1. Packages
  2. Aquasec
  3. API Docs
  4. getHostAssurancePolicy
Aquasec v0.8.29 published on Monday, Jul 22, 2024 by Pulumiverse

aquasec.getHostAssurancePolicy

Explore with Pulumi AI

aquasec logo
Aquasec v0.8.29 published on Monday, Jul 22, 2024 by Pulumiverse

    Using getHostAssurancePolicy

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getHostAssurancePolicy(args: GetHostAssurancePolicyArgs, opts?: InvokeOptions): Promise<GetHostAssurancePolicyResult>
    function getHostAssurancePolicyOutput(args: GetHostAssurancePolicyOutputArgs, opts?: InvokeOptions): Output<GetHostAssurancePolicyResult>
    def get_host_assurance_policy(name: Optional[str] = None,
                                  opts: Optional[InvokeOptions] = None) -> GetHostAssurancePolicyResult
    def get_host_assurance_policy_output(name: Optional[pulumi.Input[str]] = None,
                                  opts: Optional[InvokeOptions] = None) -> Output[GetHostAssurancePolicyResult]
    func LookupHostAssurancePolicy(ctx *Context, args *LookupHostAssurancePolicyArgs, opts ...InvokeOption) (*LookupHostAssurancePolicyResult, error)
    func LookupHostAssurancePolicyOutput(ctx *Context, args *LookupHostAssurancePolicyOutputArgs, opts ...InvokeOption) LookupHostAssurancePolicyResultOutput

    > Note: This function is named LookupHostAssurancePolicy in the Go SDK.

    public static class GetHostAssurancePolicy 
    {
        public static Task<GetHostAssurancePolicyResult> InvokeAsync(GetHostAssurancePolicyArgs args, InvokeOptions? opts = null)
        public static Output<GetHostAssurancePolicyResult> Invoke(GetHostAssurancePolicyInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetHostAssurancePolicyResult> getHostAssurancePolicy(GetHostAssurancePolicyArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: aquasec:index/getHostAssurancePolicy:getHostAssurancePolicy
      arguments:
        # arguments dictionary

    The following arguments are supported:

    Name string
    Name string
    name String
    name string
    name str
    name String

    getHostAssurancePolicy Result

    The following output properties are available:

    AllowedImages List<string>
    List of explicitly allowed images.
    ApplicationScopes List<string>
    AuditOnFailure bool
    Indicates if auditing for failures.
    Author string
    Name of user account that created the policy.
    AutoScanConfigured bool
    AutoScanEnabled bool
    AutoScanTimes List<Pulumiverse.Aquasec.Outputs.GetHostAssurancePolicyAutoScanTime>
    BlacklistPermissions List<string>
    List of function's forbidden permissions.
    BlacklistPermissionsEnabled bool
    Indicates if blacklist permissions is relevant.
    BlacklistedLicenses List<string>
    List of blacklisted licenses.
    BlacklistedLicensesEnabled bool
    Indicates if license blacklist is relevant.
    BlockFailed bool
    Indicates if failed images are blocked.
    ControlExcludeNoFix bool
    CustomChecks List<Pulumiverse.Aquasec.Outputs.GetHostAssurancePolicyCustomCheck>
    List of Custom user scripts for checks.
    CustomChecksEnabled bool
    Indicates if scanning should include custom checks.
    CustomSeverityEnabled bool
    CvesBlackListEnabled bool
    Indicates if CVEs blacklist is relevant.
    CvesBlackLists List<string>
    List of CVEs blacklisted items.
    CvesWhiteListEnabled bool
    Indicates if CVEs whitelist is relevant.
    CvesWhiteLists List<string>
    List of cves whitelisted licenses
    CvssSeverity string
    Identifier of the cvss severity.
    CvssSeverityEnabled bool
    Indicates if the cvss severity is scanned.
    CvssSeverityExcludeNoFix bool
    Indicates that policy should ignore cvss cases that do not have a known fix.
    Description string
    DisallowMalware bool
    Indicates if malware should block the image.
    DockerCisEnabled bool
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    Domain string
    Name of the container image.
    DomainName string
    DtaEnabled bool
    DtaSeverity string
    Enabled bool
    Enforce bool
    EnforceAfterDays int
    EnforceExcessivePermissions bool
    ExceptionalMonitoredMalwarePaths List<string>
    FailCicd bool
    Indicates if cicd failures will fail the image.
    ForbiddenLabels List<Pulumiverse.Aquasec.Outputs.GetHostAssurancePolicyForbiddenLabel>
    ForbiddenLabelsEnabled bool
    ForceMicroenforcer bool
    FunctionIntegrityEnabled bool
    Id string
    The ID of this resource.
    IgnoreRecentlyPublishedVln bool
    IgnoreRecentlyPublishedVlnPeriod int
    IgnoreRiskResourcesEnabled bool
    Indicates if risk resources are ignored.
    IgnoredRiskResources List<string>
    List of ignored risk resources.
    Images List<string>
    List of images.
    KubeCisEnabled bool
    Performs a Kubernetes CIS benchmark check for the host.
    Labels List<string>
    List of labels.
    MalwareAction string
    MaximumScore double
    Value of allowed maximum score.
    MaximumScoreEnabled bool
    Indicates if exceeding the maximum score is scanned.
    MaximumScoreExcludeNoFix bool
    Indicates that policy should ignore cases that do not have a known fix.
    MonitoredMalwarePaths List<string>
    Name string
    OnlyNoneRootUsers bool
    Indicates if raise a warning for images that should only be run as root.
    PackagesBlackListEnabled bool
    Indicates if packages blacklist is relevant.
    PackagesBlackLists List<Pulumiverse.Aquasec.Outputs.GetHostAssurancePolicyPackagesBlackList>
    List of blacklisted images.
    PackagesWhiteListEnabled bool
    Indicates if packages whitelist is relevant.
    PackagesWhiteLists List<Pulumiverse.Aquasec.Outputs.GetHostAssurancePolicyPackagesWhiteList>
    List of whitelisted images.
    PartialResultsImageFail bool
    ReadOnly bool
    Registries List<string>
    List of registries.
    Registry string
    RequiredLabels List<Pulumiverse.Aquasec.Outputs.GetHostAssurancePolicyRequiredLabel>
    RequiredLabelsEnabled bool
    ScanNfsMounts bool
    ScanSensitiveData bool
    Indicates if scan should include sensitive data in the image.
    ScapEnabled bool
    Indicates if scanning should include scap.
    ScapFiles List<string>
    List of SCAP user scripts for checks.
    Scopes List<Pulumiverse.Aquasec.Outputs.GetHostAssurancePolicyScope>
    TrustedBaseImages List<Pulumiverse.Aquasec.Outputs.GetHostAssurancePolicyTrustedBaseImage>
    List of trusted images.
    TrustedBaseImagesEnabled bool
    Indicates if list of trusted base images is relevant.
    WhitelistedLicenses List<string>
    List of whitelisted licenses.
    WhitelistedLicensesEnabled bool
    Indicates if license blacklist is relevant.
    AllowedImages []string
    List of explicitly allowed images.
    ApplicationScopes []string
    AuditOnFailure bool
    Indicates if auditing for failures.
    Author string
    Name of user account that created the policy.
    AutoScanConfigured bool
    AutoScanEnabled bool
    AutoScanTimes []GetHostAssurancePolicyAutoScanTime
    BlacklistPermissions []string
    List of function's forbidden permissions.
    BlacklistPermissionsEnabled bool
    Indicates if blacklist permissions is relevant.
    BlacklistedLicenses []string
    List of blacklisted licenses.
    BlacklistedLicensesEnabled bool
    Indicates if license blacklist is relevant.
    BlockFailed bool
    Indicates if failed images are blocked.
    ControlExcludeNoFix bool
    CustomChecks []GetHostAssurancePolicyCustomCheck
    List of Custom user scripts for checks.
    CustomChecksEnabled bool
    Indicates if scanning should include custom checks.
    CustomSeverityEnabled bool
    CvesBlackListEnabled bool
    Indicates if CVEs blacklist is relevant.
    CvesBlackLists []string
    List of CVEs blacklisted items.
    CvesWhiteListEnabled bool
    Indicates if CVEs whitelist is relevant.
    CvesWhiteLists []string
    List of cves whitelisted licenses
    CvssSeverity string
    Identifier of the cvss severity.
    CvssSeverityEnabled bool
    Indicates if the cvss severity is scanned.
    CvssSeverityExcludeNoFix bool
    Indicates that policy should ignore cvss cases that do not have a known fix.
    Description string
    DisallowMalware bool
    Indicates if malware should block the image.
    DockerCisEnabled bool
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    Domain string
    Name of the container image.
    DomainName string
    DtaEnabled bool
    DtaSeverity string
    Enabled bool
    Enforce bool
    EnforceAfterDays int
    EnforceExcessivePermissions bool
    ExceptionalMonitoredMalwarePaths []string
    FailCicd bool
    Indicates if cicd failures will fail the image.
    ForbiddenLabels []GetHostAssurancePolicyForbiddenLabel
    ForbiddenLabelsEnabled bool
    ForceMicroenforcer bool
    FunctionIntegrityEnabled bool
    Id string
    The ID of this resource.
    IgnoreRecentlyPublishedVln bool
    IgnoreRecentlyPublishedVlnPeriod int
    IgnoreRiskResourcesEnabled bool
    Indicates if risk resources are ignored.
    IgnoredRiskResources []string
    List of ignored risk resources.
    Images []string
    List of images.
    KubeCisEnabled bool
    Performs a Kubernetes CIS benchmark check for the host.
    Labels []string
    List of labels.
    MalwareAction string
    MaximumScore float64
    Value of allowed maximum score.
    MaximumScoreEnabled bool
    Indicates if exceeding the maximum score is scanned.
    MaximumScoreExcludeNoFix bool
    Indicates that policy should ignore cases that do not have a known fix.
    MonitoredMalwarePaths []string
    Name string
    OnlyNoneRootUsers bool
    Indicates if raise a warning for images that should only be run as root.
    PackagesBlackListEnabled bool
    Indicates if packages blacklist is relevant.
    PackagesBlackLists []GetHostAssurancePolicyPackagesBlackList
    List of blacklisted images.
    PackagesWhiteListEnabled bool
    Indicates if packages whitelist is relevant.
    PackagesWhiteLists []GetHostAssurancePolicyPackagesWhiteList
    List of whitelisted images.
    PartialResultsImageFail bool
    ReadOnly bool
    Registries []string
    List of registries.
    Registry string
    RequiredLabels []GetHostAssurancePolicyRequiredLabel
    RequiredLabelsEnabled bool
    ScanNfsMounts bool
    ScanSensitiveData bool
    Indicates if scan should include sensitive data in the image.
    ScapEnabled bool
    Indicates if scanning should include scap.
    ScapFiles []string
    List of SCAP user scripts for checks.
    Scopes []GetHostAssurancePolicyScope
    TrustedBaseImages []GetHostAssurancePolicyTrustedBaseImage
    List of trusted images.
    TrustedBaseImagesEnabled bool
    Indicates if list of trusted base images is relevant.
    WhitelistedLicenses []string
    List of whitelisted licenses.
    WhitelistedLicensesEnabled bool
    Indicates if license blacklist is relevant.
    allowedImages List<String>
    List of explicitly allowed images.
    applicationScopes List<String>
    auditOnFailure Boolean
    Indicates if auditing for failures.
    author String
    Name of user account that created the policy.
    autoScanConfigured Boolean
    autoScanEnabled Boolean
    autoScanTimes List<GetHostAssurancePolicyAutoScanTime>
    blacklistPermissions List<String>
    List of function's forbidden permissions.
    blacklistPermissionsEnabled Boolean
    Indicates if blacklist permissions is relevant.
    blacklistedLicenses List<String>
    List of blacklisted licenses.
    blacklistedLicensesEnabled Boolean
    Indicates if license blacklist is relevant.
    blockFailed Boolean
    Indicates if failed images are blocked.
    controlExcludeNoFix Boolean
    customChecks List<GetHostAssurancePolicyCustomCheck>
    List of Custom user scripts for checks.
    customChecksEnabled Boolean
    Indicates if scanning should include custom checks.
    customSeverityEnabled Boolean
    cvesBlackListEnabled Boolean
    Indicates if CVEs blacklist is relevant.
    cvesBlackLists List<String>
    List of CVEs blacklisted items.
    cvesWhiteListEnabled Boolean
    Indicates if CVEs whitelist is relevant.
    cvesWhiteLists List<String>
    List of cves whitelisted licenses
    cvssSeverity String
    Identifier of the cvss severity.
    cvssSeverityEnabled Boolean
    Indicates if the cvss severity is scanned.
    cvssSeverityExcludeNoFix Boolean
    Indicates that policy should ignore cvss cases that do not have a known fix.
    description String
    disallowMalware Boolean
    Indicates if malware should block the image.
    dockerCisEnabled Boolean
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    domain String
    Name of the container image.
    domainName String
    dtaEnabled Boolean
    dtaSeverity String
    enabled Boolean
    enforce Boolean
    enforceAfterDays Integer
    enforceExcessivePermissions Boolean
    exceptionalMonitoredMalwarePaths List<String>
    failCicd Boolean
    Indicates if cicd failures will fail the image.
    forbiddenLabels List<GetHostAssurancePolicyForbiddenLabel>
    forbiddenLabelsEnabled Boolean
    forceMicroenforcer Boolean
    functionIntegrityEnabled Boolean
    id String
    The ID of this resource.
    ignoreRecentlyPublishedVln Boolean
    ignoreRecentlyPublishedVlnPeriod Integer
    ignoreRiskResourcesEnabled Boolean
    Indicates if risk resources are ignored.
    ignoredRiskResources List<String>
    List of ignored risk resources.
    images List<String>
    List of images.
    kubeCisEnabled Boolean
    Performs a Kubernetes CIS benchmark check for the host.
    labels List<String>
    List of labels.
    malwareAction String
    maximumScore Double
    Value of allowed maximum score.
    maximumScoreEnabled Boolean
    Indicates if exceeding the maximum score is scanned.
    maximumScoreExcludeNoFix Boolean
    Indicates that policy should ignore cases that do not have a known fix.
    monitoredMalwarePaths List<String>
    name String
    onlyNoneRootUsers Boolean
    Indicates if raise a warning for images that should only be run as root.
    packagesBlackListEnabled Boolean
    Indicates if packages blacklist is relevant.
    packagesBlackLists List<GetHostAssurancePolicyPackagesBlackList>
    List of blacklisted images.
    packagesWhiteListEnabled Boolean
    Indicates if packages whitelist is relevant.
    packagesWhiteLists List<GetHostAssurancePolicyPackagesWhiteList>
    List of whitelisted images.
    partialResultsImageFail Boolean
    readOnly Boolean
    registries List<String>
    List of registries.
    registry String
    requiredLabels List<GetHostAssurancePolicyRequiredLabel>
    requiredLabelsEnabled Boolean
    scanNfsMounts Boolean
    scanSensitiveData Boolean
    Indicates if scan should include sensitive data in the image.
    scapEnabled Boolean
    Indicates if scanning should include scap.
    scapFiles List<String>
    List of SCAP user scripts for checks.
    scopes List<GetHostAssurancePolicyScope>
    trustedBaseImages List<GetHostAssurancePolicyTrustedBaseImage>
    List of trusted images.
    trustedBaseImagesEnabled Boolean
    Indicates if list of trusted base images is relevant.
    whitelistedLicenses List<String>
    List of whitelisted licenses.
    whitelistedLicensesEnabled Boolean
    Indicates if license blacklist is relevant.
    allowedImages string[]
    List of explicitly allowed images.
    applicationScopes string[]
    auditOnFailure boolean
    Indicates if auditing for failures.
    author string
    Name of user account that created the policy.
    autoScanConfigured boolean
    autoScanEnabled boolean
    autoScanTimes GetHostAssurancePolicyAutoScanTime[]
    blacklistPermissions string[]
    List of function's forbidden permissions.
    blacklistPermissionsEnabled boolean
    Indicates if blacklist permissions is relevant.
    blacklistedLicenses string[]
    List of blacklisted licenses.
    blacklistedLicensesEnabled boolean
    Indicates if license blacklist is relevant.
    blockFailed boolean
    Indicates if failed images are blocked.
    controlExcludeNoFix boolean
    customChecks GetHostAssurancePolicyCustomCheck[]
    List of Custom user scripts for checks.
    customChecksEnabled boolean
    Indicates if scanning should include custom checks.
    customSeverityEnabled boolean
    cvesBlackListEnabled boolean
    Indicates if CVEs blacklist is relevant.
    cvesBlackLists string[]
    List of CVEs blacklisted items.
    cvesWhiteListEnabled boolean
    Indicates if CVEs whitelist is relevant.
    cvesWhiteLists string[]
    List of cves whitelisted licenses
    cvssSeverity string
    Identifier of the cvss severity.
    cvssSeverityEnabled boolean
    Indicates if the cvss severity is scanned.
    cvssSeverityExcludeNoFix boolean
    Indicates that policy should ignore cvss cases that do not have a known fix.
    description string
    disallowMalware boolean
    Indicates if malware should block the image.
    dockerCisEnabled boolean
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    domain string
    Name of the container image.
    domainName string
    dtaEnabled boolean
    dtaSeverity string
    enabled boolean
    enforce boolean
    enforceAfterDays number
    enforceExcessivePermissions boolean
    exceptionalMonitoredMalwarePaths string[]
    failCicd boolean
    Indicates if cicd failures will fail the image.
    forbiddenLabels GetHostAssurancePolicyForbiddenLabel[]
    forbiddenLabelsEnabled boolean
    forceMicroenforcer boolean
    functionIntegrityEnabled boolean
    id string
    The ID of this resource.
    ignoreRecentlyPublishedVln boolean
    ignoreRecentlyPublishedVlnPeriod number
    ignoreRiskResourcesEnabled boolean
    Indicates if risk resources are ignored.
    ignoredRiskResources string[]
    List of ignored risk resources.
    images string[]
    List of images.
    kubeCisEnabled boolean
    Performs a Kubernetes CIS benchmark check for the host.
    labels string[]
    List of labels.
    malwareAction string
    maximumScore number
    Value of allowed maximum score.
    maximumScoreEnabled boolean
    Indicates if exceeding the maximum score is scanned.
    maximumScoreExcludeNoFix boolean
    Indicates that policy should ignore cases that do not have a known fix.
    monitoredMalwarePaths string[]
    name string
    onlyNoneRootUsers boolean
    Indicates if raise a warning for images that should only be run as root.
    packagesBlackListEnabled boolean
    Indicates if packages blacklist is relevant.
    packagesBlackLists GetHostAssurancePolicyPackagesBlackList[]
    List of blacklisted images.
    packagesWhiteListEnabled boolean
    Indicates if packages whitelist is relevant.
    packagesWhiteLists GetHostAssurancePolicyPackagesWhiteList[]
    List of whitelisted images.
    partialResultsImageFail boolean
    readOnly boolean
    registries string[]
    List of registries.
    registry string
    requiredLabels GetHostAssurancePolicyRequiredLabel[]
    requiredLabelsEnabled boolean
    scanNfsMounts boolean
    scanSensitiveData boolean
    Indicates if scan should include sensitive data in the image.
    scapEnabled boolean
    Indicates if scanning should include scap.
    scapFiles string[]
    List of SCAP user scripts for checks.
    scopes GetHostAssurancePolicyScope[]
    trustedBaseImages GetHostAssurancePolicyTrustedBaseImage[]
    List of trusted images.
    trustedBaseImagesEnabled boolean
    Indicates if list of trusted base images is relevant.
    whitelistedLicenses string[]
    List of whitelisted licenses.
    whitelistedLicensesEnabled boolean
    Indicates if license blacklist is relevant.
    allowed_images Sequence[str]
    List of explicitly allowed images.
    application_scopes Sequence[str]
    audit_on_failure bool
    Indicates if auditing for failures.
    author str
    Name of user account that created the policy.
    auto_scan_configured bool
    auto_scan_enabled bool
    auto_scan_times Sequence[GetHostAssurancePolicyAutoScanTime]
    blacklist_permissions Sequence[str]
    List of function's forbidden permissions.
    blacklist_permissions_enabled bool
    Indicates if blacklist permissions is relevant.
    blacklisted_licenses Sequence[str]
    List of blacklisted licenses.
    blacklisted_licenses_enabled bool
    Indicates if license blacklist is relevant.
    block_failed bool
    Indicates if failed images are blocked.
    control_exclude_no_fix bool
    custom_checks Sequence[GetHostAssurancePolicyCustomCheck]
    List of Custom user scripts for checks.
    custom_checks_enabled bool
    Indicates if scanning should include custom checks.
    custom_severity_enabled bool
    cves_black_list_enabled bool
    Indicates if CVEs blacklist is relevant.
    cves_black_lists Sequence[str]
    List of CVEs blacklisted items.
    cves_white_list_enabled bool
    Indicates if CVEs whitelist is relevant.
    cves_white_lists Sequence[str]
    List of cves whitelisted licenses
    cvss_severity str
    Identifier of the cvss severity.
    cvss_severity_enabled bool
    Indicates if the cvss severity is scanned.
    cvss_severity_exclude_no_fix bool
    Indicates that policy should ignore cvss cases that do not have a known fix.
    description str
    disallow_malware bool
    Indicates if malware should block the image.
    docker_cis_enabled bool
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    domain str
    Name of the container image.
    domain_name str
    dta_enabled bool
    dta_severity str
    enabled bool
    enforce bool
    enforce_after_days int
    enforce_excessive_permissions bool
    exceptional_monitored_malware_paths Sequence[str]
    fail_cicd bool
    Indicates if cicd failures will fail the image.
    forbidden_labels Sequence[GetHostAssurancePolicyForbiddenLabel]
    forbidden_labels_enabled bool
    force_microenforcer bool
    function_integrity_enabled bool
    id str
    The ID of this resource.
    ignore_recently_published_vln bool
    ignore_recently_published_vln_period int
    ignore_risk_resources_enabled bool
    Indicates if risk resources are ignored.
    ignored_risk_resources Sequence[str]
    List of ignored risk resources.
    images Sequence[str]
    List of images.
    kube_cis_enabled bool
    Performs a Kubernetes CIS benchmark check for the host.
    labels Sequence[str]
    List of labels.
    malware_action str
    maximum_score float
    Value of allowed maximum score.
    maximum_score_enabled bool
    Indicates if exceeding the maximum score is scanned.
    maximum_score_exclude_no_fix bool
    Indicates that policy should ignore cases that do not have a known fix.
    monitored_malware_paths Sequence[str]
    name str
    only_none_root_users bool
    Indicates if raise a warning for images that should only be run as root.
    packages_black_list_enabled bool
    Indicates if packages blacklist is relevant.
    packages_black_lists Sequence[GetHostAssurancePolicyPackagesBlackList]
    List of blacklisted images.
    packages_white_list_enabled bool
    Indicates if packages whitelist is relevant.
    packages_white_lists Sequence[GetHostAssurancePolicyPackagesWhiteList]
    List of whitelisted images.
    partial_results_image_fail bool
    read_only bool
    registries Sequence[str]
    List of registries.
    registry str
    required_labels Sequence[GetHostAssurancePolicyRequiredLabel]
    required_labels_enabled bool
    scan_nfs_mounts bool
    scan_sensitive_data bool
    Indicates if scan should include sensitive data in the image.
    scap_enabled bool
    Indicates if scanning should include scap.
    scap_files Sequence[str]
    List of SCAP user scripts for checks.
    scopes Sequence[GetHostAssurancePolicyScope]
    trusted_base_images Sequence[GetHostAssurancePolicyTrustedBaseImage]
    List of trusted images.
    trusted_base_images_enabled bool
    Indicates if list of trusted base images is relevant.
    whitelisted_licenses Sequence[str]
    List of whitelisted licenses.
    whitelisted_licenses_enabled bool
    Indicates if license blacklist is relevant.
    allowedImages List<String>
    List of explicitly allowed images.
    applicationScopes List<String>
    auditOnFailure Boolean
    Indicates if auditing for failures.
    author String
    Name of user account that created the policy.
    autoScanConfigured Boolean
    autoScanEnabled Boolean
    autoScanTimes List<Property Map>
    blacklistPermissions List<String>
    List of function's forbidden permissions.
    blacklistPermissionsEnabled Boolean
    Indicates if blacklist permissions is relevant.
    blacklistedLicenses List<String>
    List of blacklisted licenses.
    blacklistedLicensesEnabled Boolean
    Indicates if license blacklist is relevant.
    blockFailed Boolean
    Indicates if failed images are blocked.
    controlExcludeNoFix Boolean
    customChecks List<Property Map>
    List of Custom user scripts for checks.
    customChecksEnabled Boolean
    Indicates if scanning should include custom checks.
    customSeverityEnabled Boolean
    cvesBlackListEnabled Boolean
    Indicates if CVEs blacklist is relevant.
    cvesBlackLists List<String>
    List of CVEs blacklisted items.
    cvesWhiteListEnabled Boolean
    Indicates if CVEs whitelist is relevant.
    cvesWhiteLists List<String>
    List of cves whitelisted licenses
    cvssSeverity String
    Identifier of the cvss severity.
    cvssSeverityEnabled Boolean
    Indicates if the cvss severity is scanned.
    cvssSeverityExcludeNoFix Boolean
    Indicates that policy should ignore cvss cases that do not have a known fix.
    description String
    disallowMalware Boolean
    Indicates if malware should block the image.
    dockerCisEnabled Boolean
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    domain String
    Name of the container image.
    domainName String
    dtaEnabled Boolean
    dtaSeverity String
    enabled Boolean
    enforce Boolean
    enforceAfterDays Number
    enforceExcessivePermissions Boolean
    exceptionalMonitoredMalwarePaths List<String>
    failCicd Boolean
    Indicates if cicd failures will fail the image.
    forbiddenLabels List<Property Map>
    forbiddenLabelsEnabled Boolean
    forceMicroenforcer Boolean
    functionIntegrityEnabled Boolean
    id String
    The ID of this resource.
    ignoreRecentlyPublishedVln Boolean
    ignoreRecentlyPublishedVlnPeriod Number
    ignoreRiskResourcesEnabled Boolean
    Indicates if risk resources are ignored.
    ignoredRiskResources List<String>
    List of ignored risk resources.
    images List<String>
    List of images.
    kubeCisEnabled Boolean
    Performs a Kubernetes CIS benchmark check for the host.
    labels List<String>
    List of labels.
    malwareAction String
    maximumScore Number
    Value of allowed maximum score.
    maximumScoreEnabled Boolean
    Indicates if exceeding the maximum score is scanned.
    maximumScoreExcludeNoFix Boolean
    Indicates that policy should ignore cases that do not have a known fix.
    monitoredMalwarePaths List<String>
    name String
    onlyNoneRootUsers Boolean
    Indicates if raise a warning for images that should only be run as root.
    packagesBlackListEnabled Boolean
    Indicates if packages blacklist is relevant.
    packagesBlackLists List<Property Map>
    List of blacklisted images.
    packagesWhiteListEnabled Boolean
    Indicates if packages whitelist is relevant.
    packagesWhiteLists List<Property Map>
    List of whitelisted images.
    partialResultsImageFail Boolean
    readOnly Boolean
    registries List<String>
    List of registries.
    registry String
    requiredLabels List<Property Map>
    requiredLabelsEnabled Boolean
    scanNfsMounts Boolean
    scanSensitiveData Boolean
    Indicates if scan should include sensitive data in the image.
    scapEnabled Boolean
    Indicates if scanning should include scap.
    scapFiles List<String>
    List of SCAP user scripts for checks.
    scopes List<Property Map>
    trustedBaseImages List<Property Map>
    List of trusted images.
    trustedBaseImagesEnabled Boolean
    Indicates if list of trusted base images is relevant.
    whitelistedLicenses List<String>
    List of whitelisted licenses.
    whitelistedLicensesEnabled Boolean
    Indicates if license blacklist is relevant.

    Supporting Types

    GetHostAssurancePolicyAutoScanTime

    Iteration int
    IterationType string
    Time string
    WeekDays List<string>
    Iteration int
    IterationType string
    Time string
    WeekDays []string
    iteration Integer
    iterationType String
    time String
    weekDays List<String>
    iteration number
    iterationType string
    time string
    weekDays string[]
    iteration int
    iteration_type str
    time str
    week_days Sequence[str]
    iteration Number
    iterationType String
    time String
    weekDays List<String>

    GetHostAssurancePolicyCustomCheck

    Author string
    Name of user account that created the policy.
    Description string
    Engine string
    LastModified int
    Name string
    Path string
    ReadOnly bool
    ScriptId string
    Severity string
    Snippet string
    Author string
    Name of user account that created the policy.
    Description string
    Engine string
    LastModified int
    Name string
    Path string
    ReadOnly bool
    ScriptId string
    Severity string
    Snippet string
    author String
    Name of user account that created the policy.
    description String
    engine String
    lastModified Integer
    name String
    path String
    readOnly Boolean
    scriptId String
    severity String
    snippet String
    author string
    Name of user account that created the policy.
    description string
    engine string
    lastModified number
    name string
    path string
    readOnly boolean
    scriptId string
    severity string
    snippet string
    author str
    Name of user account that created the policy.
    description str
    engine str
    last_modified int
    name str
    path str
    read_only bool
    script_id str
    severity str
    snippet str
    author String
    Name of user account that created the policy.
    description String
    engine String
    lastModified Number
    name String
    path String
    readOnly Boolean
    scriptId String
    severity String
    snippet String

    GetHostAssurancePolicyForbiddenLabel

    Key string
    Value string
    Key string
    Value string
    key String
    value String
    key string
    value string
    key str
    value str
    key String
    value String

    GetHostAssurancePolicyPackagesBlackList

    Arch string
    Display string
    Epoch string
    Format string
    License string
    Name string
    Release string
    Version string
    VersionRange string
    Arch string
    Display string
    Epoch string
    Format string
    License string
    Name string
    Release string
    Version string
    VersionRange string
    arch String
    display String
    epoch String
    format String
    license String
    name String
    release String
    version String
    versionRange String
    arch string
    display string
    epoch string
    format string
    license string
    name string
    release string
    version string
    versionRange string
    arch String
    display String
    epoch String
    format String
    license String
    name String
    release String
    version String
    versionRange String

    GetHostAssurancePolicyPackagesWhiteList

    Arch string
    Display string
    Epoch string
    Format string
    License string
    Name string
    Release string
    Version string
    VersionRange string
    Arch string
    Display string
    Epoch string
    Format string
    License string
    Name string
    Release string
    Version string
    VersionRange string
    arch String
    display String
    epoch String
    format String
    license String
    name String
    release String
    version String
    versionRange String
    arch string
    display string
    epoch string
    format string
    license string
    name string
    release string
    version string
    versionRange string
    arch String
    display String
    epoch String
    format String
    license String
    name String
    release String
    version String
    versionRange String

    GetHostAssurancePolicyRequiredLabel

    Key string
    Value string
    Key string
    Value string
    key String
    value String
    key string
    value string
    key str
    value str
    key String
    value String

    GetHostAssurancePolicyScope

    GetHostAssurancePolicyScopeVariable

    Attribute string
    Name string
    Value string
    Attribute string
    Name string
    Value string
    attribute String
    name String
    value String
    attribute string
    name string
    value string
    attribute str
    name str
    value str
    attribute String
    name String
    value String

    GetHostAssurancePolicyTrustedBaseImage

    Imagename string
    Registry string
    Imagename string
    Registry string
    imagename String
    registry String
    imagename string
    registry string
    imagename String
    registry String

    Package Details

    Repository
    aquasec pulumiverse/pulumi-aquasec
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aquasec Terraform Provider.
    aquasec logo
    Aquasec v0.8.29 published on Monday, Jul 22, 2024 by Pulumiverse