aquasec.FunctionAssurancePolicy
Create FunctionAssurancePolicy Resource
new FunctionAssurancePolicy(name: string, args: FunctionAssurancePolicyArgs, opts?: CustomResourceOptions);@overload
def FunctionAssurancePolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
allowed_images: Optional[Sequence[str]] = None,
application_scopes: Optional[Sequence[str]] = None,
audit_on_failure: Optional[bool] = None,
auto_scan_configured: Optional[bool] = None,
auto_scan_enabled: Optional[bool] = None,
auto_scan_times: Optional[Sequence[FunctionAssurancePolicyAutoScanTimeArgs]] = None,
blacklist_permissions: Optional[Sequence[str]] = None,
blacklist_permissions_enabled: Optional[bool] = None,
blacklisted_licenses: Optional[Sequence[str]] = None,
blacklisted_licenses_enabled: Optional[bool] = None,
block_failed: Optional[bool] = None,
control_exclude_no_fix: Optional[bool] = None,
custom_checks: Optional[Sequence[FunctionAssurancePolicyCustomCheckArgs]] = None,
custom_checks_enabled: Optional[bool] = None,
custom_severity_enabled: Optional[bool] = None,
cves_black_list_enabled: Optional[bool] = None,
cves_black_lists: Optional[Sequence[str]] = None,
cves_white_list_enabled: Optional[bool] = None,
cves_white_lists: Optional[Sequence[str]] = None,
cvss_severity: Optional[str] = None,
cvss_severity_enabled: Optional[bool] = None,
cvss_severity_exclude_no_fix: Optional[bool] = None,
description: Optional[str] = None,
disallow_malware: Optional[bool] = None,
docker_cis_enabled: Optional[bool] = None,
domain: Optional[str] = None,
domain_name: Optional[str] = None,
dta_enabled: Optional[bool] = None,
dta_severity: Optional[str] = None,
enabled: Optional[bool] = None,
enforce: Optional[bool] = None,
enforce_after_days: Optional[int] = None,
enforce_excessive_permissions: Optional[bool] = None,
exceptional_monitored_malware_paths: Optional[Sequence[str]] = None,
fail_cicd: Optional[bool] = None,
forbidden_labels: Optional[Sequence[FunctionAssurancePolicyForbiddenLabelArgs]] = None,
forbidden_labels_enabled: Optional[bool] = None,
force_microenforcer: Optional[bool] = None,
function_integrity_enabled: Optional[bool] = None,
ignore_recently_published_vln: Optional[bool] = None,
ignore_risk_resources_enabled: Optional[bool] = None,
ignored_risk_resources: Optional[Sequence[str]] = None,
images: Optional[Sequence[str]] = None,
kube_cis_enabled: Optional[bool] = None,
labels: Optional[Sequence[str]] = None,
malware_action: Optional[str] = None,
maximum_score: Optional[float] = None,
maximum_score_enabled: Optional[bool] = None,
maximum_score_exclude_no_fix: Optional[bool] = None,
monitored_malware_paths: Optional[Sequence[str]] = None,
name: Optional[str] = None,
only_none_root_users: Optional[bool] = None,
packages_black_list_enabled: Optional[bool] = None,
packages_black_lists: Optional[Sequence[FunctionAssurancePolicyPackagesBlackListArgs]] = None,
packages_white_list_enabled: Optional[bool] = None,
packages_white_lists: Optional[Sequence[FunctionAssurancePolicyPackagesWhiteListArgs]] = None,
partial_results_image_fail: Optional[bool] = None,
read_only: Optional[bool] = None,
registries: Optional[Sequence[str]] = None,
registry: Optional[str] = None,
required_labels: Optional[Sequence[FunctionAssurancePolicyRequiredLabelArgs]] = None,
required_labels_enabled: Optional[bool] = None,
scan_nfs_mounts: Optional[bool] = None,
scan_sensitive_data: Optional[bool] = None,
scap_enabled: Optional[bool] = None,
scap_files: Optional[Sequence[str]] = None,
scopes: Optional[Sequence[FunctionAssurancePolicyScopeArgs]] = None,
trusted_base_images: Optional[Sequence[FunctionAssurancePolicyTrustedBaseImageArgs]] = None,
trusted_base_images_enabled: Optional[bool] = None,
whitelisted_licenses: Optional[Sequence[str]] = None,
whitelisted_licenses_enabled: Optional[bool] = None)
@overload
def FunctionAssurancePolicy(resource_name: str,
args: FunctionAssurancePolicyArgs,
opts: Optional[ResourceOptions] = None)func NewFunctionAssurancePolicy(ctx *Context, name string, args FunctionAssurancePolicyArgs, opts ...ResourceOption) (*FunctionAssurancePolicy, error)public FunctionAssurancePolicy(string name, FunctionAssurancePolicyArgs args, CustomResourceOptions? opts = null)
public FunctionAssurancePolicy(String name, FunctionAssurancePolicyArgs args)
public FunctionAssurancePolicy(String name, FunctionAssurancePolicyArgs args, CustomResourceOptions options)
type: aquasec:FunctionAssurancePolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FunctionAssurancePolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FunctionAssurancePolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FunctionAssurancePolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FunctionAssurancePolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FunctionAssurancePolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
FunctionAssurancePolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The FunctionAssurancePolicy resource accepts the following input properties:
- Application
Scopes List<string> - Allowed
Images List<string> List of explicitly allowed images.
- Audit
On boolFailure Indicates if auditing for failures.
- Auto
Scan boolConfigured - Auto
Scan boolEnabled - Auto
Scan List<Pulumiverse.Times Aquasec. Inputs. Function Assurance Policy Auto Scan Time Args> - Blacklist
Permissions List<string> List of function's forbidden permissions.
- Blacklist
Permissions boolEnabled Indicates if blacklist permissions is relevant.
- Blacklisted
Licenses List<string> List of blacklisted licenses.
- Blacklisted
Licenses boolEnabled Lndicates if license blacklist is relevant.
- Block
Failed bool Indicates if failed images are blocked.
- Control
Exclude boolNo Fix - Custom
Checks List<Pulumiverse.Aquasec. Inputs. Function Assurance Policy Custom Check Args> List of Custom user scripts for checks.
- Custom
Checks boolEnabled Indicates if scanning should include custom checks.
- Custom
Severity boolEnabled - Cves
Black boolList Enabled Indicates if cves blacklist is relevant.
- Cves
Black List<string>Lists List of cves blacklisted items.
- Cves
White boolList Enabled Indicates if cves whitelist is relevant.
- Cves
White List<string>Lists List of cves whitelisted licenses
- Cvss
Severity string Identifier of the cvss severity.
- Cvss
Severity boolEnabled Indicates if the cvss severity is scanned.
- Cvss
Severity boolExclude No Fix Indicates that policy should ignore cvss cases that do not have a known fix.
- Description string
- Disallow
Malware bool Indicates if malware should block the image.
- Docker
Cis boolEnabled - Domain string
Name of the container image.
- Domain
Name string - Dta
Enabled bool - Dta
Severity string - Enabled bool
- Enforce bool
- Enforce
After intDays - Enforce
Excessive boolPermissions - Exceptional
Monitored List<string>Malware Paths - Fail
Cicd bool Indicates if cicd failures will fail the image.
- Forbidden
Labels List<Pulumiverse.Aquasec. Inputs. Function Assurance Policy Forbidden Label Args> - Forbidden
Labels boolEnabled - Force
Microenforcer bool - Function
Integrity boolEnabled - Ignore
Recently boolPublished Vln - Ignore
Risk boolResources Enabled Indicates if risk resources are ignored.
- Ignored
Risk List<string>Resources List of ignored risk resources.
- Images List<string>
List of images.
- Kube
Cis boolEnabled - Labels List<string>
List of labels.
- Malware
Action string - Maximum
Score double Value of allowed maximum score.
- Maximum
Score boolEnabled Indicates if exceeding the maximum score is scanned.
- Maximum
Score boolExclude No Fix Indicates that policy should ignore cases that do not have a known fix.
- Monitored
Malware List<string>Paths - Name string
- Only
None boolRoot Users Indicates if raise a warning for images that should only be run as root.
- Packages
Black boolList Enabled Indicates if packages blacklist is relevant.
- Packages
Black List<Pulumiverse.Lists Aquasec. Inputs. Function Assurance Policy Packages Black List Args> List of backlisted images.
- Packages
White boolList Enabled Indicates if packages whitelist is relevant.
- Packages
White List<Pulumiverse.Lists Aquasec. Inputs. Function Assurance Policy Packages White List Args> List of whitelisted images.
- Partial
Results boolImage Fail - Read
Only bool - Registries List<string>
List of registries.
- Registry string
- Required
Labels List<Pulumiverse.Aquasec. Inputs. Function Assurance Policy Required Label Args> - Required
Labels boolEnabled - Scan
Nfs boolMounts - Scan
Sensitive boolData Indicates if scan should include sensitive data in the image.
- Scap
Enabled bool Indicates if scanning should include scap.
- Scap
Files List<string> List of SCAP user scripts for checks.
- Scopes
List<Pulumiverse.
Aquasec. Inputs. Function Assurance Policy Scope Args> - Trusted
Base List<Pulumiverse.Images Aquasec. Inputs. Function Assurance Policy Trusted Base Image Args> List of trusted images.
- Trusted
Base boolImages Enabled Indicates if list of trusted base images is relevant.
- Whitelisted
Licenses List<string> List of whitelisted licenses.
- Whitelisted
Licenses boolEnabled Indicates if license blacklist is relevant.
- Application
Scopes []string - Allowed
Images []string List of explicitly allowed images.
- Audit
On boolFailure Indicates if auditing for failures.
- Auto
Scan boolConfigured - Auto
Scan boolEnabled - Auto
Scan []FunctionTimes Assurance Policy Auto Scan Time Args - Blacklist
Permissions []string List of function's forbidden permissions.
- Blacklist
Permissions boolEnabled Indicates if blacklist permissions is relevant.
- Blacklisted
Licenses []string List of blacklisted licenses.
- Blacklisted
Licenses boolEnabled Lndicates if license blacklist is relevant.
- Block
Failed bool Indicates if failed images are blocked.
- Control
Exclude boolNo Fix - Custom
Checks []FunctionAssurance Policy Custom Check Args List of Custom user scripts for checks.
- Custom
Checks boolEnabled Indicates if scanning should include custom checks.
- Custom
Severity boolEnabled - Cves
Black boolList Enabled Indicates if cves blacklist is relevant.
- Cves
Black []stringLists List of cves blacklisted items.
- Cves
White boolList Enabled Indicates if cves whitelist is relevant.
- Cves
White []stringLists List of cves whitelisted licenses
- Cvss
Severity string Identifier of the cvss severity.
- Cvss
Severity boolEnabled Indicates if the cvss severity is scanned.
- Cvss
Severity boolExclude No Fix Indicates that policy should ignore cvss cases that do not have a known fix.
- Description string
- Disallow
Malware bool Indicates if malware should block the image.
- Docker
Cis boolEnabled - Domain string
Name of the container image.
- Domain
Name string - Dta
Enabled bool - Dta
Severity string - Enabled bool
- Enforce bool
- Enforce
After intDays - Enforce
Excessive boolPermissions - Exceptional
Monitored []stringMalware Paths - Fail
Cicd bool Indicates if cicd failures will fail the image.
- Forbidden
Labels []FunctionAssurance Policy Forbidden Label Args - Forbidden
Labels boolEnabled - Force
Microenforcer bool - Function
Integrity boolEnabled - Ignore
Recently boolPublished Vln - Ignore
Risk boolResources Enabled Indicates if risk resources are ignored.
- Ignored
Risk []stringResources List of ignored risk resources.
- Images []string
List of images.
- Kube
Cis boolEnabled - Labels []string
List of labels.
- Malware
Action string - Maximum
Score float64 Value of allowed maximum score.
- Maximum
Score boolEnabled Indicates if exceeding the maximum score is scanned.
- Maximum
Score boolExclude No Fix Indicates that policy should ignore cases that do not have a known fix.
- Monitored
Malware []stringPaths - Name string
- Only
None boolRoot Users Indicates if raise a warning for images that should only be run as root.
- Packages
Black boolList Enabled Indicates if packages blacklist is relevant.
- Packages
Black []FunctionLists Assurance Policy Packages Black List Args List of backlisted images.
- Packages
White boolList Enabled Indicates if packages whitelist is relevant.
- Packages
White []FunctionLists Assurance Policy Packages White List Args List of whitelisted images.
- Partial
Results boolImage Fail - Read
Only bool - Registries []string
List of registries.
- Registry string
- Required
Labels []FunctionAssurance Policy Required Label Args - Required
Labels boolEnabled - Scan
Nfs boolMounts - Scan
Sensitive boolData Indicates if scan should include sensitive data in the image.
- Scap
Enabled bool Indicates if scanning should include scap.
- Scap
Files []string List of SCAP user scripts for checks.
- Scopes
[]Function
Assurance Policy Scope Args - Trusted
Base []FunctionImages Assurance Policy Trusted Base Image Args List of trusted images.
- Trusted
Base boolImages Enabled Indicates if list of trusted base images is relevant.
- Whitelisted
Licenses []string List of whitelisted licenses.
- Whitelisted
Licenses boolEnabled Indicates if license blacklist is relevant.
- application
Scopes List<String> - allowed
Images List<String> List of explicitly allowed images.
- audit
On BooleanFailure Indicates if auditing for failures.
- auto
Scan BooleanConfigured - auto
Scan BooleanEnabled - auto
Scan List<FunctionTimes Assurance Policy Auto Scan Time Args> - blacklist
Permissions List<String> List of function's forbidden permissions.
- blacklist
Permissions BooleanEnabled Indicates if blacklist permissions is relevant.
- blacklisted
Licenses List<String> List of blacklisted licenses.
- blacklisted
Licenses BooleanEnabled Lndicates if license blacklist is relevant.
- block
Failed Boolean Indicates if failed images are blocked.
- control
Exclude BooleanNo Fix - custom
Checks List<FunctionAssurance Policy Custom Check Args> List of Custom user scripts for checks.
- custom
Checks BooleanEnabled Indicates if scanning should include custom checks.
- custom
Severity BooleanEnabled - cves
Black BooleanList Enabled Indicates if cves blacklist is relevant.
- cves
Black List<String>Lists List of cves blacklisted items.
- cves
White BooleanList Enabled Indicates if cves whitelist is relevant.
- cves
White List<String>Lists List of cves whitelisted licenses
- cvss
Severity String Identifier of the cvss severity.
- cvss
Severity BooleanEnabled Indicates if the cvss severity is scanned.
- cvss
Severity BooleanExclude No Fix Indicates that policy should ignore cvss cases that do not have a known fix.
- description String
- disallow
Malware Boolean Indicates if malware should block the image.
- docker
Cis BooleanEnabled - domain String
Name of the container image.
- domain
Name String - dta
Enabled Boolean - dta
Severity String - enabled Boolean
- enforce Boolean
- enforce
After IntegerDays - enforce
Excessive BooleanPermissions - exceptional
Monitored List<String>Malware Paths - fail
Cicd Boolean Indicates if cicd failures will fail the image.
- forbidden
Labels List<FunctionAssurance Policy Forbidden Label Args> - forbidden
Labels BooleanEnabled - force
Microenforcer Boolean - function
Integrity BooleanEnabled - ignore
Recently BooleanPublished Vln - ignore
Risk BooleanResources Enabled Indicates if risk resources are ignored.
- ignored
Risk List<String>Resources List of ignored risk resources.
- images List<String>
List of images.
- kube
Cis BooleanEnabled - labels List<String>
List of labels.
- malware
Action String - maximum
Score Double Value of allowed maximum score.
- maximum
Score BooleanEnabled Indicates if exceeding the maximum score is scanned.
- maximum
Score BooleanExclude No Fix Indicates that policy should ignore cases that do not have a known fix.
- monitored
Malware List<String>Paths - name String
- only
None BooleanRoot Users Indicates if raise a warning for images that should only be run as root.
- packages
Black BooleanList Enabled Indicates if packages blacklist is relevant.
- packages
Black List<FunctionLists Assurance Policy Packages Black List Args> List of backlisted images.
- packages
White BooleanList Enabled Indicates if packages whitelist is relevant.
- packages
White List<FunctionLists Assurance Policy Packages White List Args> List of whitelisted images.
- partial
Results BooleanImage Fail - read
Only Boolean - registries List<String>
List of registries.
- registry String
- required
Labels List<FunctionAssurance Policy Required Label Args> - required
Labels BooleanEnabled - scan
Nfs BooleanMounts - scan
Sensitive BooleanData Indicates if scan should include sensitive data in the image.
- scap
Enabled Boolean Indicates if scanning should include scap.
- scap
Files List<String> List of SCAP user scripts for checks.
- scopes
List<Function
Assurance Policy Scope Args> - trusted
Base List<FunctionImages Assurance Policy Trusted Base Image Args> List of trusted images.
- trusted
Base BooleanImages Enabled Indicates if list of trusted base images is relevant.
- whitelisted
Licenses List<String> List of whitelisted licenses.
- whitelisted
Licenses BooleanEnabled Indicates if license blacklist is relevant.
- application
Scopes string[] - allowed
Images string[] List of explicitly allowed images.
- audit
On booleanFailure Indicates if auditing for failures.
- auto
Scan booleanConfigured - auto
Scan booleanEnabled - auto
Scan FunctionTimes Assurance Policy Auto Scan Time Args[] - blacklist
Permissions string[] List of function's forbidden permissions.
- blacklist
Permissions booleanEnabled Indicates if blacklist permissions is relevant.
- blacklisted
Licenses string[] List of blacklisted licenses.
- blacklisted
Licenses booleanEnabled Lndicates if license blacklist is relevant.
- block
Failed boolean Indicates if failed images are blocked.
- control
Exclude booleanNo Fix - custom
Checks FunctionAssurance Policy Custom Check Args[] List of Custom user scripts for checks.
- custom
Checks booleanEnabled Indicates if scanning should include custom checks.
- custom
Severity booleanEnabled - cves
Black booleanList Enabled Indicates if cves blacklist is relevant.
- cves
Black string[]Lists List of cves blacklisted items.
- cves
White booleanList Enabled Indicates if cves whitelist is relevant.
- cves
White string[]Lists List of cves whitelisted licenses
- cvss
Severity string Identifier of the cvss severity.
- cvss
Severity booleanEnabled Indicates if the cvss severity is scanned.
- cvss
Severity booleanExclude No Fix Indicates that policy should ignore cvss cases that do not have a known fix.
- description string
- disallow
Malware boolean Indicates if malware should block the image.
- docker
Cis booleanEnabled - domain string
Name of the container image.
- domain
Name string - dta
Enabled boolean - dta
Severity string - enabled boolean
- enforce boolean
- enforce
After numberDays - enforce
Excessive booleanPermissions - exceptional
Monitored string[]Malware Paths - fail
Cicd boolean Indicates if cicd failures will fail the image.
- forbidden
Labels FunctionAssurance Policy Forbidden Label Args[] - forbidden
Labels booleanEnabled - force
Microenforcer boolean - function
Integrity booleanEnabled - ignore
Recently booleanPublished Vln - ignore
Risk booleanResources Enabled Indicates if risk resources are ignored.
- ignored
Risk string[]Resources List of ignored risk resources.
- images string[]
List of images.
- kube
Cis booleanEnabled - labels string[]
List of labels.
- malware
Action string - maximum
Score number Value of allowed maximum score.
- maximum
Score booleanEnabled Indicates if exceeding the maximum score is scanned.
- maximum
Score booleanExclude No Fix Indicates that policy should ignore cases that do not have a known fix.
- monitored
Malware string[]Paths - name string
- only
None booleanRoot Users Indicates if raise a warning for images that should only be run as root.
- packages
Black booleanList Enabled Indicates if packages blacklist is relevant.
- packages
Black FunctionLists Assurance Policy Packages Black List Args[] List of backlisted images.
- packages
White booleanList Enabled Indicates if packages whitelist is relevant.
- packages
White FunctionLists Assurance Policy Packages White List Args[] List of whitelisted images.
- partial
Results booleanImage Fail - read
Only boolean - registries string[]
List of registries.
- registry string
- required
Labels FunctionAssurance Policy Required Label Args[] - required
Labels booleanEnabled - scan
Nfs booleanMounts - scan
Sensitive booleanData Indicates if scan should include sensitive data in the image.
- scap
Enabled boolean Indicates if scanning should include scap.
- scap
Files string[] List of SCAP user scripts for checks.
- scopes
Function
Assurance Policy Scope Args[] - trusted
Base FunctionImages Assurance Policy Trusted Base Image Args[] List of trusted images.
- trusted
Base booleanImages Enabled Indicates if list of trusted base images is relevant.
- whitelisted
Licenses string[] List of whitelisted licenses.
- whitelisted
Licenses booleanEnabled Indicates if license blacklist is relevant.
- application_
scopes Sequence[str] - allowed_
images Sequence[str] List of explicitly allowed images.
- audit_
on_ boolfailure Indicates if auditing for failures.
- auto_
scan_ boolconfigured - auto_
scan_ boolenabled - auto_
scan_ Sequence[Functiontimes Assurance Policy Auto Scan Time Args] - blacklist_
permissions Sequence[str] List of function's forbidden permissions.
- blacklist_
permissions_ boolenabled Indicates if blacklist permissions is relevant.
- blacklisted_
licenses Sequence[str] List of blacklisted licenses.
- blacklisted_
licenses_ boolenabled Lndicates if license blacklist is relevant.
- block_
failed bool Indicates if failed images are blocked.
- control_
exclude_ boolno_ fix - custom_
checks Sequence[FunctionAssurance Policy Custom Check Args] List of Custom user scripts for checks.
- custom_
checks_ boolenabled Indicates if scanning should include custom checks.
- custom_
severity_ boolenabled - cves_
black_ boollist_ enabled Indicates if cves blacklist is relevant.
- cves_
black_ Sequence[str]lists List of cves blacklisted items.
- cves_
white_ boollist_ enabled Indicates if cves whitelist is relevant.
- cves_
white_ Sequence[str]lists List of cves whitelisted licenses
- cvss_
severity str Identifier of the cvss severity.
- cvss_
severity_ boolenabled Indicates if the cvss severity is scanned.
- cvss_
severity_ boolexclude_ no_ fix Indicates that policy should ignore cvss cases that do not have a known fix.
- description str
- disallow_
malware bool Indicates if malware should block the image.
- docker_
cis_ boolenabled - domain str
Name of the container image.
- domain_
name str - dta_
enabled bool - dta_
severity str - enabled bool
- enforce bool
- enforce_
after_ intdays - enforce_
excessive_ boolpermissions - exceptional_
monitored_ Sequence[str]malware_ paths - fail_
cicd bool Indicates if cicd failures will fail the image.
- forbidden_
labels Sequence[FunctionAssurance Policy Forbidden Label Args] - forbidden_
labels_ boolenabled - force_
microenforcer bool - function_
integrity_ boolenabled - ignore_
recently_ boolpublished_ vln - ignore_
risk_ boolresources_ enabled Indicates if risk resources are ignored.
- ignored_
risk_ Sequence[str]resources List of ignored risk resources.
- images Sequence[str]
List of images.
- kube_
cis_ boolenabled - labels Sequence[str]
List of labels.
- malware_
action str - maximum_
score float Value of allowed maximum score.
- maximum_
score_ boolenabled Indicates if exceeding the maximum score is scanned.
- maximum_
score_ boolexclude_ no_ fix Indicates that policy should ignore cases that do not have a known fix.
- monitored_
malware_ Sequence[str]paths - name str
- only_
none_ boolroot_ users Indicates if raise a warning for images that should only be run as root.
- packages_
black_ boollist_ enabled Indicates if packages blacklist is relevant.
- packages_
black_ Sequence[Functionlists Assurance Policy Packages Black List Args] List of backlisted images.
- packages_
white_ boollist_ enabled Indicates if packages whitelist is relevant.
- packages_
white_ Sequence[Functionlists Assurance Policy Packages White List Args] List of whitelisted images.
- partial_
results_ boolimage_ fail - read_
only bool - registries Sequence[str]
List of registries.
- registry str
- required_
labels Sequence[FunctionAssurance Policy Required Label Args] - required_
labels_ boolenabled - scan_
nfs_ boolmounts - scan_
sensitive_ booldata Indicates if scan should include sensitive data in the image.
- scap_
enabled bool Indicates if scanning should include scap.
- scap_
files Sequence[str] List of SCAP user scripts for checks.
- scopes
Sequence[Function
Assurance Policy Scope Args] - trusted_
base_ Sequence[Functionimages Assurance Policy Trusted Base Image Args] List of trusted images.
- trusted_
base_ boolimages_ enabled Indicates if list of trusted base images is relevant.
- whitelisted_
licenses Sequence[str] List of whitelisted licenses.
- whitelisted_
licenses_ boolenabled Indicates if license blacklist is relevant.
- application
Scopes List<String> - allowed
Images List<String> List of explicitly allowed images.
- audit
On BooleanFailure Indicates if auditing for failures.
- auto
Scan BooleanConfigured - auto
Scan BooleanEnabled - auto
Scan List<Property Map>Times - blacklist
Permissions List<String> List of function's forbidden permissions.
- blacklist
Permissions BooleanEnabled Indicates if blacklist permissions is relevant.
- blacklisted
Licenses List<String> List of blacklisted licenses.
- blacklisted
Licenses BooleanEnabled Lndicates if license blacklist is relevant.
- block
Failed Boolean Indicates if failed images are blocked.
- control
Exclude BooleanNo Fix - custom
Checks List<Property Map> List of Custom user scripts for checks.
- custom
Checks BooleanEnabled Indicates if scanning should include custom checks.
- custom
Severity BooleanEnabled - cves
Black BooleanList Enabled Indicates if cves blacklist is relevant.
- cves
Black List<String>Lists List of cves blacklisted items.
- cves
White BooleanList Enabled Indicates if cves whitelist is relevant.
- cves
White List<String>Lists List of cves whitelisted licenses
- cvss
Severity String Identifier of the cvss severity.
- cvss
Severity BooleanEnabled Indicates if the cvss severity is scanned.
- cvss
Severity BooleanExclude No Fix Indicates that policy should ignore cvss cases that do not have a known fix.
- description String
- disallow
Malware Boolean Indicates if malware should block the image.
- docker
Cis BooleanEnabled - domain String
Name of the container image.
- domain
Name String - dta
Enabled Boolean - dta
Severity String - enabled Boolean
- enforce Boolean
- enforce
After NumberDays - enforce
Excessive BooleanPermissions - exceptional
Monitored List<String>Malware Paths - fail
Cicd Boolean Indicates if cicd failures will fail the image.
- forbidden
Labels List<Property Map> - forbidden
Labels BooleanEnabled - force
Microenforcer Boolean - function
Integrity BooleanEnabled - ignore
Recently BooleanPublished Vln - ignore
Risk BooleanResources Enabled Indicates if risk resources are ignored.
- ignored
Risk List<String>Resources List of ignored risk resources.
- images List<String>
List of images.
- kube
Cis BooleanEnabled - labels List<String>
List of labels.
- malware
Action String - maximum
Score Number Value of allowed maximum score.
- maximum
Score BooleanEnabled Indicates if exceeding the maximum score is scanned.
- maximum
Score BooleanExclude No Fix Indicates that policy should ignore cases that do not have a known fix.
- monitored
Malware List<String>Paths - name String
- only
None BooleanRoot Users Indicates if raise a warning for images that should only be run as root.
- packages
Black BooleanList Enabled Indicates if packages blacklist is relevant.
- packages
Black List<Property Map>Lists List of backlisted images.
- packages
White BooleanList Enabled Indicates if packages whitelist is relevant.
- packages
White List<Property Map>Lists List of whitelisted images.
- partial
Results BooleanImage Fail - read
Only Boolean - registries List<String>
List of registries.
- registry String
- required
Labels List<Property Map> - required
Labels BooleanEnabled - scan
Nfs BooleanMounts - scan
Sensitive BooleanData Indicates if scan should include sensitive data in the image.
- scap
Enabled Boolean Indicates if scanning should include scap.
- scap
Files List<String> List of SCAP user scripts for checks.
- scopes List<Property Map>
- trusted
Base List<Property Map>Images List of trusted images.
- trusted
Base BooleanImages Enabled Indicates if list of trusted base images is relevant.
- whitelisted
Licenses List<String> List of whitelisted licenses.
- whitelisted
Licenses BooleanEnabled Indicates if license blacklist is relevant.
Outputs
All input properties are implicitly available as output properties. Additionally, the FunctionAssurancePolicy resource produces the following output properties:
- string
Name of user account that created the policy.
- Id string
The provider-assigned unique ID for this managed resource.
- Ignore
Recently intPublished Vln Period
- string
Name of user account that created the policy.
- Id string
The provider-assigned unique ID for this managed resource.
- Ignore
Recently intPublished Vln Period
- String
Name of user account that created the policy.
- id String
The provider-assigned unique ID for this managed resource.
- ignore
Recently IntegerPublished Vln Period
- string
Name of user account that created the policy.
- id string
The provider-assigned unique ID for this managed resource.
- ignore
Recently numberPublished Vln Period
- str
Name of user account that created the policy.
- id str
The provider-assigned unique ID for this managed resource.
- ignore_
recently_ intpublished_ vln_ period
- String
Name of user account that created the policy.
- id String
The provider-assigned unique ID for this managed resource.
- ignore
Recently NumberPublished Vln Period
Look up Existing FunctionAssurancePolicy Resource
Get an existing FunctionAssurancePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FunctionAssurancePolicyState, opts?: CustomResourceOptions): FunctionAssurancePolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allowed_images: Optional[Sequence[str]] = None,
application_scopes: Optional[Sequence[str]] = None,
audit_on_failure: Optional[bool] = None,
author: Optional[str] = None,
auto_scan_configured: Optional[bool] = None,
auto_scan_enabled: Optional[bool] = None,
auto_scan_times: Optional[Sequence[FunctionAssurancePolicyAutoScanTimeArgs]] = None,
blacklist_permissions: Optional[Sequence[str]] = None,
blacklist_permissions_enabled: Optional[bool] = None,
blacklisted_licenses: Optional[Sequence[str]] = None,
blacklisted_licenses_enabled: Optional[bool] = None,
block_failed: Optional[bool] = None,
control_exclude_no_fix: Optional[bool] = None,
custom_checks: Optional[Sequence[FunctionAssurancePolicyCustomCheckArgs]] = None,
custom_checks_enabled: Optional[bool] = None,
custom_severity_enabled: Optional[bool] = None,
cves_black_list_enabled: Optional[bool] = None,
cves_black_lists: Optional[Sequence[str]] = None,
cves_white_list_enabled: Optional[bool] = None,
cves_white_lists: Optional[Sequence[str]] = None,
cvss_severity: Optional[str] = None,
cvss_severity_enabled: Optional[bool] = None,
cvss_severity_exclude_no_fix: Optional[bool] = None,
description: Optional[str] = None,
disallow_malware: Optional[bool] = None,
docker_cis_enabled: Optional[bool] = None,
domain: Optional[str] = None,
domain_name: Optional[str] = None,
dta_enabled: Optional[bool] = None,
dta_severity: Optional[str] = None,
enabled: Optional[bool] = None,
enforce: Optional[bool] = None,
enforce_after_days: Optional[int] = None,
enforce_excessive_permissions: Optional[bool] = None,
exceptional_monitored_malware_paths: Optional[Sequence[str]] = None,
fail_cicd: Optional[bool] = None,
forbidden_labels: Optional[Sequence[FunctionAssurancePolicyForbiddenLabelArgs]] = None,
forbidden_labels_enabled: Optional[bool] = None,
force_microenforcer: Optional[bool] = None,
function_integrity_enabled: Optional[bool] = None,
ignore_recently_published_vln: Optional[bool] = None,
ignore_recently_published_vln_period: Optional[int] = None,
ignore_risk_resources_enabled: Optional[bool] = None,
ignored_risk_resources: Optional[Sequence[str]] = None,
images: Optional[Sequence[str]] = None,
kube_cis_enabled: Optional[bool] = None,
labels: Optional[Sequence[str]] = None,
malware_action: Optional[str] = None,
maximum_score: Optional[float] = None,
maximum_score_enabled: Optional[bool] = None,
maximum_score_exclude_no_fix: Optional[bool] = None,
monitored_malware_paths: Optional[Sequence[str]] = None,
name: Optional[str] = None,
only_none_root_users: Optional[bool] = None,
packages_black_list_enabled: Optional[bool] = None,
packages_black_lists: Optional[Sequence[FunctionAssurancePolicyPackagesBlackListArgs]] = None,
packages_white_list_enabled: Optional[bool] = None,
packages_white_lists: Optional[Sequence[FunctionAssurancePolicyPackagesWhiteListArgs]] = None,
partial_results_image_fail: Optional[bool] = None,
read_only: Optional[bool] = None,
registries: Optional[Sequence[str]] = None,
registry: Optional[str] = None,
required_labels: Optional[Sequence[FunctionAssurancePolicyRequiredLabelArgs]] = None,
required_labels_enabled: Optional[bool] = None,
scan_nfs_mounts: Optional[bool] = None,
scan_sensitive_data: Optional[bool] = None,
scap_enabled: Optional[bool] = None,
scap_files: Optional[Sequence[str]] = None,
scopes: Optional[Sequence[FunctionAssurancePolicyScopeArgs]] = None,
trusted_base_images: Optional[Sequence[FunctionAssurancePolicyTrustedBaseImageArgs]] = None,
trusted_base_images_enabled: Optional[bool] = None,
whitelisted_licenses: Optional[Sequence[str]] = None,
whitelisted_licenses_enabled: Optional[bool] = None) -> FunctionAssurancePolicyfunc GetFunctionAssurancePolicy(ctx *Context, name string, id IDInput, state *FunctionAssurancePolicyState, opts ...ResourceOption) (*FunctionAssurancePolicy, error)public static FunctionAssurancePolicy Get(string name, Input<string> id, FunctionAssurancePolicyState? state, CustomResourceOptions? opts = null)public static FunctionAssurancePolicy get(String name, Output<String> id, FunctionAssurancePolicyState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allowed
Images List<string> List of explicitly allowed images.
- Application
Scopes List<string> - Audit
On boolFailure Indicates if auditing for failures.
- string
Name of user account that created the policy.
- Auto
Scan boolConfigured - Auto
Scan boolEnabled - Auto
Scan List<Pulumiverse.Times Aquasec. Inputs. Function Assurance Policy Auto Scan Time Args> - Blacklist
Permissions List<string> List of function's forbidden permissions.
- Blacklist
Permissions boolEnabled Indicates if blacklist permissions is relevant.
- Blacklisted
Licenses List<string> List of blacklisted licenses.
- Blacklisted
Licenses boolEnabled Lndicates if license blacklist is relevant.
- Block
Failed bool Indicates if failed images are blocked.
- Control
Exclude boolNo Fix - Custom
Checks List<Pulumiverse.Aquasec. Inputs. Function Assurance Policy Custom Check Args> List of Custom user scripts for checks.
- Custom
Checks boolEnabled Indicates if scanning should include custom checks.
- Custom
Severity boolEnabled - Cves
Black boolList Enabled Indicates if cves blacklist is relevant.
- Cves
Black List<string>Lists List of cves blacklisted items.
- Cves
White boolList Enabled Indicates if cves whitelist is relevant.
- Cves
White List<string>Lists List of cves whitelisted licenses
- Cvss
Severity string Identifier of the cvss severity.
- Cvss
Severity boolEnabled Indicates if the cvss severity is scanned.
- Cvss
Severity boolExclude No Fix Indicates that policy should ignore cvss cases that do not have a known fix.
- Description string
- Disallow
Malware bool Indicates if malware should block the image.
- Docker
Cis boolEnabled - Domain string
Name of the container image.
- Domain
Name string - Dta
Enabled bool - Dta
Severity string - Enabled bool
- Enforce bool
- Enforce
After intDays - Enforce
Excessive boolPermissions - Exceptional
Monitored List<string>Malware Paths - Fail
Cicd bool Indicates if cicd failures will fail the image.
- Forbidden
Labels List<Pulumiverse.Aquasec. Inputs. Function Assurance Policy Forbidden Label Args> - Forbidden
Labels boolEnabled - Force
Microenforcer bool - Function
Integrity boolEnabled - Ignore
Recently boolPublished Vln - Ignore
Recently intPublished Vln Period - Ignore
Risk boolResources Enabled Indicates if risk resources are ignored.
- Ignored
Risk List<string>Resources List of ignored risk resources.
- Images List<string>
List of images.
- Kube
Cis boolEnabled - Labels List<string>
List of labels.
- Malware
Action string - Maximum
Score double Value of allowed maximum score.
- Maximum
Score boolEnabled Indicates if exceeding the maximum score is scanned.
- Maximum
Score boolExclude No Fix Indicates that policy should ignore cases that do not have a known fix.
- Monitored
Malware List<string>Paths - Name string
- Only
None boolRoot Users Indicates if raise a warning for images that should only be run as root.
- Packages
Black boolList Enabled Indicates if packages blacklist is relevant.
- Packages
Black List<Pulumiverse.Lists Aquasec. Inputs. Function Assurance Policy Packages Black List Args> List of backlisted images.
- Packages
White boolList Enabled Indicates if packages whitelist is relevant.
- Packages
White List<Pulumiverse.Lists Aquasec. Inputs. Function Assurance Policy Packages White List Args> List of whitelisted images.
- Partial
Results boolImage Fail - Read
Only bool - Registries List<string>
List of registries.
- Registry string
- Required
Labels List<Pulumiverse.Aquasec. Inputs. Function Assurance Policy Required Label Args> - Required
Labels boolEnabled - Scan
Nfs boolMounts - Scan
Sensitive boolData Indicates if scan should include sensitive data in the image.
- Scap
Enabled bool Indicates if scanning should include scap.
- Scap
Files List<string> List of SCAP user scripts for checks.
- Scopes
List<Pulumiverse.
Aquasec. Inputs. Function Assurance Policy Scope Args> - Trusted
Base List<Pulumiverse.Images Aquasec. Inputs. Function Assurance Policy Trusted Base Image Args> List of trusted images.
- Trusted
Base boolImages Enabled Indicates if list of trusted base images is relevant.
- Whitelisted
Licenses List<string> List of whitelisted licenses.
- Whitelisted
Licenses boolEnabled Indicates if license blacklist is relevant.
- Allowed
Images []string List of explicitly allowed images.
- Application
Scopes []string - Audit
On boolFailure Indicates if auditing for failures.
- string
Name of user account that created the policy.
- Auto
Scan boolConfigured - Auto
Scan boolEnabled - Auto
Scan []FunctionTimes Assurance Policy Auto Scan Time Args - Blacklist
Permissions []string List of function's forbidden permissions.
- Blacklist
Permissions boolEnabled Indicates if blacklist permissions is relevant.
- Blacklisted
Licenses []string List of blacklisted licenses.
- Blacklisted
Licenses boolEnabled Lndicates if license blacklist is relevant.
- Block
Failed bool Indicates if failed images are blocked.
- Control
Exclude boolNo Fix - Custom
Checks []FunctionAssurance Policy Custom Check Args List of Custom user scripts for checks.
- Custom
Checks boolEnabled Indicates if scanning should include custom checks.
- Custom
Severity boolEnabled - Cves
Black boolList Enabled Indicates if cves blacklist is relevant.
- Cves
Black []stringLists List of cves blacklisted items.
- Cves
White boolList Enabled Indicates if cves whitelist is relevant.
- Cves
White []stringLists List of cves whitelisted licenses
- Cvss
Severity string Identifier of the cvss severity.
- Cvss
Severity boolEnabled Indicates if the cvss severity is scanned.
- Cvss
Severity boolExclude No Fix Indicates that policy should ignore cvss cases that do not have a known fix.
- Description string
- Disallow
Malware bool Indicates if malware should block the image.
- Docker
Cis boolEnabled - Domain string
Name of the container image.
- Domain
Name string - Dta
Enabled bool - Dta
Severity string - Enabled bool
- Enforce bool
- Enforce
After intDays - Enforce
Excessive boolPermissions - Exceptional
Monitored []stringMalware Paths - Fail
Cicd bool Indicates if cicd failures will fail the image.
- Forbidden
Labels []FunctionAssurance Policy Forbidden Label Args - Forbidden
Labels boolEnabled - Force
Microenforcer bool - Function
Integrity boolEnabled - Ignore
Recently boolPublished Vln - Ignore
Recently intPublished Vln Period - Ignore
Risk boolResources Enabled Indicates if risk resources are ignored.
- Ignored
Risk []stringResources List of ignored risk resources.
- Images []string
List of images.
- Kube
Cis boolEnabled - Labels []string
List of labels.
- Malware
Action string - Maximum
Score float64 Value of allowed maximum score.
- Maximum
Score boolEnabled Indicates if exceeding the maximum score is scanned.
- Maximum
Score boolExclude No Fix Indicates that policy should ignore cases that do not have a known fix.
- Monitored
Malware []stringPaths - Name string
- Only
None boolRoot Users Indicates if raise a warning for images that should only be run as root.
- Packages
Black boolList Enabled Indicates if packages blacklist is relevant.
- Packages
Black []FunctionLists Assurance Policy Packages Black List Args List of backlisted images.
- Packages
White boolList Enabled Indicates if packages whitelist is relevant.
- Packages
White []FunctionLists Assurance Policy Packages White List Args List of whitelisted images.
- Partial
Results boolImage Fail - Read
Only bool - Registries []string
List of registries.
- Registry string
- Required
Labels []FunctionAssurance Policy Required Label Args - Required
Labels boolEnabled - Scan
Nfs boolMounts - Scan
Sensitive boolData Indicates if scan should include sensitive data in the image.
- Scap
Enabled bool Indicates if scanning should include scap.
- Scap
Files []string List of SCAP user scripts for checks.
- Scopes
[]Function
Assurance Policy Scope Args - Trusted
Base []FunctionImages Assurance Policy Trusted Base Image Args List of trusted images.
- Trusted
Base boolImages Enabled Indicates if list of trusted base images is relevant.
- Whitelisted
Licenses []string List of whitelisted licenses.
- Whitelisted
Licenses boolEnabled Indicates if license blacklist is relevant.
- allowed
Images List<String> List of explicitly allowed images.
- application
Scopes List<String> - audit
On BooleanFailure Indicates if auditing for failures.
- String
Name of user account that created the policy.
- auto
Scan BooleanConfigured - auto
Scan BooleanEnabled - auto
Scan List<FunctionTimes Assurance Policy Auto Scan Time Args> - blacklist
Permissions List<String> List of function's forbidden permissions.
- blacklist
Permissions BooleanEnabled Indicates if blacklist permissions is relevant.
- blacklisted
Licenses List<String> List of blacklisted licenses.
- blacklisted
Licenses BooleanEnabled Lndicates if license blacklist is relevant.
- block
Failed Boolean Indicates if failed images are blocked.
- control
Exclude BooleanNo Fix - custom
Checks List<FunctionAssurance Policy Custom Check Args> List of Custom user scripts for checks.
- custom
Checks BooleanEnabled Indicates if scanning should include custom checks.
- custom
Severity BooleanEnabled - cves
Black BooleanList Enabled Indicates if cves blacklist is relevant.
- cves
Black List<String>Lists List of cves blacklisted items.
- cves
White BooleanList Enabled Indicates if cves whitelist is relevant.
- cves
White List<String>Lists List of cves whitelisted licenses
- cvss
Severity String Identifier of the cvss severity.
- cvss
Severity BooleanEnabled Indicates if the cvss severity is scanned.
- cvss
Severity BooleanExclude No Fix Indicates that policy should ignore cvss cases that do not have a known fix.
- description String
- disallow
Malware Boolean Indicates if malware should block the image.
- docker
Cis BooleanEnabled - domain String
Name of the container image.
- domain
Name String - dta
Enabled Boolean - dta
Severity String - enabled Boolean
- enforce Boolean
- enforce
After IntegerDays - enforce
Excessive BooleanPermissions - exceptional
Monitored List<String>Malware Paths - fail
Cicd Boolean Indicates if cicd failures will fail the image.
- forbidden
Labels List<FunctionAssurance Policy Forbidden Label Args> - forbidden
Labels BooleanEnabled - force
Microenforcer Boolean - function
Integrity BooleanEnabled - ignore
Recently BooleanPublished Vln - ignore
Recently IntegerPublished Vln Period - ignore
Risk BooleanResources Enabled Indicates if risk resources are ignored.
- ignored
Risk List<String>Resources List of ignored risk resources.
- images List<String>
List of images.
- kube
Cis BooleanEnabled - labels List<String>
List of labels.
- malware
Action String - maximum
Score Double Value of allowed maximum score.
- maximum
Score BooleanEnabled Indicates if exceeding the maximum score is scanned.
- maximum
Score BooleanExclude No Fix Indicates that policy should ignore cases that do not have a known fix.
- monitored
Malware List<String>Paths - name String
- only
None BooleanRoot Users Indicates if raise a warning for images that should only be run as root.
- packages
Black BooleanList Enabled Indicates if packages blacklist is relevant.
- packages
Black List<FunctionLists Assurance Policy Packages Black List Args> List of backlisted images.
- packages
White BooleanList Enabled Indicates if packages whitelist is relevant.
- packages
White List<FunctionLists Assurance Policy Packages White List Args> List of whitelisted images.
- partial
Results BooleanImage Fail - read
Only Boolean - registries List<String>
List of registries.
- registry String
- required
Labels List<FunctionAssurance Policy Required Label Args> - required
Labels BooleanEnabled - scan
Nfs BooleanMounts - scan
Sensitive BooleanData Indicates if scan should include sensitive data in the image.
- scap
Enabled Boolean Indicates if scanning should include scap.
- scap
Files List<String> List of SCAP user scripts for checks.
- scopes
List<Function
Assurance Policy Scope Args> - trusted
Base List<FunctionImages Assurance Policy Trusted Base Image Args> List of trusted images.
- trusted
Base BooleanImages Enabled Indicates if list of trusted base images is relevant.
- whitelisted
Licenses List<String> List of whitelisted licenses.
- whitelisted
Licenses BooleanEnabled Indicates if license blacklist is relevant.
- allowed
Images string[] List of explicitly allowed images.
- application
Scopes string[] - audit
On booleanFailure Indicates if auditing for failures.
- string
Name of user account that created the policy.
- auto
Scan booleanConfigured - auto
Scan booleanEnabled - auto
Scan FunctionTimes Assurance Policy Auto Scan Time Args[] - blacklist
Permissions string[] List of function's forbidden permissions.
- blacklist
Permissions booleanEnabled Indicates if blacklist permissions is relevant.
- blacklisted
Licenses string[] List of blacklisted licenses.
- blacklisted
Licenses booleanEnabled Lndicates if license blacklist is relevant.
- block
Failed boolean Indicates if failed images are blocked.
- control
Exclude booleanNo Fix - custom
Checks FunctionAssurance Policy Custom Check Args[] List of Custom user scripts for checks.
- custom
Checks booleanEnabled Indicates if scanning should include custom checks.
- custom
Severity booleanEnabled - cves
Black booleanList Enabled Indicates if cves blacklist is relevant.
- cves
Black string[]Lists List of cves blacklisted items.
- cves
White booleanList Enabled Indicates if cves whitelist is relevant.
- cves
White string[]Lists List of cves whitelisted licenses
- cvss
Severity string Identifier of the cvss severity.
- cvss
Severity booleanEnabled Indicates if the cvss severity is scanned.
- cvss
Severity booleanExclude No Fix Indicates that policy should ignore cvss cases that do not have a known fix.
- description string
- disallow
Malware boolean Indicates if malware should block the image.
- docker
Cis booleanEnabled - domain string
Name of the container image.
- domain
Name string - dta
Enabled boolean - dta
Severity string - enabled boolean
- enforce boolean
- enforce
After numberDays - enforce
Excessive booleanPermissions - exceptional
Monitored string[]Malware Paths - fail
Cicd boolean Indicates if cicd failures will fail the image.
- forbidden
Labels FunctionAssurance Policy Forbidden Label Args[] - forbidden
Labels booleanEnabled - force
Microenforcer boolean - function
Integrity booleanEnabled - ignore
Recently booleanPublished Vln - ignore
Recently numberPublished Vln Period - ignore
Risk booleanResources Enabled Indicates if risk resources are ignored.
- ignored
Risk string[]Resources List of ignored risk resources.
- images string[]
List of images.
- kube
Cis booleanEnabled - labels string[]
List of labels.
- malware
Action string - maximum
Score number Value of allowed maximum score.
- maximum
Score booleanEnabled Indicates if exceeding the maximum score is scanned.
- maximum
Score booleanExclude No Fix Indicates that policy should ignore cases that do not have a known fix.
- monitored
Malware string[]Paths - name string
- only
None booleanRoot Users Indicates if raise a warning for images that should only be run as root.
- packages
Black booleanList Enabled Indicates if packages blacklist is relevant.
- packages
Black FunctionLists Assurance Policy Packages Black List Args[] List of backlisted images.
- packages
White booleanList Enabled Indicates if packages whitelist is relevant.
- packages
White FunctionLists Assurance Policy Packages White List Args[] List of whitelisted images.
- partial
Results booleanImage Fail - read
Only boolean - registries string[]
List of registries.
- registry string
- required
Labels FunctionAssurance Policy Required Label Args[] - required
Labels booleanEnabled - scan
Nfs booleanMounts - scan
Sensitive booleanData Indicates if scan should include sensitive data in the image.
- scap
Enabled boolean Indicates if scanning should include scap.
- scap
Files string[] List of SCAP user scripts for checks.
- scopes
Function
Assurance Policy Scope Args[] - trusted
Base FunctionImages Assurance Policy Trusted Base Image Args[] List of trusted images.
- trusted
Base booleanImages Enabled Indicates if list of trusted base images is relevant.
- whitelisted
Licenses string[] List of whitelisted licenses.
- whitelisted
Licenses booleanEnabled Indicates if license blacklist is relevant.
- allowed_
images Sequence[str] List of explicitly allowed images.
- application_
scopes Sequence[str] - audit_
on_ boolfailure Indicates if auditing for failures.
- str
Name of user account that created the policy.
- auto_
scan_ boolconfigured - auto_
scan_ boolenabled - auto_
scan_ Sequence[Functiontimes Assurance Policy Auto Scan Time Args] - blacklist_
permissions Sequence[str] List of function's forbidden permissions.
- blacklist_
permissions_ boolenabled Indicates if blacklist permissions is relevant.
- blacklisted_
licenses Sequence[str] List of blacklisted licenses.
- blacklisted_
licenses_ boolenabled Lndicates if license blacklist is relevant.
- block_
failed bool Indicates if failed images are blocked.
- control_
exclude_ boolno_ fix - custom_
checks Sequence[FunctionAssurance Policy Custom Check Args] List of Custom user scripts for checks.
- custom_
checks_ boolenabled Indicates if scanning should include custom checks.
- custom_
severity_ boolenabled - cves_
black_ boollist_ enabled Indicates if cves blacklist is relevant.
- cves_
black_ Sequence[str]lists List of cves blacklisted items.
- cves_
white_ boollist_ enabled Indicates if cves whitelist is relevant.
- cves_
white_ Sequence[str]lists List of cves whitelisted licenses
- cvss_
severity str Identifier of the cvss severity.
- cvss_
severity_ boolenabled Indicates if the cvss severity is scanned.
- cvss_
severity_ boolexclude_ no_ fix Indicates that policy should ignore cvss cases that do not have a known fix.
- description str
- disallow_
malware bool Indicates if malware should block the image.
- docker_
cis_ boolenabled - domain str
Name of the container image.
- domain_
name str - dta_
enabled bool - dta_
severity str - enabled bool
- enforce bool
- enforce_
after_ intdays - enforce_
excessive_ boolpermissions - exceptional_
monitored_ Sequence[str]malware_ paths - fail_
cicd bool Indicates if cicd failures will fail the image.
- forbidden_
labels Sequence[FunctionAssurance Policy Forbidden Label Args] - forbidden_
labels_ boolenabled - force_
microenforcer bool - function_
integrity_ boolenabled - ignore_
recently_ boolpublished_ vln - ignore_
recently_ intpublished_ vln_ period - ignore_
risk_ boolresources_ enabled Indicates if risk resources are ignored.
- ignored_
risk_ Sequence[str]resources List of ignored risk resources.
- images Sequence[str]
List of images.
- kube_
cis_ boolenabled - labels Sequence[str]
List of labels.
- malware_
action str - maximum_
score float Value of allowed maximum score.
- maximum_
score_ boolenabled Indicates if exceeding the maximum score is scanned.
- maximum_
score_ boolexclude_ no_ fix Indicates that policy should ignore cases that do not have a known fix.
- monitored_
malware_ Sequence[str]paths - name str
- only_
none_ boolroot_ users Indicates if raise a warning for images that should only be run as root.
- packages_
black_ boollist_ enabled Indicates if packages blacklist is relevant.
- packages_
black_ Sequence[Functionlists Assurance Policy Packages Black List Args] List of backlisted images.
- packages_
white_ boollist_ enabled Indicates if packages whitelist is relevant.
- packages_
white_ Sequence[Functionlists Assurance Policy Packages White List Args] List of whitelisted images.
- partial_
results_ boolimage_ fail - read_
only bool - registries Sequence[str]
List of registries.
- registry str
- required_
labels Sequence[FunctionAssurance Policy Required Label Args] - required_
labels_ boolenabled - scan_
nfs_ boolmounts - scan_
sensitive_ booldata Indicates if scan should include sensitive data in the image.
- scap_
enabled bool Indicates if scanning should include scap.
- scap_
files Sequence[str] List of SCAP user scripts for checks.
- scopes
Sequence[Function
Assurance Policy Scope Args] - trusted_
base_ Sequence[Functionimages Assurance Policy Trusted Base Image Args] List of trusted images.
- trusted_
base_ boolimages_ enabled Indicates if list of trusted base images is relevant.
- whitelisted_
licenses Sequence[str] List of whitelisted licenses.
- whitelisted_
licenses_ boolenabled Indicates if license blacklist is relevant.
- allowed
Images List<String> List of explicitly allowed images.
- application
Scopes List<String> - audit
On BooleanFailure Indicates if auditing for failures.
- String
Name of user account that created the policy.
- auto
Scan BooleanConfigured - auto
Scan BooleanEnabled - auto
Scan List<Property Map>Times - blacklist
Permissions List<String> List of function's forbidden permissions.
- blacklist
Permissions BooleanEnabled Indicates if blacklist permissions is relevant.
- blacklisted
Licenses List<String> List of blacklisted licenses.
- blacklisted
Licenses BooleanEnabled Lndicates if license blacklist is relevant.
- block
Failed Boolean Indicates if failed images are blocked.
- control
Exclude BooleanNo Fix - custom
Checks List<Property Map> List of Custom user scripts for checks.
- custom
Checks BooleanEnabled Indicates if scanning should include custom checks.
- custom
Severity BooleanEnabled - cves
Black BooleanList Enabled Indicates if cves blacklist is relevant.
- cves
Black List<String>Lists List of cves blacklisted items.
- cves
White BooleanList Enabled Indicates if cves whitelist is relevant.
- cves
White List<String>Lists List of cves whitelisted licenses
- cvss
Severity String Identifier of the cvss severity.
- cvss
Severity BooleanEnabled Indicates if the cvss severity is scanned.
- cvss
Severity BooleanExclude No Fix Indicates that policy should ignore cvss cases that do not have a known fix.
- description String
- disallow
Malware Boolean Indicates if malware should block the image.
- docker
Cis BooleanEnabled - domain String
Name of the container image.
- domain
Name String - dta
Enabled Boolean - dta
Severity String - enabled Boolean
- enforce Boolean
- enforce
After NumberDays - enforce
Excessive BooleanPermissions - exceptional
Monitored List<String>Malware Paths - fail
Cicd Boolean Indicates if cicd failures will fail the image.
- forbidden
Labels List<Property Map> - forbidden
Labels BooleanEnabled - force
Microenforcer Boolean - function
Integrity BooleanEnabled - ignore
Recently BooleanPublished Vln - ignore
Recently NumberPublished Vln Period - ignore
Risk BooleanResources Enabled Indicates if risk resources are ignored.
- ignored
Risk List<String>Resources List of ignored risk resources.
- images List<String>
List of images.
- kube
Cis BooleanEnabled - labels List<String>
List of labels.
- malware
Action String - maximum
Score Number Value of allowed maximum score.
- maximum
Score BooleanEnabled Indicates if exceeding the maximum score is scanned.
- maximum
Score BooleanExclude No Fix Indicates that policy should ignore cases that do not have a known fix.
- monitored
Malware List<String>Paths - name String
- only
None BooleanRoot Users Indicates if raise a warning for images that should only be run as root.
- packages
Black BooleanList Enabled Indicates if packages blacklist is relevant.
- packages
Black List<Property Map>Lists List of backlisted images.
- packages
White BooleanList Enabled Indicates if packages whitelist is relevant.
- packages
White List<Property Map>Lists List of whitelisted images.
- partial
Results BooleanImage Fail - read
Only Boolean - registries List<String>
List of registries.
- registry String
- required
Labels List<Property Map> - required
Labels BooleanEnabled - scan
Nfs BooleanMounts - scan
Sensitive BooleanData Indicates if scan should include sensitive data in the image.
- scap
Enabled Boolean Indicates if scanning should include scap.
- scap
Files List<String> List of SCAP user scripts for checks.
- scopes List<Property Map>
- trusted
Base List<Property Map>Images List of trusted images.
- trusted
Base BooleanImages Enabled Indicates if list of trusted base images is relevant.
- whitelisted
Licenses List<String> List of whitelisted licenses.
- whitelisted
Licenses BooleanEnabled Indicates if license blacklist is relevant.
Supporting Types
FunctionAssurancePolicyAutoScanTime
- Iteration int
- Iteration
Type string - Time string
- Week
Days List<string>
- Iteration int
- Iteration
Type string - Time string
- Week
Days []string
- iteration Integer
- iteration
Type String - time String
- week
Days List<String>
- iteration number
- iteration
Type string - time string
- week
Days string[]
- iteration int
- iteration_
type str - time str
- week_
days Sequence[str]
- iteration Number
- iteration
Type String - time String
- week
Days List<String>
FunctionAssurancePolicyCustomCheck
- string
Name of user account that created the policy.
- Description string
- Engine string
- Last
Modified int - Name string
- Path string
- Read
Only bool - Script
Id string - Severity string
- Snippet string
- string
Name of user account that created the policy.
- Description string
- Engine string
- Last
Modified int - Name string
- Path string
- Read
Only bool - Script
Id string - Severity string
- Snippet string
- String
Name of user account that created the policy.
- description String
- engine String
- last
Modified Integer - name String
- path String
- read
Only Boolean - script
Id String - severity String
- snippet String
- string
Name of user account that created the policy.
- description string
- engine string
- last
Modified number - name string
- path string
- read
Only boolean - script
Id string - severity string
- snippet string
- str
Name of user account that created the policy.
- description str
- engine str
- last_
modified int - name str
- path str
- read_
only bool - script_
id str - severity str
- snippet str
- String
Name of user account that created the policy.
- description String
- engine String
- last
Modified Number - name String
- path String
- read
Only Boolean - script
Id String - severity String
- snippet String
FunctionAssurancePolicyForbiddenLabel
FunctionAssurancePolicyPackagesBlackList
FunctionAssurancePolicyPackagesWhiteList
FunctionAssurancePolicyRequiredLabel
FunctionAssurancePolicyScope
FunctionAssurancePolicyScopeVariable
FunctionAssurancePolicyTrustedBaseImage
Package Details
- Repository
- aquasec pulumiverse/pulumi-aquasec
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
aquasecTerraform Provider.