aquasec.FunctionAssurancePolicy

Create FunctionAssurancePolicy Resource

new FunctionAssurancePolicy(name: string, args: FunctionAssurancePolicyArgs, opts?: CustomResourceOptions);
@overload
def FunctionAssurancePolicy(resource_name: str,
                            opts: Optional[ResourceOptions] = None,
                            allowed_images: Optional[Sequence[str]] = None,
                            application_scopes: Optional[Sequence[str]] = None,
                            audit_on_failure: Optional[bool] = None,
                            auto_scan_configured: Optional[bool] = None,
                            auto_scan_enabled: Optional[bool] = None,
                            auto_scan_times: Optional[Sequence[FunctionAssurancePolicyAutoScanTimeArgs]] = None,
                            blacklist_permissions: Optional[Sequence[str]] = None,
                            blacklist_permissions_enabled: Optional[bool] = None,
                            blacklisted_licenses: Optional[Sequence[str]] = None,
                            blacklisted_licenses_enabled: Optional[bool] = None,
                            block_failed: Optional[bool] = None,
                            control_exclude_no_fix: Optional[bool] = None,
                            custom_checks: Optional[Sequence[FunctionAssurancePolicyCustomCheckArgs]] = None,
                            custom_checks_enabled: Optional[bool] = None,
                            custom_severity_enabled: Optional[bool] = None,
                            cves_black_list_enabled: Optional[bool] = None,
                            cves_black_lists: Optional[Sequence[str]] = None,
                            cves_white_list_enabled: Optional[bool] = None,
                            cves_white_lists: Optional[Sequence[str]] = None,
                            cvss_severity: Optional[str] = None,
                            cvss_severity_enabled: Optional[bool] = None,
                            cvss_severity_exclude_no_fix: Optional[bool] = None,
                            description: Optional[str] = None,
                            disallow_malware: Optional[bool] = None,
                            docker_cis_enabled: Optional[bool] = None,
                            domain: Optional[str] = None,
                            domain_name: Optional[str] = None,
                            dta_enabled: Optional[bool] = None,
                            dta_severity: Optional[str] = None,
                            enabled: Optional[bool] = None,
                            enforce: Optional[bool] = None,
                            enforce_after_days: Optional[int] = None,
                            enforce_excessive_permissions: Optional[bool] = None,
                            exceptional_monitored_malware_paths: Optional[Sequence[str]] = None,
                            fail_cicd: Optional[bool] = None,
                            forbidden_labels: Optional[Sequence[FunctionAssurancePolicyForbiddenLabelArgs]] = None,
                            forbidden_labels_enabled: Optional[bool] = None,
                            force_microenforcer: Optional[bool] = None,
                            function_integrity_enabled: Optional[bool] = None,
                            ignore_recently_published_vln: Optional[bool] = None,
                            ignore_risk_resources_enabled: Optional[bool] = None,
                            ignored_risk_resources: Optional[Sequence[str]] = None,
                            images: Optional[Sequence[str]] = None,
                            kube_cis_enabled: Optional[bool] = None,
                            labels: Optional[Sequence[str]] = None,
                            malware_action: Optional[str] = None,
                            maximum_score: Optional[float] = None,
                            maximum_score_enabled: Optional[bool] = None,
                            maximum_score_exclude_no_fix: Optional[bool] = None,
                            monitored_malware_paths: Optional[Sequence[str]] = None,
                            name: Optional[str] = None,
                            only_none_root_users: Optional[bool] = None,
                            packages_black_list_enabled: Optional[bool] = None,
                            packages_black_lists: Optional[Sequence[FunctionAssurancePolicyPackagesBlackListArgs]] = None,
                            packages_white_list_enabled: Optional[bool] = None,
                            packages_white_lists: Optional[Sequence[FunctionAssurancePolicyPackagesWhiteListArgs]] = None,
                            partial_results_image_fail: Optional[bool] = None,
                            read_only: Optional[bool] = None,
                            registries: Optional[Sequence[str]] = None,
                            registry: Optional[str] = None,
                            required_labels: Optional[Sequence[FunctionAssurancePolicyRequiredLabelArgs]] = None,
                            required_labels_enabled: Optional[bool] = None,
                            scan_nfs_mounts: Optional[bool] = None,
                            scan_sensitive_data: Optional[bool] = None,
                            scap_enabled: Optional[bool] = None,
                            scap_files: Optional[Sequence[str]] = None,
                            scopes: Optional[Sequence[FunctionAssurancePolicyScopeArgs]] = None,
                            trusted_base_images: Optional[Sequence[FunctionAssurancePolicyTrustedBaseImageArgs]] = None,
                            trusted_base_images_enabled: Optional[bool] = None,
                            whitelisted_licenses: Optional[Sequence[str]] = None,
                            whitelisted_licenses_enabled: Optional[bool] = None)
@overload
def FunctionAssurancePolicy(resource_name: str,
                            args: FunctionAssurancePolicyArgs,
                            opts: Optional[ResourceOptions] = None)
func NewFunctionAssurancePolicy(ctx *Context, name string, args FunctionAssurancePolicyArgs, opts ...ResourceOption) (*FunctionAssurancePolicy, error)
public FunctionAssurancePolicy(string name, FunctionAssurancePolicyArgs args, CustomResourceOptions? opts = null)
public FunctionAssurancePolicy(String name, FunctionAssurancePolicyArgs args)
public FunctionAssurancePolicy(String name, FunctionAssurancePolicyArgs args, CustomResourceOptions options)
type: aquasec:FunctionAssurancePolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args FunctionAssurancePolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args FunctionAssurancePolicyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args FunctionAssurancePolicyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args FunctionAssurancePolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args FunctionAssurancePolicyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

FunctionAssurancePolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The FunctionAssurancePolicy resource accepts the following input properties:

ApplicationScopes List<string>
AllowedImages List<string>

List of explicitly allowed images.

AuditOnFailure bool

Indicates if auditing for failures.

AutoScanConfigured bool
AutoScanEnabled bool
AutoScanTimes List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyAutoScanTimeArgs>
BlacklistPermissions List<string>

List of function's forbidden permissions.

BlacklistPermissionsEnabled bool

Indicates if blacklist permissions is relevant.

BlacklistedLicenses List<string>

List of blacklisted licenses.

BlacklistedLicensesEnabled bool

Lndicates if license blacklist is relevant.

BlockFailed bool

Indicates if failed images are blocked.

ControlExcludeNoFix bool
CustomChecks List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyCustomCheckArgs>

List of Custom user scripts for checks.

CustomChecksEnabled bool

Indicates if scanning should include custom checks.

CustomSeverityEnabled bool
CvesBlackListEnabled bool

Indicates if cves blacklist is relevant.

CvesBlackLists List<string>

List of cves blacklisted items.

CvesWhiteListEnabled bool

Indicates if cves whitelist is relevant.

CvesWhiteLists List<string>

List of cves whitelisted licenses

CvssSeverity string

Identifier of the cvss severity.

CvssSeverityEnabled bool

Indicates if the cvss severity is scanned.

CvssSeverityExcludeNoFix bool

Indicates that policy should ignore cvss cases that do not have a known fix.

Description string
DisallowMalware bool

Indicates if malware should block the image.

DockerCisEnabled bool
Domain string

Name of the container image.

DomainName string
DtaEnabled bool
DtaSeverity string
Enabled bool
Enforce bool
EnforceAfterDays int
EnforceExcessivePermissions bool
ExceptionalMonitoredMalwarePaths List<string>
FailCicd bool

Indicates if cicd failures will fail the image.

ForbiddenLabels List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyForbiddenLabelArgs>
ForbiddenLabelsEnabled bool
ForceMicroenforcer bool
FunctionIntegrityEnabled bool
IgnoreRecentlyPublishedVln bool
IgnoreRiskResourcesEnabled bool

Indicates if risk resources are ignored.

IgnoredRiskResources List<string>

List of ignored risk resources.

Images List<string>

List of images.

KubeCisEnabled bool
Labels List<string>

List of labels.

MalwareAction string
MaximumScore double

Value of allowed maximum score.

MaximumScoreEnabled bool

Indicates if exceeding the maximum score is scanned.

MaximumScoreExcludeNoFix bool

Indicates that policy should ignore cases that do not have a known fix.

MonitoredMalwarePaths List<string>
Name string
OnlyNoneRootUsers bool

Indicates if raise a warning for images that should only be run as root.

PackagesBlackListEnabled bool

Indicates if packages blacklist is relevant.

PackagesBlackLists List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyPackagesBlackListArgs>

List of backlisted images.

PackagesWhiteListEnabled bool

Indicates if packages whitelist is relevant.

PackagesWhiteLists List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyPackagesWhiteListArgs>

List of whitelisted images.

PartialResultsImageFail bool
ReadOnly bool
Registries List<string>

List of registries.

Registry string
RequiredLabels List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyRequiredLabelArgs>
RequiredLabelsEnabled bool
ScanNfsMounts bool
ScanSensitiveData bool

Indicates if scan should include sensitive data in the image.

ScapEnabled bool

Indicates if scanning should include scap.

ScapFiles List<string>

List of SCAP user scripts for checks.

Scopes List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyScopeArgs>
TrustedBaseImages List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyTrustedBaseImageArgs>

List of trusted images.

TrustedBaseImagesEnabled bool

Indicates if list of trusted base images is relevant.

WhitelistedLicenses List<string>

List of whitelisted licenses.

WhitelistedLicensesEnabled bool

Indicates if license blacklist is relevant.

ApplicationScopes []string
AllowedImages []string

List of explicitly allowed images.

AuditOnFailure bool

Indicates if auditing for failures.

AutoScanConfigured bool
AutoScanEnabled bool
AutoScanTimes []FunctionAssurancePolicyAutoScanTimeArgs
BlacklistPermissions []string

List of function's forbidden permissions.

BlacklistPermissionsEnabled bool

Indicates if blacklist permissions is relevant.

BlacklistedLicenses []string

List of blacklisted licenses.

BlacklistedLicensesEnabled bool

Lndicates if license blacklist is relevant.

BlockFailed bool

Indicates if failed images are blocked.

ControlExcludeNoFix bool
CustomChecks []FunctionAssurancePolicyCustomCheckArgs

List of Custom user scripts for checks.

CustomChecksEnabled bool

Indicates if scanning should include custom checks.

CustomSeverityEnabled bool
CvesBlackListEnabled bool

Indicates if cves blacklist is relevant.

CvesBlackLists []string

List of cves blacklisted items.

CvesWhiteListEnabled bool

Indicates if cves whitelist is relevant.

CvesWhiteLists []string

List of cves whitelisted licenses

CvssSeverity string

Identifier of the cvss severity.

CvssSeverityEnabled bool

Indicates if the cvss severity is scanned.

CvssSeverityExcludeNoFix bool

Indicates that policy should ignore cvss cases that do not have a known fix.

Description string
DisallowMalware bool

Indicates if malware should block the image.

DockerCisEnabled bool
Domain string

Name of the container image.

DomainName string
DtaEnabled bool
DtaSeverity string
Enabled bool
Enforce bool
EnforceAfterDays int
EnforceExcessivePermissions bool
ExceptionalMonitoredMalwarePaths []string
FailCicd bool

Indicates if cicd failures will fail the image.

ForbiddenLabels []FunctionAssurancePolicyForbiddenLabelArgs
ForbiddenLabelsEnabled bool
ForceMicroenforcer bool
FunctionIntegrityEnabled bool
IgnoreRecentlyPublishedVln bool
IgnoreRiskResourcesEnabled bool

Indicates if risk resources are ignored.

IgnoredRiskResources []string

List of ignored risk resources.

Images []string

List of images.

KubeCisEnabled bool
Labels []string

List of labels.

MalwareAction string
MaximumScore float64

Value of allowed maximum score.

MaximumScoreEnabled bool

Indicates if exceeding the maximum score is scanned.

MaximumScoreExcludeNoFix bool

Indicates that policy should ignore cases that do not have a known fix.

MonitoredMalwarePaths []string
Name string
OnlyNoneRootUsers bool

Indicates if raise a warning for images that should only be run as root.

PackagesBlackListEnabled bool

Indicates if packages blacklist is relevant.

PackagesBlackLists []FunctionAssurancePolicyPackagesBlackListArgs

List of backlisted images.

PackagesWhiteListEnabled bool

Indicates if packages whitelist is relevant.

PackagesWhiteLists []FunctionAssurancePolicyPackagesWhiteListArgs

List of whitelisted images.

PartialResultsImageFail bool
ReadOnly bool
Registries []string

List of registries.

Registry string
RequiredLabels []FunctionAssurancePolicyRequiredLabelArgs
RequiredLabelsEnabled bool
ScanNfsMounts bool
ScanSensitiveData bool

Indicates if scan should include sensitive data in the image.

ScapEnabled bool

Indicates if scanning should include scap.

ScapFiles []string

List of SCAP user scripts for checks.

Scopes []FunctionAssurancePolicyScopeArgs
TrustedBaseImages []FunctionAssurancePolicyTrustedBaseImageArgs

List of trusted images.

TrustedBaseImagesEnabled bool

Indicates if list of trusted base images is relevant.

WhitelistedLicenses []string

List of whitelisted licenses.

WhitelistedLicensesEnabled bool

Indicates if license blacklist is relevant.

applicationScopes List<String>
allowedImages List<String>

List of explicitly allowed images.

auditOnFailure Boolean

Indicates if auditing for failures.

autoScanConfigured Boolean
autoScanEnabled Boolean
autoScanTimes List<FunctionAssurancePolicyAutoScanTimeArgs>
blacklistPermissions List<String>

List of function's forbidden permissions.

blacklistPermissionsEnabled Boolean

Indicates if blacklist permissions is relevant.

blacklistedLicenses List<String>

List of blacklisted licenses.

blacklistedLicensesEnabled Boolean

Lndicates if license blacklist is relevant.

blockFailed Boolean

Indicates if failed images are blocked.

controlExcludeNoFix Boolean
customChecks List<FunctionAssurancePolicyCustomCheckArgs>

List of Custom user scripts for checks.

customChecksEnabled Boolean

Indicates if scanning should include custom checks.

customSeverityEnabled Boolean
cvesBlackListEnabled Boolean

Indicates if cves blacklist is relevant.

cvesBlackLists List<String>

List of cves blacklisted items.

cvesWhiteListEnabled Boolean

Indicates if cves whitelist is relevant.

cvesWhiteLists List<String>

List of cves whitelisted licenses

cvssSeverity String

Identifier of the cvss severity.

cvssSeverityEnabled Boolean

Indicates if the cvss severity is scanned.

cvssSeverityExcludeNoFix Boolean

Indicates that policy should ignore cvss cases that do not have a known fix.

description String
disallowMalware Boolean

Indicates if malware should block the image.

dockerCisEnabled Boolean
domain String

Name of the container image.

domainName String
dtaEnabled Boolean
dtaSeverity String
enabled Boolean
enforce Boolean
enforceAfterDays Integer
enforceExcessivePermissions Boolean
exceptionalMonitoredMalwarePaths List<String>
failCicd Boolean

Indicates if cicd failures will fail the image.

forbiddenLabels List<FunctionAssurancePolicyForbiddenLabelArgs>
forbiddenLabelsEnabled Boolean
forceMicroenforcer Boolean
functionIntegrityEnabled Boolean
ignoreRecentlyPublishedVln Boolean
ignoreRiskResourcesEnabled Boolean

Indicates if risk resources are ignored.

ignoredRiskResources List<String>

List of ignored risk resources.

images List<String>

List of images.

kubeCisEnabled Boolean
labels List<String>

List of labels.

malwareAction String
maximumScore Double

Value of allowed maximum score.

maximumScoreEnabled Boolean

Indicates if exceeding the maximum score is scanned.

maximumScoreExcludeNoFix Boolean

Indicates that policy should ignore cases that do not have a known fix.

monitoredMalwarePaths List<String>
name String
onlyNoneRootUsers Boolean

Indicates if raise a warning for images that should only be run as root.

packagesBlackListEnabled Boolean

Indicates if packages blacklist is relevant.

packagesBlackLists List<FunctionAssurancePolicyPackagesBlackListArgs>

List of backlisted images.

packagesWhiteListEnabled Boolean

Indicates if packages whitelist is relevant.

packagesWhiteLists List<FunctionAssurancePolicyPackagesWhiteListArgs>

List of whitelisted images.

partialResultsImageFail Boolean
readOnly Boolean
registries List<String>

List of registries.

registry String
requiredLabels List<FunctionAssurancePolicyRequiredLabelArgs>
requiredLabelsEnabled Boolean
scanNfsMounts Boolean
scanSensitiveData Boolean

Indicates if scan should include sensitive data in the image.

scapEnabled Boolean

Indicates if scanning should include scap.

scapFiles List<String>

List of SCAP user scripts for checks.

scopes List<FunctionAssurancePolicyScopeArgs>
trustedBaseImages List<FunctionAssurancePolicyTrustedBaseImageArgs>

List of trusted images.

trustedBaseImagesEnabled Boolean

Indicates if list of trusted base images is relevant.

whitelistedLicenses List<String>

List of whitelisted licenses.

whitelistedLicensesEnabled Boolean

Indicates if license blacklist is relevant.

applicationScopes string[]
allowedImages string[]

List of explicitly allowed images.

auditOnFailure boolean

Indicates if auditing for failures.

autoScanConfigured boolean
autoScanEnabled boolean
autoScanTimes FunctionAssurancePolicyAutoScanTimeArgs[]
blacklistPermissions string[]

List of function's forbidden permissions.

blacklistPermissionsEnabled boolean

Indicates if blacklist permissions is relevant.

blacklistedLicenses string[]

List of blacklisted licenses.

blacklistedLicensesEnabled boolean

Lndicates if license blacklist is relevant.

blockFailed boolean

Indicates if failed images are blocked.

controlExcludeNoFix boolean
customChecks FunctionAssurancePolicyCustomCheckArgs[]

List of Custom user scripts for checks.

customChecksEnabled boolean

Indicates if scanning should include custom checks.

customSeverityEnabled boolean
cvesBlackListEnabled boolean

Indicates if cves blacklist is relevant.

cvesBlackLists string[]

List of cves blacklisted items.

cvesWhiteListEnabled boolean

Indicates if cves whitelist is relevant.

cvesWhiteLists string[]

List of cves whitelisted licenses

cvssSeverity string

Identifier of the cvss severity.

cvssSeverityEnabled boolean

Indicates if the cvss severity is scanned.

cvssSeverityExcludeNoFix boolean

Indicates that policy should ignore cvss cases that do not have a known fix.

description string
disallowMalware boolean

Indicates if malware should block the image.

dockerCisEnabled boolean
domain string

Name of the container image.

domainName string
dtaEnabled boolean
dtaSeverity string
enabled boolean
enforce boolean
enforceAfterDays number
enforceExcessivePermissions boolean
exceptionalMonitoredMalwarePaths string[]
failCicd boolean

Indicates if cicd failures will fail the image.

forbiddenLabels FunctionAssurancePolicyForbiddenLabelArgs[]
forbiddenLabelsEnabled boolean
forceMicroenforcer boolean
functionIntegrityEnabled boolean
ignoreRecentlyPublishedVln boolean
ignoreRiskResourcesEnabled boolean

Indicates if risk resources are ignored.

ignoredRiskResources string[]

List of ignored risk resources.

images string[]

List of images.

kubeCisEnabled boolean
labels string[]

List of labels.

malwareAction string
maximumScore number

Value of allowed maximum score.

maximumScoreEnabled boolean

Indicates if exceeding the maximum score is scanned.

maximumScoreExcludeNoFix boolean

Indicates that policy should ignore cases that do not have a known fix.

monitoredMalwarePaths string[]
name string
onlyNoneRootUsers boolean

Indicates if raise a warning for images that should only be run as root.

packagesBlackListEnabled boolean

Indicates if packages blacklist is relevant.

packagesBlackLists FunctionAssurancePolicyPackagesBlackListArgs[]

List of backlisted images.

packagesWhiteListEnabled boolean

Indicates if packages whitelist is relevant.

packagesWhiteLists FunctionAssurancePolicyPackagesWhiteListArgs[]

List of whitelisted images.

partialResultsImageFail boolean
readOnly boolean
registries string[]

List of registries.

registry string
requiredLabels FunctionAssurancePolicyRequiredLabelArgs[]
requiredLabelsEnabled boolean
scanNfsMounts boolean
scanSensitiveData boolean

Indicates if scan should include sensitive data in the image.

scapEnabled boolean

Indicates if scanning should include scap.

scapFiles string[]

List of SCAP user scripts for checks.

scopes FunctionAssurancePolicyScopeArgs[]
trustedBaseImages FunctionAssurancePolicyTrustedBaseImageArgs[]

List of trusted images.

trustedBaseImagesEnabled boolean

Indicates if list of trusted base images is relevant.

whitelistedLicenses string[]

List of whitelisted licenses.

whitelistedLicensesEnabled boolean

Indicates if license blacklist is relevant.

application_scopes Sequence[str]
allowed_images Sequence[str]

List of explicitly allowed images.

audit_on_failure bool

Indicates if auditing for failures.

auto_scan_configured bool
auto_scan_enabled bool
auto_scan_times Sequence[FunctionAssurancePolicyAutoScanTimeArgs]
blacklist_permissions Sequence[str]

List of function's forbidden permissions.

blacklist_permissions_enabled bool

Indicates if blacklist permissions is relevant.

blacklisted_licenses Sequence[str]

List of blacklisted licenses.

blacklisted_licenses_enabled bool

Lndicates if license blacklist is relevant.

block_failed bool

Indicates if failed images are blocked.

control_exclude_no_fix bool
custom_checks Sequence[FunctionAssurancePolicyCustomCheckArgs]

List of Custom user scripts for checks.

custom_checks_enabled bool

Indicates if scanning should include custom checks.

custom_severity_enabled bool
cves_black_list_enabled bool

Indicates if cves blacklist is relevant.

cves_black_lists Sequence[str]

List of cves blacklisted items.

cves_white_list_enabled bool

Indicates if cves whitelist is relevant.

cves_white_lists Sequence[str]

List of cves whitelisted licenses

cvss_severity str

Identifier of the cvss severity.

cvss_severity_enabled bool

Indicates if the cvss severity is scanned.

cvss_severity_exclude_no_fix bool

Indicates that policy should ignore cvss cases that do not have a known fix.

description str
disallow_malware bool

Indicates if malware should block the image.

docker_cis_enabled bool
domain str

Name of the container image.

domain_name str
dta_enabled bool
dta_severity str
enabled bool
enforce bool
enforce_after_days int
enforce_excessive_permissions bool
exceptional_monitored_malware_paths Sequence[str]
fail_cicd bool

Indicates if cicd failures will fail the image.

forbidden_labels Sequence[FunctionAssurancePolicyForbiddenLabelArgs]
forbidden_labels_enabled bool
force_microenforcer bool
function_integrity_enabled bool
ignore_recently_published_vln bool
ignore_risk_resources_enabled bool

Indicates if risk resources are ignored.

ignored_risk_resources Sequence[str]

List of ignored risk resources.

images Sequence[str]

List of images.

kube_cis_enabled bool
labels Sequence[str]

List of labels.

malware_action str
maximum_score float

Value of allowed maximum score.

maximum_score_enabled bool

Indicates if exceeding the maximum score is scanned.

maximum_score_exclude_no_fix bool

Indicates that policy should ignore cases that do not have a known fix.

monitored_malware_paths Sequence[str]
name str
only_none_root_users bool

Indicates if raise a warning for images that should only be run as root.

packages_black_list_enabled bool

Indicates if packages blacklist is relevant.

packages_black_lists Sequence[FunctionAssurancePolicyPackagesBlackListArgs]

List of backlisted images.

packages_white_list_enabled bool

Indicates if packages whitelist is relevant.

packages_white_lists Sequence[FunctionAssurancePolicyPackagesWhiteListArgs]

List of whitelisted images.

partial_results_image_fail bool
read_only bool
registries Sequence[str]

List of registries.

registry str
required_labels Sequence[FunctionAssurancePolicyRequiredLabelArgs]
required_labels_enabled bool
scan_nfs_mounts bool
scan_sensitive_data bool

Indicates if scan should include sensitive data in the image.

scap_enabled bool

Indicates if scanning should include scap.

scap_files Sequence[str]

List of SCAP user scripts for checks.

scopes Sequence[FunctionAssurancePolicyScopeArgs]
trusted_base_images Sequence[FunctionAssurancePolicyTrustedBaseImageArgs]

List of trusted images.

trusted_base_images_enabled bool

Indicates if list of trusted base images is relevant.

whitelisted_licenses Sequence[str]

List of whitelisted licenses.

whitelisted_licenses_enabled bool

Indicates if license blacklist is relevant.

applicationScopes List<String>
allowedImages List<String>

List of explicitly allowed images.

auditOnFailure Boolean

Indicates if auditing for failures.

autoScanConfigured Boolean
autoScanEnabled Boolean
autoScanTimes List<Property Map>
blacklistPermissions List<String>

List of function's forbidden permissions.

blacklistPermissionsEnabled Boolean

Indicates if blacklist permissions is relevant.

blacklistedLicenses List<String>

List of blacklisted licenses.

blacklistedLicensesEnabled Boolean

Lndicates if license blacklist is relevant.

blockFailed Boolean

Indicates if failed images are blocked.

controlExcludeNoFix Boolean
customChecks List<Property Map>

List of Custom user scripts for checks.

customChecksEnabled Boolean

Indicates if scanning should include custom checks.

customSeverityEnabled Boolean
cvesBlackListEnabled Boolean

Indicates if cves blacklist is relevant.

cvesBlackLists List<String>

List of cves blacklisted items.

cvesWhiteListEnabled Boolean

Indicates if cves whitelist is relevant.

cvesWhiteLists List<String>

List of cves whitelisted licenses

cvssSeverity String

Identifier of the cvss severity.

cvssSeverityEnabled Boolean

Indicates if the cvss severity is scanned.

cvssSeverityExcludeNoFix Boolean

Indicates that policy should ignore cvss cases that do not have a known fix.

description String
disallowMalware Boolean

Indicates if malware should block the image.

dockerCisEnabled Boolean
domain String

Name of the container image.

domainName String
dtaEnabled Boolean
dtaSeverity String
enabled Boolean
enforce Boolean
enforceAfterDays Number
enforceExcessivePermissions Boolean
exceptionalMonitoredMalwarePaths List<String>
failCicd Boolean

Indicates if cicd failures will fail the image.

forbiddenLabels List<Property Map>
forbiddenLabelsEnabled Boolean
forceMicroenforcer Boolean
functionIntegrityEnabled Boolean
ignoreRecentlyPublishedVln Boolean
ignoreRiskResourcesEnabled Boolean

Indicates if risk resources are ignored.

ignoredRiskResources List<String>

List of ignored risk resources.

images List<String>

List of images.

kubeCisEnabled Boolean
labels List<String>

List of labels.

malwareAction String
maximumScore Number

Value of allowed maximum score.

maximumScoreEnabled Boolean

Indicates if exceeding the maximum score is scanned.

maximumScoreExcludeNoFix Boolean

Indicates that policy should ignore cases that do not have a known fix.

monitoredMalwarePaths List<String>
name String
onlyNoneRootUsers Boolean

Indicates if raise a warning for images that should only be run as root.

packagesBlackListEnabled Boolean

Indicates if packages blacklist is relevant.

packagesBlackLists List<Property Map>

List of backlisted images.

packagesWhiteListEnabled Boolean

Indicates if packages whitelist is relevant.

packagesWhiteLists List<Property Map>

List of whitelisted images.

partialResultsImageFail Boolean
readOnly Boolean
registries List<String>

List of registries.

registry String
requiredLabels List<Property Map>
requiredLabelsEnabled Boolean
scanNfsMounts Boolean
scanSensitiveData Boolean

Indicates if scan should include sensitive data in the image.

scapEnabled Boolean

Indicates if scanning should include scap.

scapFiles List<String>

List of SCAP user scripts for checks.

scopes List<Property Map>
trustedBaseImages List<Property Map>

List of trusted images.

trustedBaseImagesEnabled Boolean

Indicates if list of trusted base images is relevant.

whitelistedLicenses List<String>

List of whitelisted licenses.

whitelistedLicensesEnabled Boolean

Indicates if license blacklist is relevant.

Outputs

All input properties are implicitly available as output properties. Additionally, the FunctionAssurancePolicy resource produces the following output properties:

Author string

Name of user account that created the policy.

Id string

The provider-assigned unique ID for this managed resource.

IgnoreRecentlyPublishedVlnPeriod int
Author string

Name of user account that created the policy.

Id string

The provider-assigned unique ID for this managed resource.

IgnoreRecentlyPublishedVlnPeriod int
author String

Name of user account that created the policy.

id String

The provider-assigned unique ID for this managed resource.

ignoreRecentlyPublishedVlnPeriod Integer
author string

Name of user account that created the policy.

id string

The provider-assigned unique ID for this managed resource.

ignoreRecentlyPublishedVlnPeriod number
author str

Name of user account that created the policy.

id str

The provider-assigned unique ID for this managed resource.

ignore_recently_published_vln_period int
author String

Name of user account that created the policy.

id String

The provider-assigned unique ID for this managed resource.

ignoreRecentlyPublishedVlnPeriod Number

Look up Existing FunctionAssurancePolicy Resource

Get an existing FunctionAssurancePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FunctionAssurancePolicyState, opts?: CustomResourceOptions): FunctionAssurancePolicy
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allowed_images: Optional[Sequence[str]] = None,
        application_scopes: Optional[Sequence[str]] = None,
        audit_on_failure: Optional[bool] = None,
        author: Optional[str] = None,
        auto_scan_configured: Optional[bool] = None,
        auto_scan_enabled: Optional[bool] = None,
        auto_scan_times: Optional[Sequence[FunctionAssurancePolicyAutoScanTimeArgs]] = None,
        blacklist_permissions: Optional[Sequence[str]] = None,
        blacklist_permissions_enabled: Optional[bool] = None,
        blacklisted_licenses: Optional[Sequence[str]] = None,
        blacklisted_licenses_enabled: Optional[bool] = None,
        block_failed: Optional[bool] = None,
        control_exclude_no_fix: Optional[bool] = None,
        custom_checks: Optional[Sequence[FunctionAssurancePolicyCustomCheckArgs]] = None,
        custom_checks_enabled: Optional[bool] = None,
        custom_severity_enabled: Optional[bool] = None,
        cves_black_list_enabled: Optional[bool] = None,
        cves_black_lists: Optional[Sequence[str]] = None,
        cves_white_list_enabled: Optional[bool] = None,
        cves_white_lists: Optional[Sequence[str]] = None,
        cvss_severity: Optional[str] = None,
        cvss_severity_enabled: Optional[bool] = None,
        cvss_severity_exclude_no_fix: Optional[bool] = None,
        description: Optional[str] = None,
        disallow_malware: Optional[bool] = None,
        docker_cis_enabled: Optional[bool] = None,
        domain: Optional[str] = None,
        domain_name: Optional[str] = None,
        dta_enabled: Optional[bool] = None,
        dta_severity: Optional[str] = None,
        enabled: Optional[bool] = None,
        enforce: Optional[bool] = None,
        enforce_after_days: Optional[int] = None,
        enforce_excessive_permissions: Optional[bool] = None,
        exceptional_monitored_malware_paths: Optional[Sequence[str]] = None,
        fail_cicd: Optional[bool] = None,
        forbidden_labels: Optional[Sequence[FunctionAssurancePolicyForbiddenLabelArgs]] = None,
        forbidden_labels_enabled: Optional[bool] = None,
        force_microenforcer: Optional[bool] = None,
        function_integrity_enabled: Optional[bool] = None,
        ignore_recently_published_vln: Optional[bool] = None,
        ignore_recently_published_vln_period: Optional[int] = None,
        ignore_risk_resources_enabled: Optional[bool] = None,
        ignored_risk_resources: Optional[Sequence[str]] = None,
        images: Optional[Sequence[str]] = None,
        kube_cis_enabled: Optional[bool] = None,
        labels: Optional[Sequence[str]] = None,
        malware_action: Optional[str] = None,
        maximum_score: Optional[float] = None,
        maximum_score_enabled: Optional[bool] = None,
        maximum_score_exclude_no_fix: Optional[bool] = None,
        monitored_malware_paths: Optional[Sequence[str]] = None,
        name: Optional[str] = None,
        only_none_root_users: Optional[bool] = None,
        packages_black_list_enabled: Optional[bool] = None,
        packages_black_lists: Optional[Sequence[FunctionAssurancePolicyPackagesBlackListArgs]] = None,
        packages_white_list_enabled: Optional[bool] = None,
        packages_white_lists: Optional[Sequence[FunctionAssurancePolicyPackagesWhiteListArgs]] = None,
        partial_results_image_fail: Optional[bool] = None,
        read_only: Optional[bool] = None,
        registries: Optional[Sequence[str]] = None,
        registry: Optional[str] = None,
        required_labels: Optional[Sequence[FunctionAssurancePolicyRequiredLabelArgs]] = None,
        required_labels_enabled: Optional[bool] = None,
        scan_nfs_mounts: Optional[bool] = None,
        scan_sensitive_data: Optional[bool] = None,
        scap_enabled: Optional[bool] = None,
        scap_files: Optional[Sequence[str]] = None,
        scopes: Optional[Sequence[FunctionAssurancePolicyScopeArgs]] = None,
        trusted_base_images: Optional[Sequence[FunctionAssurancePolicyTrustedBaseImageArgs]] = None,
        trusted_base_images_enabled: Optional[bool] = None,
        whitelisted_licenses: Optional[Sequence[str]] = None,
        whitelisted_licenses_enabled: Optional[bool] = None) -> FunctionAssurancePolicy
func GetFunctionAssurancePolicy(ctx *Context, name string, id IDInput, state *FunctionAssurancePolicyState, opts ...ResourceOption) (*FunctionAssurancePolicy, error)
public static FunctionAssurancePolicy Get(string name, Input<string> id, FunctionAssurancePolicyState? state, CustomResourceOptions? opts = null)
public static FunctionAssurancePolicy get(String name, Output<String> id, FunctionAssurancePolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AllowedImages List<string>

List of explicitly allowed images.

ApplicationScopes List<string>
AuditOnFailure bool

Indicates if auditing for failures.

Author string

Name of user account that created the policy.

AutoScanConfigured bool
AutoScanEnabled bool
AutoScanTimes List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyAutoScanTimeArgs>
BlacklistPermissions List<string>

List of function's forbidden permissions.

BlacklistPermissionsEnabled bool

Indicates if blacklist permissions is relevant.

BlacklistedLicenses List<string>

List of blacklisted licenses.

BlacklistedLicensesEnabled bool

Lndicates if license blacklist is relevant.

BlockFailed bool

Indicates if failed images are blocked.

ControlExcludeNoFix bool
CustomChecks List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyCustomCheckArgs>

List of Custom user scripts for checks.

CustomChecksEnabled bool

Indicates if scanning should include custom checks.

CustomSeverityEnabled bool
CvesBlackListEnabled bool

Indicates if cves blacklist is relevant.

CvesBlackLists List<string>

List of cves blacklisted items.

CvesWhiteListEnabled bool

Indicates if cves whitelist is relevant.

CvesWhiteLists List<string>

List of cves whitelisted licenses

CvssSeverity string

Identifier of the cvss severity.

CvssSeverityEnabled bool

Indicates if the cvss severity is scanned.

CvssSeverityExcludeNoFix bool

Indicates that policy should ignore cvss cases that do not have a known fix.

Description string
DisallowMalware bool

Indicates if malware should block the image.

DockerCisEnabled bool
Domain string

Name of the container image.

DomainName string
DtaEnabled bool
DtaSeverity string
Enabled bool
Enforce bool
EnforceAfterDays int
EnforceExcessivePermissions bool
ExceptionalMonitoredMalwarePaths List<string>
FailCicd bool

Indicates if cicd failures will fail the image.

ForbiddenLabels List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyForbiddenLabelArgs>
ForbiddenLabelsEnabled bool
ForceMicroenforcer bool
FunctionIntegrityEnabled bool
IgnoreRecentlyPublishedVln bool
IgnoreRecentlyPublishedVlnPeriod int
IgnoreRiskResourcesEnabled bool

Indicates if risk resources are ignored.

IgnoredRiskResources List<string>

List of ignored risk resources.

Images List<string>

List of images.

KubeCisEnabled bool
Labels List<string>

List of labels.

MalwareAction string
MaximumScore double

Value of allowed maximum score.

MaximumScoreEnabled bool

Indicates if exceeding the maximum score is scanned.

MaximumScoreExcludeNoFix bool

Indicates that policy should ignore cases that do not have a known fix.

MonitoredMalwarePaths List<string>
Name string
OnlyNoneRootUsers bool

Indicates if raise a warning for images that should only be run as root.

PackagesBlackListEnabled bool

Indicates if packages blacklist is relevant.

PackagesBlackLists List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyPackagesBlackListArgs>

List of backlisted images.

PackagesWhiteListEnabled bool

Indicates if packages whitelist is relevant.

PackagesWhiteLists List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyPackagesWhiteListArgs>

List of whitelisted images.

PartialResultsImageFail bool
ReadOnly bool
Registries List<string>

List of registries.

Registry string
RequiredLabels List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyRequiredLabelArgs>
RequiredLabelsEnabled bool
ScanNfsMounts bool
ScanSensitiveData bool

Indicates if scan should include sensitive data in the image.

ScapEnabled bool

Indicates if scanning should include scap.

ScapFiles List<string>

List of SCAP user scripts for checks.

Scopes List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyScopeArgs>
TrustedBaseImages List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyTrustedBaseImageArgs>

List of trusted images.

TrustedBaseImagesEnabled bool

Indicates if list of trusted base images is relevant.

WhitelistedLicenses List<string>

List of whitelisted licenses.

WhitelistedLicensesEnabled bool

Indicates if license blacklist is relevant.

AllowedImages []string

List of explicitly allowed images.

ApplicationScopes []string
AuditOnFailure bool

Indicates if auditing for failures.

Author string

Name of user account that created the policy.

AutoScanConfigured bool
AutoScanEnabled bool
AutoScanTimes []FunctionAssurancePolicyAutoScanTimeArgs
BlacklistPermissions []string

List of function's forbidden permissions.

BlacklistPermissionsEnabled bool

Indicates if blacklist permissions is relevant.

BlacklistedLicenses []string

List of blacklisted licenses.

BlacklistedLicensesEnabled bool

Lndicates if license blacklist is relevant.

BlockFailed bool

Indicates if failed images are blocked.

ControlExcludeNoFix bool
CustomChecks []FunctionAssurancePolicyCustomCheckArgs

List of Custom user scripts for checks.

CustomChecksEnabled bool

Indicates if scanning should include custom checks.

CustomSeverityEnabled bool
CvesBlackListEnabled bool

Indicates if cves blacklist is relevant.

CvesBlackLists []string

List of cves blacklisted items.

CvesWhiteListEnabled bool

Indicates if cves whitelist is relevant.

CvesWhiteLists []string

List of cves whitelisted licenses

CvssSeverity string

Identifier of the cvss severity.

CvssSeverityEnabled bool

Indicates if the cvss severity is scanned.

CvssSeverityExcludeNoFix bool

Indicates that policy should ignore cvss cases that do not have a known fix.

Description string
DisallowMalware bool

Indicates if malware should block the image.

DockerCisEnabled bool
Domain string

Name of the container image.

DomainName string
DtaEnabled bool
DtaSeverity string
Enabled bool
Enforce bool
EnforceAfterDays int
EnforceExcessivePermissions bool
ExceptionalMonitoredMalwarePaths []string
FailCicd bool

Indicates if cicd failures will fail the image.

ForbiddenLabels []FunctionAssurancePolicyForbiddenLabelArgs
ForbiddenLabelsEnabled bool
ForceMicroenforcer bool
FunctionIntegrityEnabled bool
IgnoreRecentlyPublishedVln bool
IgnoreRecentlyPublishedVlnPeriod int
IgnoreRiskResourcesEnabled bool

Indicates if risk resources are ignored.

IgnoredRiskResources []string

List of ignored risk resources.

Images []string

List of images.

KubeCisEnabled bool
Labels []string

List of labels.

MalwareAction string
MaximumScore float64

Value of allowed maximum score.

MaximumScoreEnabled bool

Indicates if exceeding the maximum score is scanned.

MaximumScoreExcludeNoFix bool

Indicates that policy should ignore cases that do not have a known fix.

MonitoredMalwarePaths []string
Name string
OnlyNoneRootUsers bool

Indicates if raise a warning for images that should only be run as root.

PackagesBlackListEnabled bool

Indicates if packages blacklist is relevant.

PackagesBlackLists []FunctionAssurancePolicyPackagesBlackListArgs

List of backlisted images.

PackagesWhiteListEnabled bool

Indicates if packages whitelist is relevant.

PackagesWhiteLists []FunctionAssurancePolicyPackagesWhiteListArgs

List of whitelisted images.

PartialResultsImageFail bool
ReadOnly bool
Registries []string

List of registries.

Registry string
RequiredLabels []FunctionAssurancePolicyRequiredLabelArgs
RequiredLabelsEnabled bool
ScanNfsMounts bool
ScanSensitiveData bool

Indicates if scan should include sensitive data in the image.

ScapEnabled bool

Indicates if scanning should include scap.

ScapFiles []string

List of SCAP user scripts for checks.

Scopes []FunctionAssurancePolicyScopeArgs
TrustedBaseImages []FunctionAssurancePolicyTrustedBaseImageArgs

List of trusted images.

TrustedBaseImagesEnabled bool

Indicates if list of trusted base images is relevant.

WhitelistedLicenses []string

List of whitelisted licenses.

WhitelistedLicensesEnabled bool

Indicates if license blacklist is relevant.

allowedImages List<String>

List of explicitly allowed images.

applicationScopes List<String>
auditOnFailure Boolean

Indicates if auditing for failures.

author String

Name of user account that created the policy.

autoScanConfigured Boolean
autoScanEnabled Boolean
autoScanTimes List<FunctionAssurancePolicyAutoScanTimeArgs>
blacklistPermissions List<String>

List of function's forbidden permissions.

blacklistPermissionsEnabled Boolean

Indicates if blacklist permissions is relevant.

blacklistedLicenses List<String>

List of blacklisted licenses.

blacklistedLicensesEnabled Boolean

Lndicates if license blacklist is relevant.

blockFailed Boolean

Indicates if failed images are blocked.

controlExcludeNoFix Boolean
customChecks List<FunctionAssurancePolicyCustomCheckArgs>

List of Custom user scripts for checks.

customChecksEnabled Boolean

Indicates if scanning should include custom checks.

customSeverityEnabled Boolean
cvesBlackListEnabled Boolean

Indicates if cves blacklist is relevant.

cvesBlackLists List<String>

List of cves blacklisted items.

cvesWhiteListEnabled Boolean

Indicates if cves whitelist is relevant.

cvesWhiteLists List<String>

List of cves whitelisted licenses

cvssSeverity String

Identifier of the cvss severity.

cvssSeverityEnabled Boolean

Indicates if the cvss severity is scanned.

cvssSeverityExcludeNoFix Boolean

Indicates that policy should ignore cvss cases that do not have a known fix.

description String
disallowMalware Boolean

Indicates if malware should block the image.

dockerCisEnabled Boolean
domain String

Name of the container image.

domainName String
dtaEnabled Boolean
dtaSeverity String
enabled Boolean
enforce Boolean
enforceAfterDays Integer
enforceExcessivePermissions Boolean
exceptionalMonitoredMalwarePaths List<String>
failCicd Boolean

Indicates if cicd failures will fail the image.

forbiddenLabels List<FunctionAssurancePolicyForbiddenLabelArgs>
forbiddenLabelsEnabled Boolean
forceMicroenforcer Boolean
functionIntegrityEnabled Boolean
ignoreRecentlyPublishedVln Boolean
ignoreRecentlyPublishedVlnPeriod Integer
ignoreRiskResourcesEnabled Boolean

Indicates if risk resources are ignored.

ignoredRiskResources List<String>

List of ignored risk resources.

images List<String>

List of images.

kubeCisEnabled Boolean
labels List<String>

List of labels.

malwareAction String
maximumScore Double

Value of allowed maximum score.

maximumScoreEnabled Boolean

Indicates if exceeding the maximum score is scanned.

maximumScoreExcludeNoFix Boolean

Indicates that policy should ignore cases that do not have a known fix.

monitoredMalwarePaths List<String>
name String
onlyNoneRootUsers Boolean

Indicates if raise a warning for images that should only be run as root.

packagesBlackListEnabled Boolean

Indicates if packages blacklist is relevant.

packagesBlackLists List<FunctionAssurancePolicyPackagesBlackListArgs>

List of backlisted images.

packagesWhiteListEnabled Boolean

Indicates if packages whitelist is relevant.

packagesWhiteLists List<FunctionAssurancePolicyPackagesWhiteListArgs>

List of whitelisted images.

partialResultsImageFail Boolean
readOnly Boolean
registries List<String>

List of registries.

registry String
requiredLabels List<FunctionAssurancePolicyRequiredLabelArgs>
requiredLabelsEnabled Boolean
scanNfsMounts Boolean
scanSensitiveData Boolean

Indicates if scan should include sensitive data in the image.

scapEnabled Boolean

Indicates if scanning should include scap.

scapFiles List<String>

List of SCAP user scripts for checks.

scopes List<FunctionAssurancePolicyScopeArgs>
trustedBaseImages List<FunctionAssurancePolicyTrustedBaseImageArgs>

List of trusted images.

trustedBaseImagesEnabled Boolean

Indicates if list of trusted base images is relevant.

whitelistedLicenses List<String>

List of whitelisted licenses.

whitelistedLicensesEnabled Boolean

Indicates if license blacklist is relevant.

allowedImages string[]

List of explicitly allowed images.

applicationScopes string[]
auditOnFailure boolean

Indicates if auditing for failures.

author string

Name of user account that created the policy.

autoScanConfigured boolean
autoScanEnabled boolean
autoScanTimes FunctionAssurancePolicyAutoScanTimeArgs[]
blacklistPermissions string[]

List of function's forbidden permissions.

blacklistPermissionsEnabled boolean

Indicates if blacklist permissions is relevant.

blacklistedLicenses string[]

List of blacklisted licenses.

blacklistedLicensesEnabled boolean

Lndicates if license blacklist is relevant.

blockFailed boolean

Indicates if failed images are blocked.

controlExcludeNoFix boolean
customChecks FunctionAssurancePolicyCustomCheckArgs[]

List of Custom user scripts for checks.

customChecksEnabled boolean

Indicates if scanning should include custom checks.

customSeverityEnabled boolean
cvesBlackListEnabled boolean

Indicates if cves blacklist is relevant.

cvesBlackLists string[]

List of cves blacklisted items.

cvesWhiteListEnabled boolean

Indicates if cves whitelist is relevant.

cvesWhiteLists string[]

List of cves whitelisted licenses

cvssSeverity string

Identifier of the cvss severity.

cvssSeverityEnabled boolean

Indicates if the cvss severity is scanned.

cvssSeverityExcludeNoFix boolean

Indicates that policy should ignore cvss cases that do not have a known fix.

description string
disallowMalware boolean

Indicates if malware should block the image.

dockerCisEnabled boolean
domain string

Name of the container image.

domainName string
dtaEnabled boolean
dtaSeverity string
enabled boolean
enforce boolean
enforceAfterDays number
enforceExcessivePermissions boolean
exceptionalMonitoredMalwarePaths string[]
failCicd boolean

Indicates if cicd failures will fail the image.

forbiddenLabels FunctionAssurancePolicyForbiddenLabelArgs[]
forbiddenLabelsEnabled boolean
forceMicroenforcer boolean
functionIntegrityEnabled boolean
ignoreRecentlyPublishedVln boolean
ignoreRecentlyPublishedVlnPeriod number
ignoreRiskResourcesEnabled boolean

Indicates if risk resources are ignored.

ignoredRiskResources string[]

List of ignored risk resources.

images string[]

List of images.

kubeCisEnabled boolean
labels string[]

List of labels.

malwareAction string
maximumScore number

Value of allowed maximum score.

maximumScoreEnabled boolean

Indicates if exceeding the maximum score is scanned.

maximumScoreExcludeNoFix boolean

Indicates that policy should ignore cases that do not have a known fix.

monitoredMalwarePaths string[]
name string
onlyNoneRootUsers boolean

Indicates if raise a warning for images that should only be run as root.

packagesBlackListEnabled boolean

Indicates if packages blacklist is relevant.

packagesBlackLists FunctionAssurancePolicyPackagesBlackListArgs[]

List of backlisted images.

packagesWhiteListEnabled boolean

Indicates if packages whitelist is relevant.

packagesWhiteLists FunctionAssurancePolicyPackagesWhiteListArgs[]

List of whitelisted images.

partialResultsImageFail boolean
readOnly boolean
registries string[]

List of registries.

registry string
requiredLabels FunctionAssurancePolicyRequiredLabelArgs[]
requiredLabelsEnabled boolean
scanNfsMounts boolean
scanSensitiveData boolean

Indicates if scan should include sensitive data in the image.

scapEnabled boolean

Indicates if scanning should include scap.

scapFiles string[]

List of SCAP user scripts for checks.

scopes FunctionAssurancePolicyScopeArgs[]
trustedBaseImages FunctionAssurancePolicyTrustedBaseImageArgs[]

List of trusted images.

trustedBaseImagesEnabled boolean

Indicates if list of trusted base images is relevant.

whitelistedLicenses string[]

List of whitelisted licenses.

whitelistedLicensesEnabled boolean

Indicates if license blacklist is relevant.

allowed_images Sequence[str]

List of explicitly allowed images.

application_scopes Sequence[str]
audit_on_failure bool

Indicates if auditing for failures.

author str

Name of user account that created the policy.

auto_scan_configured bool
auto_scan_enabled bool
auto_scan_times Sequence[FunctionAssurancePolicyAutoScanTimeArgs]
blacklist_permissions Sequence[str]

List of function's forbidden permissions.

blacklist_permissions_enabled bool

Indicates if blacklist permissions is relevant.

blacklisted_licenses Sequence[str]

List of blacklisted licenses.

blacklisted_licenses_enabled bool

Lndicates if license blacklist is relevant.

block_failed bool

Indicates if failed images are blocked.

control_exclude_no_fix bool
custom_checks Sequence[FunctionAssurancePolicyCustomCheckArgs]

List of Custom user scripts for checks.

custom_checks_enabled bool

Indicates if scanning should include custom checks.

custom_severity_enabled bool
cves_black_list_enabled bool

Indicates if cves blacklist is relevant.

cves_black_lists Sequence[str]

List of cves blacklisted items.

cves_white_list_enabled bool

Indicates if cves whitelist is relevant.

cves_white_lists Sequence[str]

List of cves whitelisted licenses

cvss_severity str

Identifier of the cvss severity.

cvss_severity_enabled bool

Indicates if the cvss severity is scanned.

cvss_severity_exclude_no_fix bool

Indicates that policy should ignore cvss cases that do not have a known fix.

description str
disallow_malware bool

Indicates if malware should block the image.

docker_cis_enabled bool
domain str

Name of the container image.

domain_name str
dta_enabled bool
dta_severity str
enabled bool
enforce bool
enforce_after_days int
enforce_excessive_permissions bool
exceptional_monitored_malware_paths Sequence[str]
fail_cicd bool

Indicates if cicd failures will fail the image.

forbidden_labels Sequence[FunctionAssurancePolicyForbiddenLabelArgs]
forbidden_labels_enabled bool
force_microenforcer bool
function_integrity_enabled bool
ignore_recently_published_vln bool
ignore_recently_published_vln_period int
ignore_risk_resources_enabled bool

Indicates if risk resources are ignored.

ignored_risk_resources Sequence[str]

List of ignored risk resources.

images Sequence[str]

List of images.

kube_cis_enabled bool
labels Sequence[str]

List of labels.

malware_action str
maximum_score float

Value of allowed maximum score.

maximum_score_enabled bool

Indicates if exceeding the maximum score is scanned.

maximum_score_exclude_no_fix bool

Indicates that policy should ignore cases that do not have a known fix.

monitored_malware_paths Sequence[str]
name str
only_none_root_users bool

Indicates if raise a warning for images that should only be run as root.

packages_black_list_enabled bool

Indicates if packages blacklist is relevant.

packages_black_lists Sequence[FunctionAssurancePolicyPackagesBlackListArgs]

List of backlisted images.

packages_white_list_enabled bool

Indicates if packages whitelist is relevant.

packages_white_lists Sequence[FunctionAssurancePolicyPackagesWhiteListArgs]

List of whitelisted images.

partial_results_image_fail bool
read_only bool
registries Sequence[str]

List of registries.

registry str
required_labels Sequence[FunctionAssurancePolicyRequiredLabelArgs]
required_labels_enabled bool
scan_nfs_mounts bool
scan_sensitive_data bool

Indicates if scan should include sensitive data in the image.

scap_enabled bool

Indicates if scanning should include scap.

scap_files Sequence[str]

List of SCAP user scripts for checks.

scopes Sequence[FunctionAssurancePolicyScopeArgs]
trusted_base_images Sequence[FunctionAssurancePolicyTrustedBaseImageArgs]

List of trusted images.

trusted_base_images_enabled bool

Indicates if list of trusted base images is relevant.

whitelisted_licenses Sequence[str]

List of whitelisted licenses.

whitelisted_licenses_enabled bool

Indicates if license blacklist is relevant.

allowedImages List<String>

List of explicitly allowed images.

applicationScopes List<String>
auditOnFailure Boolean

Indicates if auditing for failures.

author String

Name of user account that created the policy.

autoScanConfigured Boolean
autoScanEnabled Boolean
autoScanTimes List<Property Map>
blacklistPermissions List<String>

List of function's forbidden permissions.

blacklistPermissionsEnabled Boolean

Indicates if blacklist permissions is relevant.

blacklistedLicenses List<String>

List of blacklisted licenses.

blacklistedLicensesEnabled Boolean

Lndicates if license blacklist is relevant.

blockFailed Boolean

Indicates if failed images are blocked.

controlExcludeNoFix Boolean
customChecks List<Property Map>

List of Custom user scripts for checks.

customChecksEnabled Boolean

Indicates if scanning should include custom checks.

customSeverityEnabled Boolean
cvesBlackListEnabled Boolean

Indicates if cves blacklist is relevant.

cvesBlackLists List<String>

List of cves blacklisted items.

cvesWhiteListEnabled Boolean

Indicates if cves whitelist is relevant.

cvesWhiteLists List<String>

List of cves whitelisted licenses

cvssSeverity String

Identifier of the cvss severity.

cvssSeverityEnabled Boolean

Indicates if the cvss severity is scanned.

cvssSeverityExcludeNoFix Boolean

Indicates that policy should ignore cvss cases that do not have a known fix.

description String
disallowMalware Boolean

Indicates if malware should block the image.

dockerCisEnabled Boolean
domain String

Name of the container image.

domainName String
dtaEnabled Boolean
dtaSeverity String
enabled Boolean
enforce Boolean
enforceAfterDays Number
enforceExcessivePermissions Boolean
exceptionalMonitoredMalwarePaths List<String>
failCicd Boolean

Indicates if cicd failures will fail the image.

forbiddenLabels List<Property Map>
forbiddenLabelsEnabled Boolean
forceMicroenforcer Boolean
functionIntegrityEnabled Boolean
ignoreRecentlyPublishedVln Boolean
ignoreRecentlyPublishedVlnPeriod Number
ignoreRiskResourcesEnabled Boolean

Indicates if risk resources are ignored.

ignoredRiskResources List<String>

List of ignored risk resources.

images List<String>

List of images.

kubeCisEnabled Boolean
labels List<String>

List of labels.

malwareAction String
maximumScore Number

Value of allowed maximum score.

maximumScoreEnabled Boolean

Indicates if exceeding the maximum score is scanned.

maximumScoreExcludeNoFix Boolean

Indicates that policy should ignore cases that do not have a known fix.

monitoredMalwarePaths List<String>
name String
onlyNoneRootUsers Boolean

Indicates if raise a warning for images that should only be run as root.

packagesBlackListEnabled Boolean

Indicates if packages blacklist is relevant.

packagesBlackLists List<Property Map>

List of backlisted images.

packagesWhiteListEnabled Boolean

Indicates if packages whitelist is relevant.

packagesWhiteLists List<Property Map>

List of whitelisted images.

partialResultsImageFail Boolean
readOnly Boolean
registries List<String>

List of registries.

registry String
requiredLabels List<Property Map>
requiredLabelsEnabled Boolean
scanNfsMounts Boolean
scanSensitiveData Boolean

Indicates if scan should include sensitive data in the image.

scapEnabled Boolean

Indicates if scanning should include scap.

scapFiles List<String>

List of SCAP user scripts for checks.

scopes List<Property Map>
trustedBaseImages List<Property Map>

List of trusted images.

trustedBaseImagesEnabled Boolean

Indicates if list of trusted base images is relevant.

whitelistedLicenses List<String>

List of whitelisted licenses.

whitelistedLicensesEnabled Boolean

Indicates if license blacklist is relevant.

Supporting Types

FunctionAssurancePolicyAutoScanTime

Iteration int
IterationType string
Time string
WeekDays List<string>
Iteration int
IterationType string
Time string
WeekDays []string
iteration Integer
iterationType String
time String
weekDays List<String>
iteration number
iterationType string
time string
weekDays string[]
iteration int
iteration_type str
time str
week_days Sequence[str]
iteration Number
iterationType String
time String
weekDays List<String>

FunctionAssurancePolicyCustomCheck

Author string

Name of user account that created the policy.

Description string
Engine string
LastModified int
Name string
Path string
ReadOnly bool
ScriptId string
Severity string
Snippet string
Author string

Name of user account that created the policy.

Description string
Engine string
LastModified int
Name string
Path string
ReadOnly bool
ScriptId string
Severity string
Snippet string
author String

Name of user account that created the policy.

description String
engine String
lastModified Integer
name String
path String
readOnly Boolean
scriptId String
severity String
snippet String
author string

Name of user account that created the policy.

description string
engine string
lastModified number
name string
path string
readOnly boolean
scriptId string
severity string
snippet string
author str

Name of user account that created the policy.

description str
engine str
last_modified int
name str
path str
read_only bool
script_id str
severity str
snippet str
author String

Name of user account that created the policy.

description String
engine String
lastModified Number
name String
path String
readOnly Boolean
scriptId String
severity String
snippet String

FunctionAssurancePolicyForbiddenLabel

Key string
Value string
Key string
Value string
key String
value String
key string
value string
key str
value str
key String
value String

FunctionAssurancePolicyPackagesBlackList

Arch string
Display string
Epoch string
Format string
License string
Name string
Release string
Version string
VersionRange string
Arch string
Display string
Epoch string
Format string
License string
Name string
Release string
Version string
VersionRange string
arch String
display String
epoch String
format String
license String
name String
release String
version String
versionRange String
arch string
display string
epoch string
format string
license string
name string
release string
version string
versionRange string
arch String
display String
epoch String
format String
license String
name String
release String
version String
versionRange String

FunctionAssurancePolicyPackagesWhiteList

Arch string
Display string
Epoch string
Format string
License string
Name string
Release string
Version string
VersionRange string
Arch string
Display string
Epoch string
Format string
License string
Name string
Release string
Version string
VersionRange string
arch String
display String
epoch String
format String
license String
name String
release String
version String
versionRange String
arch string
display string
epoch string
format string
license string
name string
release string
version string
versionRange string
arch String
display String
epoch String
format String
license String
name String
release String
version String
versionRange String

FunctionAssurancePolicyRequiredLabel

Key string
Value string
Key string
Value string
key String
value String
key string
value string
key str
value str
key String
value String

FunctionAssurancePolicyScope

FunctionAssurancePolicyScopeVariable

Attribute string
Name string
Value string
Attribute string
Name string
Value string
attribute String
name String
value String
attribute string
name string
value string
attribute str
name str
value str
attribute String
name String
value String

FunctionAssurancePolicyTrustedBaseImage

Imagename string
Registry string
Imagename string
Registry string
imagename String
registry String
imagename string
registry string
imagename String
registry String

Package Details

Repository
aquasec pulumiverse/pulumi-aquasec
License
Apache-2.0
Notes

This Pulumi package is based on the aquasec Terraform Provider.