacklist permissions is relevant.

    BlacklistedLicenses []string

    List of blacklisted licenses.

    BlacklistedLicensesEnabled bool

    Lndicates if license blacklist is relevant.

    BlockFailed bool

    Indicates if failed images are blocked.

    ControlExcludeNoFix bool
    CustomChecks []FunctionAssurancePolicyCustomCheckArgs

    List of Custom user scripts for checks.

    CustomChecksEnabled bool

    Indicates if scanning should include custom checks.

    CustomSeverityEnabled bool
    CvesBlackListEnabled bool

    Indicates if cves blacklist is relevant.

    CvesBlackLists []string

    List of cves blacklisted items.

    CvesWhiteListEnabled bool

    Indicates if cves whitelist is relevant.

    CvesWhiteLists []string

    List of cves whitelisted licenses

    CvssSeverity string

    Identifier of the cvss severity.

    CvssSeverityEnabled bool

    Indicates if the cvss severity is scanned.

    CvssSeverityExcludeNoFix bool

    Indicates that policy should ignore cvss cases that do not have a known fix.

    Description string
    DisallowMalware bool

    Indicates if malware should block the image.

    DockerCisEnabled bool
    Domain string

    Name of the container image.

    DomainName string
    DtaEnabled bool
    DtaSeverity string
    Enabled bool
    Enforce bool
    EnforceAfterDays int
    EnforceExcessivePermissions bool
    ExceptionalMonitoredMalwarePaths []string
    FailCicd bool

    Indicates if cicd failures will fail the image.

    ForbiddenLabels []FunctionAssurancePolicyForbiddenLabelArgs
    ForbiddenLabelsEnabled bool
    ForceMicroenforcer bool
    FunctionIntegrityEnabled bool
    IgnoreRecentlyPublishedVln bool
    IgnoreRecentlyPublishedVlnPeriod int
    IgnoreRiskResourcesEnabled bool

    Indicates if risk resources are ignored.

    IgnoredRiskResources []string

    List of ignored risk resources.

    Images []string

    List of images.

    KubeCisEnabled bool
    Labels []string

    List of labels.

    MalwareAction string
    MaximumScore float64

    Value of allowed maximum score.

    MaximumScoreEnabled bool

    Indicates if exceeding the maximum score is scanned.

    MaximumScoreExcludeNoFix bool

    Indicates that policy should ignore cases that do not have a known fix.

    MonitoredMalwarePaths []string
    Name string
    OnlyNoneRootUsers bool

    Indicates if raise a warning for images that should only be run as root.

    PackagesBlackListEnabled bool

    Indicates if packages blacklist is relevant.

    PackagesBlackLists []FunctionAssurancePolicyPackagesBlackListArgs

    List of backlisted images.

    PackagesWhiteListEnabled bool

    Indicates if packages whitelist is relevant.

    PackagesWhiteLists []FunctionAssurancePolicyPackagesWhiteListArgs

    List of whitelisted images.

    PartialResultsImageFail bool
    ReadOnly bool
    Registries []string

    List of registries.

    Registry string
    RequiredLabels []FunctionAssurancePolicyRequiredLabelArgs
    RequiredLabelsEnabled bool
    ScanNfsMounts bool
    ScanSensitiveData bool

    Indicates if scan should include sensitive data in the image.

    ScapEnabled bool

    Indicates if scanning should include scap.

    ScapFiles []string

    List of SCAP user scripts for checks.

    Scopes []FunctionAssurancePolicyScopeArgs
    TrustedBaseImages []FunctionAssurancePolicyTrustedBaseImageArgs

    List of trusted images.

    TrustedBaseImagesEnabled bool

    Indicates if list of trusted base images is relevant.

    WhitelistedLicenses []string

    List of whitelisted licenses.

    WhitelistedLicensesEnabled bool

    Indicates if license blacklist is relevant.

    allowedImages List<String>

    List of explicitly allowed images.

    applicationScopes List<String>
    auditOnFailure Boolean

    Indicates if auditing for failures.

    author String

    Name of user account that created the policy.

    autoScanConfigured Boolean
    autoScanEnabled Boolean
    autoScanTimes List<FunctionAssurancePolicyAutoScanTime>
    blacklistPermissions List<String>

    List of function's forbidden permissions.

    blacklistPermissionsEnabled Boolean

    Indicates if blacklist permissions is relevant.

    blacklistedLicenses List<String>

    List of blacklisted licenses.

    blacklistedLicensesEnabled Boolean

    Lndicates if license blacklist is relevant.

    blockFailed Boolean

    Indicates if failed images are blocked.

    controlExcludeNoFix Boolean
    customChecks List<FunctionAssurancePolicyCustomCheck>

    List of Custom user scripts for checks.

    customChecksEnabled Boolean

    Indicates if scanning should include custom checks.

    customSeverityEnabled Boolean
    cvesBlackListEnabled Boolean

    Indicates if cves blacklist is relevant.

    cvesBlackLists List<String>

    List of cves blacklisted items.

    cvesWhiteListEnabled Boolean

    Indicates if cves whitelist is relevant.

    cvesWhiteLists List<String>

    List of cves whitelisted licenses

    cvssSeverity String

    Identifier of the cvss severity.

    cvssSeverityEnabled Boolean

    Indicates if the cvss severity is scanned.

    cvssSeverityExcludeNoFix Boolean

    Indicates that policy should ignore cvss cases that do not have a known fix.

    description String
    disallowMalware Boolean

    Indicates if malware should block the image.

    dockerCisEnabled Boolean
    domain String

    Name of the container image.

    domainName String
    dtaEnabled Boolean
    dtaSeverity String
    enabled Boolean
    enforce Boolean
    enforceAfterDays Integer
    enforceExcessivePermissions Boolean
    exceptionalMonitoredMalwarePaths List<String>
    failCicd Boolean

    Indicates if cicd failures will fail the image.

    forbiddenLabels List<FunctionAssurancePolicyForbiddenLabel>
    forbiddenLabelsEnabled Boolean
    forceMicroenforcer Boolean
    functionIntegrityEnabled Boolean
    ignoreRecentlyPublishedVln Boolean
    ignoreRecentlyPublishedVlnPeriod Integer
    ignoreRiskResourcesEnabled Boolean

    Indicates if risk resources are ignored.

    ignoredRiskResources List<String>

    List of ignored risk resources.

    images List<String>

    List of images.

    kubeCisEnabled Boolean
    labels List<String>

    List of labels.

    malwareAction String
    maximumScore Double

    Value of allowed maximum score.

    maximumScoreEnabled Boolean

    Indicates if exceeding the maximum score is scanned.

    maximumScoreExcludeNoFix Boolean

    Indicates that policy should ignore cases that do not have a known fix.

    monitoredMalwarePaths List<String>
    name String
    onlyNoneRootUsers Boolean

    Indicates if raise a warning for images that should only be run as root.

    packagesBlackListEnabled Boolean

    Indicates if packages blacklist is relevant.

    packagesBlackLists List<FunctionAssurancePolicyPackagesBlackList>

    List of backlisted images.

    packagesWhiteListEnabled Boolean

    Indicates if packages whitelist is relevant.

    packagesWhiteLists List<FunctionAssurancePolicyPackagesWhiteList>

    List of whitelisted images.

    partialResultsImageFail Boolean
    readOnly Boolean
    registries List<String>

    List of registries.

    registry String
    requiredLabels List<FunctionAssurancePolicyRequiredLabel>
    requiredLabelsEnabled Boolean
    scanNfsMounts Boolean
    scanSensitiveData Boolean

    Indicates if scan should include sensitive data in the image.

    scapEnabled Boolean

    Indicates if scanning should include scap.

    scapFiles List<String>

    List of SCAP user scripts for checks.

    scopes List<FunctionAssurancePolicyScope>
    trustedBaseImages List<FunctionAssurancePolicyTrustedBaseImage>

    List of trusted images.

    trustedBaseImagesEnabled Boolean

    Indicates if list of trusted base images is relevant.

    whitelistedLicenses List<String>

    List of whitelisted licenses.

    whitelistedLicensesEnabled Boolean

    Indicates if license blacklist is relevant.

    allowedImages string[]

    List of explicitly allowed images.

    applicationScopes string[]
    auditOnFailure boolean

    Indicates if auditing for failures.

    author string

    Name of user account that created the policy.

    autoScanConfigured boolean
    autoScanEnabled boolean
    autoScanTimes FunctionAssurancePolicyAutoScanTime[]
    blacklistPermissions string[]

    List of function's forbidden permissions.

    blacklistPermissionsEnabled boolean

    Indicates if blacklist permissions is relevant.

    blacklistedLicenses string[]

    List of blacklisted licenses.

    blacklistedLicensesEnabled boolean

    Lndicates if license blacklist is relevant.

    blockFailed boolean

    Indicates if failed images are blocked.

    controlExcludeNoFix boolean
    customChecks FunctionAssurancePolicyCustomCheck[]

    List of Custom user scripts for checks.

    customChecksEnabled boolean

    Indicates if scanning should include custom checks.

    customSeverityEnabled boolean
    cvesBlackListEnabled boolean

    Indicates if cves blacklist is relevant.

    cvesBlackLists string[]

    List of cves blacklisted items.

    cvesWhiteListEnabled boolean

    Indicates if cves whitelist is relevant.

    cvesWhiteLists string[]

    List of cves whitelisted licenses

    cvssSeverity string

    Identifier of the cvss severity.

    cvssSeverityEnabled boolean

    Indicates if the cvss severity is scanned.

    cvssSeverityExcludeNoFix boolean

    Indicates that policy should ignore cvss cases that do not have a known fix.

    description string
    disallowMalware boolean

    Indicates if malware should block the image.

    dockerCisEnabled boolean
    domain string

    Name of the container image.

    domainName string
    dtaEnabled boolean
    dtaSeverity string
    enabled boolean
    enforce boolean
    enforceAfterDays number
    enforceExcessivePermissions boolean
    exceptionalMonitoredMalwarePaths string[]
    failCicd boolean

    Indicates if cicd failures will fail the image.

    forbiddenLabels FunctionAssurancePolicyForbiddenLabel[]
    forbiddenLabelsEnabled boolean
    forceMicroenforcer boolean
    functionIntegrityEnabled boolean
    ignoreRecentlyPublishedVln boolean
    ignoreRecentlyPublishedVlnPeriod number
    ignoreRiskResourcesEnabled boolean

    Indicates if risk resources are ignored.

    ignoredRiskResources string[]

    List of ignored risk resources.

    images string[]

    List of images.

    kubeCisEnabled boolean
    labels string[]

    List of labels.

    malwareAction string
    maximumScore number

    Value of allowed maximum score.

    maximumScoreEnabled boolean

    Indicates if exceeding the maximum score is scanned.

    maximumScoreExcludeNoFix boolean

    Indicates that policy should ignore cases that do not have a known fix.

    monitoredMalwarePaths string[]
    name string
    onlyNoneRootUsers boolean

    Indicates if raise a warning for images that should only be run as root.

    packagesBlackListEnabled boolean

    Indicates if packages blacklist is relevant.

    packagesBlackLists FunctionAssurancePolicyPackagesBlackList[]

    List of backlisted images.

    packagesWhiteListEnabled boolean

    Indicates if packages whitelist is relevant.

    packagesWhiteLists FunctionAssurancePolicyPackagesWhiteList[]

    List of whitelisted images.

    partialResultsImageFail boolean
    readOnly boolean
    registries string[]

    List of registries.

    registry string
    requiredLabels FunctionAssurancePolicyRequiredLabel[]
    requiredLabelsEnabled boolean
    scanNfsMounts boolean
    scanSensitiveData boolean

    Indicates if scan should include sensitive data in the image.

    scapEnabled boolean

    Indicates if scanning should include scap.

    scapFiles string[]

    List of SCAP user scripts for checks.

    scopes FunctionAssurancePolicyScope[]
    trustedBaseImages FunctionAssurancePolicyTrustedBaseImage[]

    List of trusted images.

    trustedBaseImagesEnabled boolean

    Indicates if list of trusted base images is relevant.

    whitelistedLicenses string[]

    List of whitelisted licenses.

    whitelistedLicensesEnabled boolean

    Indicates if license blacklist is relevant.

    allowed_images Sequence[str]

    List of explicitly allowed images.

    application_scopes Sequence[str]
    audit_on_failure bool

    Indicates if auditing for failures.

    author str

    Name of user account that created the policy.

    auto_scan_configured bool
    auto_scan_enabled bool
    auto_scan_times Sequence[FunctionAssurancePolicyAutoScanTimeArgs]
    blacklist_permissions Sequence[str]

    List of function's forbidden permissions.

    blacklist_permissions_enabled bool

    Indicates if blacklist permissions is relevant.

    blacklisted_licenses Sequence[str]

    List of blacklisted licenses.

    blacklisted_licenses_enabled bool

    Lndicates if license blacklist is relevant.

    block_failed bool

    Indicates if failed images are blocked.

    control_exclude_no_fix bool
    custom_checks Sequence[FunctionAssurancePolicyCustomCheckArgs]

    List of Custom user scripts for checks.

    custom_checks_enabled bool

    Indicates if scanning should include custom checks.

    custom_severity_enabled bool
    cves_black_list_enabled bool

    Indicates if cves blacklist is relevant.

    cves_black_lists Sequence[str]

    List of cves blacklisted items.

    cves_white_list_enabled bool

    Indicates if cves whitelist is relevant.

    cves_white_lists Sequence[str]

    List of cves whitelisted licenses

    cvss_severity str

    Identifier of the cvss severity.

    cvss_severity_enabled bool

    Indicates if the cvss severity is scanned.

    cvss_severity_exclude_no_fix bool

    Indicates that policy should ignore cvss cases that do not have a known fix.

    description str
    disallow_malware bool

    Indicates if malware should block the image.

    docker_cis_enabled bool
    domain str

    Name of the container image.

    domain_name str
    dta_enabled bool
    dta_severity str
    enabled bool
    enforce bool
    enforce_after_days int
    enforce_excessive_permissions bool
    exceptional_monitored_malware_paths Sequence[str]
    fail_cicd bool

    Indicates if cicd failures will fail the image.

    forbidden_labels Sequence[FunctionAssurancePolicyForbiddenLabelArgs]
    forbidden_labels_enabled bool
    force_microenforcer bool
    function_integrity_enabled bool
    ignore_recently_published_vln bool
    ignore_recently_published_vln_period int
    ignore_risk_resources_enabled bool

    Indicates if risk resources are ignored.

    ignored_risk_resources Sequence[str]

    List of ignored risk resources.

    images Sequence[str]

    List of images.

    kube_cis_enabled bool
    labels Sequence[str]

    List of labels.

    malware_action str
    maximum_score float

    Value of allowed maximum score.

    maximum_score_enabled bool

    Indicates if exceeding the maximum score is scanned.

    maximum_score_exclude_no_fix bool

    Indicates that policy should ignore cases that do not have a known fix.

    monitored_malware_paths Sequence[str]
    name str
    only_none_root_users bool

    Indicates if raise a warning for images that should only be run as root.

    packages_black_list_enabled bool

    Indicates if packages blacklist is relevant.

    packages_black_lists Sequence[FunctionAssurancePolicyPackagesBlackListArgs]

    List of backlisted images.

    packages_white_list_enabled bool

    Indicates if packages whitelist is relevant.

    packages_white_lists Sequence[FunctionAssurancePolicyPackagesWhiteListArgs]

    List of whitelisted images.

    partial_results_image_fail bool
    read_only bool
    registries Sequence[str]

    List of registries.

    registry str
    required_labels Sequence[FunctionAssurancePolicyRequiredLabelArgs]
    required_labels_enabled bool
    scan_nfs_mounts bool
    scan_sensitive_data bool

    Indicates if scan should include sensitive data in the image.

    scap_enabled bool

    Indicates if scanning should include scap.

    scap_files Sequence[str]

    List of SCAP user scripts for checks.

    scopes Sequence[FunctionAssurancePolicyScopeArgs]
    trusted_base_images Sequence[FunctionAssurancePolicyTrustedBaseImageArgs]

    List of trusted images.

    trusted_base_images_enabled bool

    Indicates if list of trusted base images is relevant.

    whitelisted_licenses Sequence[str]

    List of whitelisted licenses.

    whitelisted_licenses_enabled bool

    Indicates if license blacklist is relevant.

    allowedImages List<String>

    List of explicitly allowed images.

    applicationScopes List<String>
    auditOnFailure Boolean

    Indicates if auditing for failures.

    author String

    Name of user account that created the policy.

    autoScanConfigured Boolean
    autoScanEnabled Boolean
    autoScanTimes List<Property Map>
    blacklistPermissions List<String>

    List of function's forbidden permissions.

    blacklistPermissionsEnabled Boolean

    Indicates if blacklist permissions is relevant.

    blacklistedLicenses List<String>

    List of blacklisted licenses.

    blacklistedLicensesEnabled Boolean

    Lndicates if license blacklist is relevant.

    blockFailed Boolean

    Indicates if failed images are blocked.

    controlExcludeNoFix Boolean
    customChecks List<Property Map>

    List of Custom user scripts for checks.

    customChecksEnabled Boolean

    Indicates if scanning should include custom checks.

    customSeverityEnabled Boolean
    cvesBlackListEnabled Boolean

    Indicates if cves blacklist is relevant.

    cvesBlackLists List<String>

    List of cves blacklisted items.

    cvesWhiteListEnabled Boolean

    Indicates if cves whitelist is relevant.

    cvesWhiteLists List<String>

    List of cves whitelisted licenses

    cvssSeverity String

    Identifier of the cvss severity.

    cvssSeverityEnabled Boolean

    Indicates if the cvss severity is scanned.

    cvssSeverityExcludeNoFix Boolean

    Indicates that policy should ignore cvss cases that do not have a known fix.

    description String
    disallowMalware Boolean

    Indicates if malware should block the image.

    dockerCisEnabled Boolean
    domain String

    Name of the container image.

    domainName String
    dtaEnabled Boolean
    dtaSeverity String
    enabled Boolean
    enforce Boolean
    enforceAfterDays Number
    enforceExcessivePermissions Boolean
    exceptionalMonitoredMalwarePaths List<String>
    failCicd Boolean

    Indicates if cicd failures will fail the image.

    forbiddenLabels List<Property Map>
    forbiddenLabelsEnabled Boolean
    forceMicroenforcer Boolean
    functionIntegrityEnabled Boolean
    ignoreRecentlyPublishedVln Boolean
    ignoreRecentlyPublishedVlnPeriod Number
    ignoreRiskResourcesEnabled Boolean

    Indicates if risk resources are ignored.

    ignoredRiskResources List<String>

    List of ignored risk resources.

    images List<String>

    List of images.

    kubeCisEnabled Boolean
    labels List<String>

    List of labels.

    malwareAction String
    maximumScore Number

    Value of allowed maximum score.

    maximumScoreEnabled Boolean

    Indicates if exceeding the maximum score is scanned.

    maximumScoreExcludeNoFix Boolean

    Indicates that policy should ignore cases that do not have a known fix.

    monitoredMalwarePaths List<String>
    name String
    onlyNoneRootUsers Boolean

    Indicates if raise a warning for images that should only be run as root.

    packagesBlackListEnabled Boolean

    Indicates if packages blacklist is relevant.

    packagesBlackLists List<Property Map>

    List of backlisted images.

    packagesWhiteListEnabled Boolean

    Indicates if packages whitelist is relevant.

    packagesWhiteLists List<Property Map>

    List of whitelisted images.

    partialResultsImageFail Boolean
    readOnly Boolean
    registries List<String>

    List of registries.

    registry String
    requiredLabels List<Property Map>
    requiredLabelsEnabled Boolean
    scanNfsMounts Boolean
    scanSensitiveData Boolean

    Indicates if scan should include sensitive data in the image.

    scapEnabled Boolean

    Indicates if scanning should include scap.

    scapFiles List<String>

    List of SCAP user scripts for checks.

    scopes List<Property Map>
    trustedBaseImages List<Property Map>

    List of trusted images.

    trustedBaseImagesEnabled Boolean

    Indicates if list of trusted base images is relevant.

    whitelistedLicenses List<String>

    List of whitelisted licenses.

    whitelistedLicensesEnabled Boolean

    Indicates if license blacklist is relevant.

    Supporting Types

    FunctionAssurancePolicyAutoScanTime, FunctionAssurancePolicyAutoScanTimeArgs

    Iteration int
    IterationType string
    Time string
    WeekDays List<string>
    Iteration int
    IterationType string
    Time string
    WeekDays []string
    iteration Integer
    iterationType String
    time String
    weekDays List<String>
    iteration number
    iterationType string
    time string
    weekDays string[]
    iteration int
    iteration_type str
    time str
    week_days Sequence[str]
    iteration Number
    iterationType String
    time String
    weekDays List<String>

    FunctionAssurancePolicyCustomCheck, FunctionAssurancePolicyCustomCheckArgs

    Author string

    Name of user account that created the policy.

    Description string
    Engine string
    LastModified int
    Name string
    Path string
    ReadOnly bool
    ScriptId string
    Severity string
    Snippet string
    Author string

    Name of user account that created the policy.

    Description string
    Engine string
    LastModified int
    Name string
    Path string
    ReadOnly bool
    ScriptId string
    Severity string
    Snippet string
    author String

    Name of user account that created the policy.

    description String
    engine String
    lastModified Integer
    name String
    path String
    readOnly Boolean
    scriptId String
    severity String
    snippet String
    author string

    Name of user account that created the policy.

    description string
    engine string
    lastModified number
    name string
    path string
    readOnly boolean
    scriptId string
    severity string
    snippet string
    author str

    Name of user account that created the policy.

    description str
    engine str
    last_modified int
    name str
    path str
    read_only bool
    script_id str
    severity str
    snippet str
    author String

    Name of user account that created the policy.

    description String
    engine String
    lastModified Number
    name String
    path String
    readOnly Boolean
    scriptId String
    severity String
    snippet String

    FunctionAssurancePolicyForbiddenLabel, FunctionAssurancePolicyForbiddenLabelArgs

    Key string
    Value string
    Key string
    Value string
    key String
    value String
    key string
    value string
    key str
    value str
    key String
    value String

    FunctionAssurancePolicyPackagesBlackList, FunctionAssurancePolicyPackagesBlackListArgs

    Arch string
    Display string
    Epoch string
    Format string
    License string
    Name string
    Release string
    Version string
    VersionRange string
    Arch string
    Display string
    Epoch string
    Format string
    License string
    Name string
    Release string
    Version string
    VersionRange string
    arch String
    display String
    epoch String
    format String
    license String
    name String
    release String
    version String
    versionRange String
    arch string
    display string
    epoch string
    format string
    license string
    name string
    release string
    version string
    versionRange string
    arch String
    display String
    epoch String
    format String
    license String
    name String
    release String
    version String
    versionRange String

    FunctionAssurancePolicyPackagesWhiteList, FunctionAssurancePolicyPackagesWhiteListArgs

    Arch string
    Display string
    Epoch string
    Format string
    License string
    Name string
    Release string
    Version string
    VersionRange string
    Arch string
    Display string
    Epoch string
    Format string
    License string
    Name string
    Release string
    Version string
    VersionRange string
    arch String
    display String
    epoch String
    format String
    license String
    name String
    release String
    version String
    versionRange String
    arch string
    display string
    epoch string
    format string
    license string
    name string
    release string
    version string
    versionRange string
    arch String
    display String
    epoch String
    format String
    license String
    name String
    release String
    version String
    versionRange String

    FunctionAssurancePolicyRequiredLabel, FunctionAssurancePolicyRequiredLabelArgs

    Key string
    Value string
    Key string
    Value string
    key String
    value String
    key string
    value string
    key str
    value str
    key String
    value String

    FunctionAssurancePolicyScope, FunctionAssurancePolicyScopeArgs

    FunctionAssurancePolicyScopeVariable, FunctionAssurancePolicyScopeVariableArgs

    Attribute string
    Name string
    Value string
    Attribute string
    Name string
    Value string
    attribute String
    name String
    value String
    attribute string
    name string
    value string
    attribute str
    name str
    value str
    attribute String
    name String
    value String

    FunctionAssurancePolicyTrustedBaseImage, FunctionAssurancePolicyTrustedBaseImageArgs

    Imagename string
    Registry string
    Imagename string
    Registry string
    imagename String
    registry String
    imagename string
    registry string
    imagename String
    registry String

    Package Details

    Repository
    aquasec pulumiverse/pulumi-aquasec
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the aquasec Terraform Provider.

    aquasec logo
    Aquasec v0.8.25 published on Tuesday, Apr 25, 2023 by Pulumiverse