aquasec.getHostAssurancePolicy

Explore with Pulumi AI

Aquasec v0.8.27 published on Monday, Jan 29, 2024 by Pulumiverse

Using getHostAssurancePolicy

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getHostAssurancePolicy(args: GetHostAssurancePolicyArgs, opts?: InvokeOptions): Promise<GetHostAssurancePolicyResult>
function getHostAssurancePolicyOutput(args: GetHostAssurancePolicyOutputArgs, opts?: InvokeOptions): Output<GetHostAssurancePolicyResult>

def get_host_assurance_policy(name: Optional[str] = None,
                              opts: Optional[InvokeOptions] = None) -> GetHostAssurancePolicyResult
def get_host_assurance_policy_output(name: Optional[pulumi.Input[str]] = None,
                              opts: Optional[InvokeOptions] = None) -> Output[GetHostAssurancePolicyResult]

func LookupHostAssurancePolicy(ctx *Context, args *LookupHostAssurancePolicyArgs, opts ...InvokeOption) (*LookupHostAssurancePolicyResult, error)
func LookupHostAssurancePolicyOutput(ctx *Context, args *LookupHostAssurancePolicyOutputArgs, opts ...InvokeOption) LookupHostAssurancePolicyResultOutput

> Note: This function is named LookupHostAssurancePolicy in the Go SDK.

public static class GetHostAssurancePolicy 
{
    public static Task<GetHostAssurancePolicyResult> InvokeAsync(GetHostAssurancePolicyArgs args, InvokeOptions? opts = null)
    public static Output<GetHostAssurancePolicyResult> Invoke(GetHostAssurancePolicyInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetHostAssurancePolicyResult> getHostAssurancePolicy(GetHostAssurancePolicyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: aquasec:index/getHostAssurancePolicy:getHostAssurancePolicy
  arguments:
    # arguments dictionary

The following arguments are supported:

Name string

Name string

name String

name string

name str

name String

getHostAssurancePolicy Result

The following output properties are available:

AllowedImages List<string>: List of explicitly allowed images.
ApplicationScopes List<string>
AuditOnFailure bool: Indicates if auditing for failures.
Author string: Name of user account that created the policy.
AutoScanConfigured bool
AutoScanEnabled bool
AutoScanTimes List<Pulumiverse.Aquasec.Outputs.GetHostAssurancePolicyAutoScanTime>
BlacklistPermissions List<string>: List of function's forbidden permissions.
BlacklistPermissionsEnabled bool: Indicates if blacklist permissions is relevant.
BlacklistedLicenses List<string>: List of blacklisted licenses.
BlacklistedLicensesEnabled bool: Indicates if license blacklist is relevant.
BlockFailed bool: Indicates if failed images are blocked.
ControlExcludeNoFix bool
CustomChecks List<Pulumiverse.Aquasec.Outputs.GetHostAssurancePolicyCustomCheck>: List of Custom user scripts for checks.
CustomChecksEnabled bool: Indicates if scanning should include custom checks.
CustomSeverityEnabled bool
CvesBlackListEnabled bool: Indicates if CVEs blacklist is relevant.
CvesBlackLists List<string>: List of CVEs blacklisted items.
CvesWhiteListEnabled bool: Indicates if CVEs whitelist is relevant.
CvesWhiteLists List<string>: List of cves whitelisted licenses
CvssSeverity string: Identifier of the cvss severity.
CvssSeverityEnabled bool: Indicates if the cvss severity is scanned.
CvssSeverityExcludeNoFix bool: Indicates that policy should ignore cvss cases that do not have a known fix.
Description string
DisallowMalware bool: Indicates if malware should block the image.
DockerCisEnabled bool: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
Domain string: Name of the container image.
DomainName string
DtaEnabled bool
DtaSeverity string
Enabled bool
Enforce bool
EnforceAfterDays int
EnforceExcessivePermissions bool
ExceptionalMonitoredMalwarePaths List<string>
FailCicd bool: Indicates if cicd failures will fail the image.
ForbiddenLabels List<Pulumiverse.Aquasec.Outputs.GetHostAssurancePolicyForbiddenLabel>
ForbiddenLabelsEnabled bool
ForceMicroenforcer bool
FunctionIntegrityEnabled bool
Id string: The ID of this resource.
IgnoreRecentlyPublishedVln bool
IgnoreRecentlyPublishedVlnPeriod int
IgnoreRiskResourcesEnabled bool: Indicates if risk resources are ignored.
IgnoredRiskResources List<string>: List of ignored risk resources.
Images List<string>: List of images.
KubeCisEnabled bool: Performs a Kubernetes CIS benchmark check for the host.
Labels List<string>: List of labels.
MalwareAction string
MaximumScore double: Value of allowed maximum score.
MaximumScoreEnabled bool: Indicates if exceeding the maximum score is scanned.
MaximumScoreExcludeNoFix bool: Indicates that policy should ignore cases that do not have a known fix.
MonitoredMalwarePaths List<string>
Name string
OnlyNoneRootUsers bool: Indicates if raise a warning for images that should only be run as root.
PackagesBlackListEnabled bool: Indicates if packages blacklist is relevant.
PackagesBlackLists List<Pulumiverse.Aquasec.Outputs.GetHostAssurancePolicyPackagesBlackList>: List of blacklisted images.
PackagesWhiteListEnabled bool: Indicates if packages whitelist is relevant.
PackagesWhiteLists List<Pulumiverse.Aquasec.Outputs.GetHostAssurancePolicyPackagesWhiteList>: List of whitelisted images.
PartialResultsImageFail bool
ReadOnly bool
Registries List<string>: List of registries.
Registry string
RequiredLabels List<Pulumiverse.Aquasec.Outputs.GetHostAssurancePolicyRequiredLabel>
RequiredLabelsEnabled bool
ScanNfsMounts bool
ScanSensitiveData bool: Indicates if scan should include sensitive data in the image.
ScapEnabled bool: Indicates if scanning should include scap.
ScapFiles List<string>: List of SCAP user scripts for checks.
Scopes List<Pulumiverse.Aquasec.Outputs.GetHostAssurancePolicyScope>
TrustedBaseImages List<Pulumiverse.Aquasec.Outputs.GetHostAssurancePolicyTrustedBaseImage>: List of trusted images.
TrustedBaseImagesEnabled bool: Indicates if list of trusted base images is relevant.
WhitelistedLicenses List<string>: List of whitelisted licenses.
WhitelistedLicensesEnabled bool: Indicates if license blacklist is relevant.

AllowedImages []string: List of explicitly allowed images.
ApplicationScopes []string
AuditOnFailure bool: Indicates if auditing for failures.
Author string: Name of user account that created the policy.
AutoScanConfigured bool
AutoScanEnabled bool
AutoScanTimes []GetHostAssurancePolicyAutoScanTime
BlacklistPermissions []string: List of function's forbidden permissions.
BlacklistPermissionsEnabled bool: Indicates if blacklist permissions is relevant.
BlacklistedLicenses []string: List of blacklisted licenses.
BlacklistedLicensesEnabled bool: Indicates if license blacklist is relevant.
BlockFailed bool: Indicates if failed images are blocked.
ControlExcludeNoFix bool
CustomChecks []GetHostAssurancePolicyCustomCheck: List of Custom user scripts for checks.
CustomChecksEnabled bool: Indicates if scanning should include custom checks.
CustomSeverityEnabled bool
CvesBlackListEnabled bool: Indicates if CVEs blacklist is relevant.
CvesBlackLists []string: List of CVEs blacklisted items.
CvesWhiteListEnabled bool: Indicates if CVEs whitelist is relevant.
CvesWhiteLists []string: List of cves whitelisted licenses
CvssSeverity string: Identifier of the cvss severity.
CvssSeverityEnabled bool: Indicates if the cvss severity is scanned.
CvssSeverityExcludeNoFix bool: Indicates that policy should ignore cvss cases that do not have a known fix.
Description string
DisallowMalware bool: Indicates if malware should block the image.
DockerCisEnabled bool: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
Domain string: Name of the container image.
DomainName string
DtaEnabled bool
DtaSeverity string
Enabled bool
Enforce bool
EnforceAfterDays int
EnforceExcessivePermissions bool
ExceptionalMonitoredMalwarePaths []string
FailCicd bool: Indicates if cicd failures will fail the image.
ForbiddenLabels []GetHostAssurancePolicyForbiddenLabel
ForbiddenLabelsEnabled bool
ForceMicroenforcer bool
FunctionIntegrityEnabled bool
Id string: The ID of this resource.
IgnoreRecentlyPublishedVln bool
IgnoreRecentlyPublishedVlnPeriod int
IgnoreRiskResourcesEnabled bool: Indicates if risk resources are ignored.
IgnoredRiskResources []string: List of ignored risk resources.
Images []string: List of images.
KubeCisEnabled bool: Performs a Kubernetes CIS benchmark check for the host.
Labels []string: List of labels.
MalwareAction string
MaximumScore float64: Value of allowed maximum score.
MaximumScoreEnabled bool: Indicates if exceeding the maximum score is scanned.
MaximumScoreExcludeNoFix bool: Indicates that policy should ignore cases that do not have a known fix.
MonitoredMalwarePaths []string
Name string
OnlyNoneRootUsers bool: Indicates if raise a warning for images that should only be run as root.
PackagesBlackListEnabled bool: Indicates if packages blacklist is relevant.
PackagesBlackLists []GetHostAssurancePolicyPackagesBlackList: List of blacklisted images.
PackagesWhiteListEnabled bool: Indicates if packages whitelist is relevant.
PackagesWhiteLists []GetHostAssurancePolicyPackagesWhiteList: List of whitelisted images.
PartialResultsImageFail bool
ReadOnly bool
Registries []string: List of registries.
Registry string
RequiredLabels []GetHostAssurancePolicyRequiredLabel
RequiredLabelsEnabled bool
ScanNfsMounts bool
ScanSensitiveData bool: Indicates if scan should include sensitive data in the image.
ScapEnabled bool: Indicates if scanning should include scap.
ScapFiles []string: List of SCAP user scripts for checks.
Scopes []GetHostAssurancePolicyScope
TrustedBaseImages []GetHostAssurancePolicyTrustedBaseImage: List of trusted images.
TrustedBaseImagesEnabled bool: Indicates if list of trusted base images is relevant.
WhitelistedLicenses []string: List of whitelisted licenses.
WhitelistedLicensesEnabled bool: Indicates if license blacklist is relevant.

allowedImages List<String>: List of explicitly allowed images.
applicationScopes List<String>
auditOnFailure Boolean: Indicates if auditing for failures.
author String: Name of user account that created the policy.
autoScanConfigured Boolean
autoScanEnabled Boolean
autoScanTimes List<GetHostAssurancePolicyAutoScanTime>
blacklistPermissions List<String>: List of function's forbidden permissions.
blacklistPermissionsEnabled Boolean: Indicates if blacklist permissions is relevant.
blacklistedLicenses List<String>: List of blacklisted licenses.
blacklistedLicensesEnabled Boolean: Indicates if license blacklist is relevant.
blockFailed Boolean: Indicates if failed images are blocked.
controlExcludeNoFix Boolean
customChecks List<GetHostAssurancePolicyCustomCheck>: List of Custom user scripts for checks.
customChecksEnabled Boolean: Indicates if scanning should include custom checks.
customSeverityEnabled Boolean
cvesBlackListEnabled Boolean: Indicates if CVEs blacklist is relevant.
cvesBlackLists List<String>: List of CVEs blacklisted items.
cvesWhiteListEnabled Boolean: Indicates if CVEs whitelist is relevant.
cvesWhiteLists List<String>: List of cves whitelisted licenses
cvssSeverity String: Identifier of the cvss severity.
cvssSeverityEnabled Boolean: Indicates if the cvss severity is scanned.
cvssSeverityExcludeNoFix Boolean: Indicates that policy should ignore cvss cases that do not have a known fix.
description String
disallowMalware Boolean: Indicates if malware should block the image.
dockerCisEnabled Boolean: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain String: Name of the container image.
domainName String
dtaEnabled Boolean
dtaSeverity String
enabled Boolean
enforce Boolean
enforceAfterDays Integer
enforceExcessivePermissions Boolean
exceptionalMonitoredMalwarePaths List<String>
failCicd Boolean: Indicates if cicd failures will fail the image.
forbiddenLabels List<GetHostAssurancePolicyForbiddenLabel>
forbiddenLabelsEnabled Boolean
forceMicroenforcer Boolean
functionIntegrityEnabled Boolean
id String: The ID of this resource.
ignoreRecentlyPublishedVln Boolean
ignoreRecentlyPublishedVlnPeriod Integer
ignoreRiskResourcesEnabled Boolean: Indicates if risk resources are ignored.
ignoredRiskResources List<String>: List of ignored risk resources.
images List<String>: List of images.
kubeCisEnabled Boolean: Performs a Kubernetes CIS benchmark check for the host.
labels List<String>: List of labels.
malwareAction String
maximumScore Double: Value of allowed maximum score.
maximumScoreEnabled Boolean: Indicates if exceeding the maximum score is scanned.
maximumScoreExcludeNoFix Boolean: Indicates that policy should ignore cases that do not have a known fix.
monitoredMalwarePaths List<String>
name String
onlyNoneRootUsers Boolean: Indicates if raise a warning for images that should only be run as root.
packagesBlackListEnabled Boolean: Indicates if packages blacklist is relevant.
packagesBlackLists List<GetHostAssurancePolicyPackagesBlackList>: List of blacklisted images.
packagesWhiteListEnabled Boolean: Indicates if packages whitelist is relevant.
packagesWhiteLists List<GetHostAssurancePolicyPackagesWhiteList>: List of whitelisted images.
partialResultsImageFail Boolean
readOnly Boolean
registries List<String>: List of registries.
registry String
requiredLabels List<GetHostAssurancePolicyRequiredLabel>
requiredLabelsEnabled Boolean
scanNfsMounts Boolean
scanSensitiveData Boolean: Indicates if scan should include sensitive data in the image.
scapEnabled Boolean: Indicates if scanning should include scap.
scapFiles List<String>: List of SCAP user scripts for checks.
scopes List<GetHostAssurancePolicyScope>
trustedBaseImages List<GetHostAssurancePolicyTrustedBaseImage>: List of trusted images.
trustedBaseImagesEnabled Boolean: Indicates if list of trusted base images is relevant.
whitelistedLicenses List<String>: List of whitelisted licenses.
whitelistedLicensesEnabled Boolean: Indicates if license blacklist is relevant.

allowedImages string[]: List of explicitly allowed images.
applicationScopes string[]
auditOnFailure boolean: Indicates if auditing for failures.
author string: Name of user account that created the policy.
autoScanConfigured boolean
autoScanEnabled boolean
autoScanTimes GetHostAssurancePolicyAutoScanTime[]
blacklistPermissions string[]: List of function's forbidden permissions.
blacklistPermissionsEnabled boolean: Indicates if blacklist permissions is relevant.
blacklistedLicenses string[]: List of blacklisted licenses.
blacklistedLicensesEnabled boolean: Indicates if license blacklist is relevant.
blockFailed boolean: Indicates if failed images are blocked.
controlExcludeNoFix boolean
customChecks GetHostAssurancePolicyCustomCheck[]: List of Custom user scripts for checks.
customChecksEnabled boolean: Indicates if scanning should include custom checks.
customSeverityEnabled boolean
cvesBlackListEnabled boolean: Indicates if CVEs blacklist is relevant.
cvesBlackLists string[]: List of CVEs blacklisted items.
cvesWhiteListEnabled boolean: Indicates if CVEs whitelist is relevant.
cvesWhiteLists string[]: List of cves whitelisted licenses
cvssSeverity string: Identifier of the cvss severity.
cvssSeverityEnabled boolean: Indicates if the cvss severity is scanned.
cvssSeverityExcludeNoFix boolean: Indicates that policy should ignore cvss cases that do not have a known fix.
description string
disallowMalware boolean: Indicates if malware should block the image.
dockerCisEnabled boolean: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain string: Name of the container image.
domainName string
dtaEnabled boolean
dtaSeverity string
enabled boolean
enforce boolean
enforceAfterDays number
enforceExcessivePermissions boolean
exceptionalMonitoredMalwarePaths string[]
failCicd boolean: Indicates if cicd failures will fail the image.
forbiddenLabels GetHostAssurancePolicyForbiddenLabel[]
forbiddenLabelsEnabled boolean
forceMicroenforcer boolean
functionIntegrityEnabled boolean
id string: The ID of this resource.
ignoreRecentlyPublishedVln boolean
ignoreRecentlyPublishedVlnPeriod number
ignoreRiskResourcesEnabled boolean: Indicates if risk resources are ignored.
ignoredRiskResources string[]: List of ignored risk resources.
images string[]: List of images.
kubeCisEnabled boolean: Performs a Kubernetes CIS benchmark check for the host.
labels string[]: List of labels.
malwareAction string
maximumScore number: Value of allowed maximum score.
maximumScoreEnabled boolean: Indicates if exceeding the maximum score is scanned.
maximumScoreExcludeNoFix boolean: Indicates that policy should ignore cases that do not have a known fix.
monitoredMalwarePaths string[]
name string
onlyNoneRootUsers boolean: Indicates if raise a warning for images that should only be run as root.
packagesBlackListEnabled boolean: Indicates if packages blacklist is relevant.
packagesBlackLists GetHostAssurancePolicyPackagesBlackList[]: List of blacklisted images.
packagesWhiteListEnabled boolean: Indicates if packages whitelist is relevant.
packagesWhiteLists GetHostAssurancePolicyPackagesWhiteList[]: List of whitelisted images.
partialResultsImageFail boolean
readOnly boolean
registries string[]: List of registries.
registry string
requiredLabels GetHostAssurancePolicyRequiredLabel[]
requiredLabelsEnabled boolean
scanNfsMounts boolean
scanSensitiveData boolean: Indicates if scan should include sensitive data in the image.
scapEnabled boolean: Indicates if scanning should include scap.
scapFiles string[]: List of SCAP user scripts for checks.
scopes GetHostAssurancePolicyScope[]
trustedBaseImages GetHostAssurancePolicyTrustedBaseImage[]: List of trusted images.
trustedBaseImagesEnabled boolean: Indicates if list of trusted base images is relevant.
whitelistedLicenses string[]: List of whitelisted licenses.
whitelistedLicensesEnabled boolean: Indicates if license blacklist is relevant.

allowed_images Sequence[str]: List of explicitly allowed images.
application_scopes Sequence[str]
audit_on_failure bool: Indicates if auditing for failures.
author str: Name of user account that created the policy.
auto_scan_configured bool
auto_scan_enabled bool
auto_scan_times Sequence[GetHostAssurancePolicyAutoScanTime]
blacklist_permissions Sequence[str]: List of function's forbidden permissions.
blacklist_permissions_enabled bool: Indicates if blacklist permissions is relevant.
blacklisted_licenses Sequence[str]: List of blacklisted licenses.
blacklisted_licenses_enabled bool: Indicates if license blacklist is relevant.
block_failed bool: Indicates if failed images are blocked.
control_exclude_no_fix bool
custom_checks Sequence[GetHostAssurancePolicyCustomCheck]: List of Custom user scripts for checks.
custom_checks_enabled bool: Indicates if scanning should include custom checks.
custom_severity_enabled bool
cves_black_list_enabled bool: Indicates if CVEs blacklist is relevant.
cves_black_lists Sequence[str]: List of CVEs blacklisted items.
cves_white_list_enabled bool: Indicates if CVEs whitelist is relevant.
cves_white_lists Sequence[str]: List of cves whitelisted licenses
cvss_severity str: Identifier of the cvss severity.
cvss_severity_enabled bool: Indicates if the cvss severity is scanned.
cvss_severity_exclude_no_fix bool: Indicates that policy should ignore cvss cases that do not have a known fix.
description str
disallow_malware bool: Indicates if malware should block the image.
docker_cis_enabled bool: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain str: Name of the container image.
domain_name str
dta_enabled bool
dta_severity str
enabled bool
enforce bool
enforce_after_days int
enforce_excessive_permissions bool
exceptional_monitored_malware_paths Sequence[str]
fail_cicd bool: Indicates if cicd failures will fail the image.
forbidden_labels Sequence[GetHostAssurancePolicyForbiddenLabel]
forbidden_labels_enabled bool
force_microenforcer bool
function_integrity_enabled bool
id str: The ID of this resource.
ignore_recently_published_vln bool
ignore_recently_published_vln_period int
ignore_risk_resources_enabled bool: Indicates if risk resources are ignored.
ignored_risk_resources Sequence[str]: List of ignored risk resources.
images Sequence[str]: List of images.
kube_cis_enabled bool: Performs a Kubernetes CIS benchmark check for the host.
labels Sequence[str]: List of labels.
malware_action str
maximum_score float: Value of allowed maximum score.
maximum_score_enabled bool: Indicates if exceeding the maximum score is scanned.
maximum_score_exclude_no_fix bool: Indicates that policy should ignore cases that do not have a known fix.
monitored_malware_paths Sequence[str]
name str
only_none_root_users bool: Indicates if raise a warning for images that should only be run as root.
packages_black_list_enabled bool: Indicates if packages blacklist is relevant.
packages_black_lists Sequence[GetHostAssurancePolicyPackagesBlackList]: List of blacklisted images.
packages_white_list_enabled bool: Indicates if packages whitelist is relevant.
packages_white_lists Sequence[GetHostAssurancePolicyPackagesWhiteList]: List of whitelisted images.
partial_results_image_fail bool
read_only bool
registries Sequence[str]: List of registries.
registry str
required_labels Sequence[GetHostAssurancePolicyRequiredLabel]
required_labels_enabled bool
scan_nfs_mounts bool
scan_sensitive_data bool: Indicates if scan should include sensitive data in the image.
scap_enabled bool: Indicates if scanning should include scap.
scap_files Sequence[str]: List of SCAP user scripts for checks.
scopes Sequence[GetHostAssurancePolicyScope]
trusted_base_images Sequence[GetHostAssurancePolicyTrustedBaseImage]: List of trusted images.
trusted_base_images_enabled bool: Indicates if list of trusted base images is relevant.
whitelisted_licenses Sequence[str]: List of whitelisted licenses.
whitelisted_licenses_enabled bool: Indicates if license blacklist is relevant.

allowedImages List<String>: List of explicitly allowed images.
applicationScopes List<String>
auditOnFailure Boolean: Indicates if auditing for failures.
author String: Name of user account that created the policy.
autoScanConfigured Boolean
autoScanEnabled Boolean
autoScanTimes List<Property Map>
blacklistPermissions List<String>: List of function's forbidden permissions.
blacklistPermissionsEnabled Boolean: Indicates if blacklist permissions is relevant.
blacklistedLicenses List<String>: List of blacklisted licenses.
blacklistedLicensesEnabled Boolean: Indicates if license blacklist is relevant.
blockFailed Boolean: Indicates if failed images are blocked.
controlExcludeNoFix Boolean
customChecks List<Property Map>: List of Custom user scripts for checks.
customChecksEnabled Boolean: Indicates if scanning should include custom checks.
customSeverityEnabled Boolean
cvesBlackListEnabled Boolean: Indicates if CVEs blacklist is relevant.
cvesBlackLists List<String>: List of CVEs blacklisted items.
cvesWhiteListEnabled Boolean: Indicates if CVEs whitelist is relevant.
cvesWhiteLists List<String>: List of cves whitelisted licenses
cvssSeverity String: Identifier of the cvss severity.
cvssSeverityEnabled Boolean: Indicates if the cvss severity is scanned.
cvssSeverityExcludeNoFix Boolean: Indicates that policy should ignore cvss cases that do not have a known fix.
description String
disallowMalware Boolean: Indicates if malware should block the image.
dockerCisEnabled Boolean: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain String: Name of the container image.
domainName String
dtaEnabled Boolean
dtaSeverity String
enabled Boolean
enforce Boolean
enforceAfterDays Number
enforceExcessivePermissions Boolean
exceptionalMonitoredMalwarePaths List<String>
failCicd Boolean: Indicates if cicd failures will fail the image.
forbiddenLabels List<Property Map>
forbiddenLabelsEnabled Boolean
forceMicroenforcer Boolean
functionIntegrityEnabled Boolean
id String: The ID of this resource.
ignoreRecentlyPublishedVln Boolean
ignoreRecentlyPublishedVlnPeriod Number
ignoreRiskResourcesEnabled Boolean: Indicates if risk resources are ignored.
ignoredRiskResources List<String>: List of ignored risk resources.
images List<String>: List of images.
kubeCisEnabled Boolean: Performs a Kubernetes CIS benchmark check for the host.
labels List<String>: List of labels.
malwareAction String
maximumScore Number: Value of allowed maximum score.
maximumScoreEnabled Boolean: Indicates if exceeding the maximum score is scanned.
maximumScoreExcludeNoFix Boolean: Indicates that policy should ignore cases that do not have a known fix.
monitoredMalwarePaths List<String>
name String
onlyNoneRootUsers Boolean: Indicates if raise a warning for images that should only be run as root.
packagesBlackListEnabled Boolean: Indicates if packages blacklist is relevant.
packagesBlackLists List<Property Map>: List of blacklisted images.
packagesWhiteListEnabled Boolean: Indicates if packages whitelist is relevant.
packagesWhiteLists List<Property Map>: List of whitelisted images.
partialResultsImageFail Boolean
readOnly Boolean
registries List<String>: List of registries.
registry String
requiredLabels List<Property Map>
requiredLabelsEnabled Boolean
scanNfsMounts Boolean
scanSensitiveData Boolean: Indicates if scan should include sensitive data in the image.
scapEnabled Boolean: Indicates if scanning should include scap.
scapFiles List<String>: List of SCAP user scripts for checks.
scopes List<Property Map>
trustedBaseImages List<Property Map>: List of trusted images.
trustedBaseImagesEnabled Boolean: Indicates if list of trusted base images is relevant.
whitelistedLicenses List<String>: List of whitelisted licenses.
whitelistedLicensesEnabled Boolean: Indicates if license blacklist is relevant.