Aquasec v0.8.29 published on Monday, Jul 22, 2024 by Pulumiverse
aquasec.getKubernetesAssurancePolicy
Using getKubernetesAssurancePolicy
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getKubernetesAssurancePolicy(args: GetKubernetesAssurancePolicyArgs, opts?: InvokeOptions): Promise<GetKubernetesAssurancePolicyResult>
function getKubernetesAssurancePolicyOutput(args: GetKubernetesAssurancePolicyOutputArgs, opts?: InvokeOptions): Output<GetKubernetesAssurancePolicyResult>def get_kubernetes_assurance_policy(name: Optional[str] = None,
                                    opts: Optional[InvokeOptions] = None) -> GetKubernetesAssurancePolicyResult
def get_kubernetes_assurance_policy_output(name: Optional[pulumi.Input[str]] = None,
                                    opts: Optional[InvokeOptions] = None) -> Output[GetKubernetesAssurancePolicyResult]func LookupKubernetesAssurancePolicy(ctx *Context, args *LookupKubernetesAssurancePolicyArgs, opts ...InvokeOption) (*LookupKubernetesAssurancePolicyResult, error)
func LookupKubernetesAssurancePolicyOutput(ctx *Context, args *LookupKubernetesAssurancePolicyOutputArgs, opts ...InvokeOption) LookupKubernetesAssurancePolicyResultOutput> Note: This function is named LookupKubernetesAssurancePolicy in the Go SDK.
public static class GetKubernetesAssurancePolicy 
{
    public static Task<GetKubernetesAssurancePolicyResult> InvokeAsync(GetKubernetesAssurancePolicyArgs args, InvokeOptions? opts = null)
    public static Output<GetKubernetesAssurancePolicyResult> Invoke(GetKubernetesAssurancePolicyInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetKubernetesAssurancePolicyResult> getKubernetesAssurancePolicy(GetKubernetesAssurancePolicyArgs args, InvokeOptions options)
public static Output<GetKubernetesAssurancePolicyResult> getKubernetesAssurancePolicy(GetKubernetesAssurancePolicyArgs args, InvokeOptions options)
fn::invoke:
  function: aquasec:index/getKubernetesAssurancePolicy:getKubernetesAssurancePolicy
  arguments:
    # arguments dictionaryThe following arguments are supported:
- Name string
- Name string
- name String
- name string
- name str
- name String
getKubernetesAssurancePolicy Result
The following output properties are available:
- AllowedImages List<string>
- List of explicitly allowed images.
- ApplicationScopes List<string>
- AuditOn boolFailure 
- Indicates if auditing for failures.
- string
- Name of user account that created the policy.
- AutoScan boolConfigured 
- AutoScan boolEnabled 
- AutoScan List<Pulumiverse.Times Aquasec. Outputs. Get Kubernetes Assurance Policy Auto Scan Time> 
- BlacklistPermissions List<string>
- List of function's forbidden permissions.
- BlacklistPermissions boolEnabled 
- Indicates if blacklist permissions is relevant.
- BlacklistedLicenses List<string>
- List of blacklisted licenses.
- BlacklistedLicenses boolEnabled 
- Indicates if license blacklist is relevant.
- BlockFailed bool
- Indicates if failed images are blocked.
- ControlExclude boolNo Fix 
- CustomChecks List<Pulumiverse.Aquasec. Outputs. Get Kubernetes Assurance Policy Custom Check> 
- List of Custom user scripts for checks.
- CustomChecks boolEnabled 
- Indicates if scanning should include custom checks.
- CustomSeverity boolEnabled 
- CvesBlack boolList Enabled 
- Indicates if CVEs blacklist is relevant.
- CvesBlack List<string>Lists 
- List of CVEs blacklisted items.
- CvesWhite boolList Enabled 
- Indicates if CVEs whitelist is relevant.
- CvesWhite List<string>Lists 
- List of CVEs whitelisted licenses
- CvssSeverity string
- Identifier of the CVSS severity.
- CvssSeverity boolEnabled 
- Indicates if the CVSS severity is scanned.
- CvssSeverity boolExclude No Fix 
- Indicates that policy should ignore CVSS cases that do not have a known fix.
- Description string
- DisallowMalware bool
- Indicates if malware should block the image.
- DockerCis boolEnabled 
- Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
- Domain string
- Name of the container image.
- DomainName string
- DtaEnabled bool
- DtaSeverity string
- Enabled bool
- Enforce bool
- EnforceAfter intDays 
- EnforceExcessive boolPermissions 
- ExceptionalMonitored List<string>Malware Paths 
- Directories to be excluded from monitoring.
- FailCicd bool
- Indicates if CI/CD failures will fail the image.
- ForbiddenLabels List<Pulumiverse.Aquasec. Outputs. Get Kubernetes Assurance Policy Forbidden Label> 
- ForbiddenLabels boolEnabled 
- ForceMicroenforcer bool
- FunctionIntegrity boolEnabled 
- Id string
- The ID of this resource.
- IgnoreRecently boolPublished Vln 
- IgnoreRecently intPublished Vln Period 
- IgnoreRisk boolResources Enabled 
- Indicates if risk resources are ignored.
- IgnoredRisk List<string>Resources 
- List of ignored risk resources.
- Images List<string>
- List of images.
- KubeCis boolEnabled 
- Performs a Kubernetes CIS benchmark check for the host.
- KubernetesControls List<string>Names 
- List of kubernetes control names
- Labels List<string>
- List of labels.
- MalwareAction string
- MaximumScore double
- Value of allowed maximum score.
- MaximumScore boolEnabled 
- Indicates if exceeding the maximum score is scanned.
- MaximumScore boolExclude No Fix 
- Indicates that policy should ignore cases that do not have a known fix.
- MonitoredMalware List<string>Paths 
- Directories to be monitored.
- Name string
- OnlyNone boolRoot Users 
- Indicates if raise a warning for images that should only be run as root.
- PackagesBlack boolList Enabled 
- Indicates if packages blacklist is relevant.
- PackagesBlack List<Pulumiverse.Lists Aquasec. Outputs. Get Kubernetes Assurance Policy Packages Black List> 
- List of blacklisted images.
- PackagesWhite boolList Enabled 
- Indicates if packages whitelist is relevant.
- PackagesWhite List<Pulumiverse.Lists Aquasec. Outputs. Get Kubernetes Assurance Policy Packages White List> 
- List of whitelisted images.
- PartialResults boolImage Fail 
- ReadOnly bool
- Registries List<string>
- List of registries.
- Registry string
- RequiredLabels List<Pulumiverse.Aquasec. Outputs. Get Kubernetes Assurance Policy Required Label> 
- RequiredLabels boolEnabled 
- ScanNfs boolMounts 
- ScanSensitive boolData 
- Indicates if scan should include sensitive data in the image.
- ScapEnabled bool
- Indicates if scanning should include SCAP.
- ScapFiles List<string>
- List of SCAP user scripts for checks.
- Scopes
List<Pulumiverse.Aquasec. Outputs. Get Kubernetes Assurance Policy Scope> 
- TrustedBase List<Pulumiverse.Images Aquasec. Outputs. Get Kubernetes Assurance Policy Trusted Base Image> 
- List of trusted images.
- TrustedBase boolImages Enabled 
- Indicates if list of trusted base images is relevant.
- WhitelistedLicenses List<string>
- List of whitelisted licenses.
- WhitelistedLicenses boolEnabled 
- Indicates if license blacklist is relevant.
- AllowedImages []string
- List of explicitly allowed images.
- ApplicationScopes []string
- AuditOn boolFailure 
- Indicates if auditing for failures.
- string
- Name of user account that created the policy.
- AutoScan boolConfigured 
- AutoScan boolEnabled 
- AutoScan []GetTimes Kubernetes Assurance Policy Auto Scan Time 
- BlacklistPermissions []string
- List of function's forbidden permissions.
- BlacklistPermissions boolEnabled 
- Indicates if blacklist permissions is relevant.
- BlacklistedLicenses []string
- List of blacklisted licenses.
- BlacklistedLicenses boolEnabled 
- Indicates if license blacklist is relevant.
- BlockFailed bool
- Indicates if failed images are blocked.
- ControlExclude boolNo Fix 
- CustomChecks []GetKubernetes Assurance Policy Custom Check 
- List of Custom user scripts for checks.
- CustomChecks boolEnabled 
- Indicates if scanning should include custom checks.
- CustomSeverity boolEnabled 
- CvesBlack boolList Enabled 
- Indicates if CVEs blacklist is relevant.
- CvesBlack []stringLists 
- List of CVEs blacklisted items.
- CvesWhite boolList Enabled 
- Indicates if CVEs whitelist is relevant.
- CvesWhite []stringLists 
- List of CVEs whitelisted licenses
- CvssSeverity string
- Identifier of the CVSS severity.
- CvssSeverity boolEnabled 
- Indicates if the CVSS severity is scanned.
- CvssSeverity boolExclude No Fix 
- Indicates that policy should ignore CVSS cases that do not have a known fix.
- Description string
- DisallowMalware bool
- Indicates if malware should block the image.
- DockerCis boolEnabled 
- Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
- Domain string
- Name of the container image.
- DomainName string
- DtaEnabled bool
- DtaSeverity string
- Enabled bool
- Enforce bool
- EnforceAfter intDays 
- EnforceExcessive boolPermissions 
- ExceptionalMonitored []stringMalware Paths 
- Directories to be excluded from monitoring.
- FailCicd bool
- Indicates if CI/CD failures will fail the image.
- ForbiddenLabels []GetKubernetes Assurance Policy Forbidden Label 
- ForbiddenLabels boolEnabled 
- ForceMicroenforcer bool
- FunctionIntegrity boolEnabled 
- Id string
- The ID of this resource.
- IgnoreRecently boolPublished Vln 
- IgnoreRecently intPublished Vln Period 
- IgnoreRisk boolResources Enabled 
- Indicates if risk resources are ignored.
- IgnoredRisk []stringResources 
- List of ignored risk resources.
- Images []string
- List of images.
- KubeCis boolEnabled 
- Performs a Kubernetes CIS benchmark check for the host.
- KubernetesControls []stringNames 
- List of kubernetes control names
- Labels []string
- List of labels.
- MalwareAction string
- MaximumScore float64
- Value of allowed maximum score.
- MaximumScore boolEnabled 
- Indicates if exceeding the maximum score is scanned.
- MaximumScore boolExclude No Fix 
- Indicates that policy should ignore cases that do not have a known fix.
- MonitoredMalware []stringPaths 
- Directories to be monitored.
- Name string
- OnlyNone boolRoot Users 
- Indicates if raise a warning for images that should only be run as root.
- PackagesBlack boolList Enabled 
- Indicates if packages blacklist is relevant.
- PackagesBlack []GetLists Kubernetes Assurance Policy Packages Black List 
- List of blacklisted images.
- PackagesWhite boolList Enabled 
- Indicates if packages whitelist is relevant.
- PackagesWhite []GetLists Kubernetes Assurance Policy Packages White List 
- List of whitelisted images.
- PartialResults boolImage Fail 
- ReadOnly bool
- Registries []string
- List of registries.
- Registry string
- RequiredLabels []GetKubernetes Assurance Policy Required Label 
- RequiredLabels boolEnabled 
- ScanNfs boolMounts 
- ScanSensitive boolData 
- Indicates if scan should include sensitive data in the image.
- ScapEnabled bool
- Indicates if scanning should include SCAP.
- ScapFiles []string
- List of SCAP user scripts for checks.
- Scopes
[]GetKubernetes Assurance Policy Scope 
- TrustedBase []GetImages Kubernetes Assurance Policy Trusted Base Image 
- List of trusted images.
- TrustedBase boolImages Enabled 
- Indicates if list of trusted base images is relevant.
- WhitelistedLicenses []string
- List of whitelisted licenses.
- WhitelistedLicenses boolEnabled 
- Indicates if license blacklist is relevant.
- allowedImages List<String>
- List of explicitly allowed images.
- applicationScopes List<String>
- auditOn BooleanFailure 
- Indicates if auditing for failures.
- String
- Name of user account that created the policy.
- autoScan BooleanConfigured 
- autoScan BooleanEnabled 
- autoScan List<GetTimes Kubernetes Assurance Policy Auto Scan Time> 
- blacklistPermissions List<String>
- List of function's forbidden permissions.
- blacklistPermissions BooleanEnabled 
- Indicates if blacklist permissions is relevant.
- blacklistedLicenses List<String>
- List of blacklisted licenses.
- blacklistedLicenses BooleanEnabled 
- Indicates if license blacklist is relevant.
- blockFailed Boolean
- Indicates if failed images are blocked.
- controlExclude BooleanNo Fix 
- customChecks List<GetKubernetes Assurance Policy Custom Check> 
- List of Custom user scripts for checks.
- customChecks BooleanEnabled 
- Indicates if scanning should include custom checks.
- customSeverity BooleanEnabled 
- cvesBlack BooleanList Enabled 
- Indicates if CVEs blacklist is relevant.
- cvesBlack List<String>Lists 
- List of CVEs blacklisted items.
- cvesWhite BooleanList Enabled 
- Indicates if CVEs whitelist is relevant.
- cvesWhite List<String>Lists 
- List of CVEs whitelisted licenses
- cvssSeverity String
- Identifier of the CVSS severity.
- cvssSeverity BooleanEnabled 
- Indicates if the CVSS severity is scanned.
- cvssSeverity BooleanExclude No Fix 
- Indicates that policy should ignore CVSS cases that do not have a known fix.
- description String
- disallowMalware Boolean
- Indicates if malware should block the image.
- dockerCis BooleanEnabled 
- Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
- domain String
- Name of the container image.
- domainName String
- dtaEnabled Boolean
- dtaSeverity String
- enabled Boolean
- enforce Boolean
- enforceAfter IntegerDays 
- enforceExcessive BooleanPermissions 
- exceptionalMonitored List<String>Malware Paths 
- Directories to be excluded from monitoring.
- failCicd Boolean
- Indicates if CI/CD failures will fail the image.
- forbiddenLabels List<GetKubernetes Assurance Policy Forbidden Label> 
- forbiddenLabels BooleanEnabled 
- forceMicroenforcer Boolean
- functionIntegrity BooleanEnabled 
- id String
- The ID of this resource.
- ignoreRecently BooleanPublished Vln 
- ignoreRecently IntegerPublished Vln Period 
- ignoreRisk BooleanResources Enabled 
- Indicates if risk resources are ignored.
- ignoredRisk List<String>Resources 
- List of ignored risk resources.
- images List<String>
- List of images.
- kubeCis BooleanEnabled 
- Performs a Kubernetes CIS benchmark check for the host.
- kubernetesControls List<String>Names 
- List of kubernetes control names
- labels List<String>
- List of labels.
- malwareAction String
- maximumScore Double
- Value of allowed maximum score.
- maximumScore BooleanEnabled 
- Indicates if exceeding the maximum score is scanned.
- maximumScore BooleanExclude No Fix 
- Indicates that policy should ignore cases that do not have a known fix.
- monitoredMalware List<String>Paths 
- Directories to be monitored.
- name String
- onlyNone BooleanRoot Users 
- Indicates if raise a warning for images that should only be run as root.
- packagesBlack BooleanList Enabled 
- Indicates if packages blacklist is relevant.
- packagesBlack List<GetLists Kubernetes Assurance Policy Packages Black List> 
- List of blacklisted images.
- packagesWhite BooleanList Enabled 
- Indicates if packages whitelist is relevant.
- packagesWhite List<GetLists Kubernetes Assurance Policy Packages White List> 
- List of whitelisted images.
- partialResults BooleanImage Fail 
- readOnly Boolean
- registries List<String>
- List of registries.
- registry String
- requiredLabels List<GetKubernetes Assurance Policy Required Label> 
- requiredLabels BooleanEnabled 
- scanNfs BooleanMounts 
- scanSensitive BooleanData 
- Indicates if scan should include sensitive data in the image.
- scapEnabled Boolean
- Indicates if scanning should include SCAP.
- scapFiles List<String>
- List of SCAP user scripts for checks.
- scopes
List<GetKubernetes Assurance Policy Scope> 
- trustedBase List<GetImages Kubernetes Assurance Policy Trusted Base Image> 
- List of trusted images.
- trustedBase BooleanImages Enabled 
- Indicates if list of trusted base images is relevant.
- whitelistedLicenses List<String>
- List of whitelisted licenses.
- whitelistedLicenses BooleanEnabled 
- Indicates if license blacklist is relevant.
- allowedImages string[]
- List of explicitly allowed images.
- applicationScopes string[]
- auditOn booleanFailure 
- Indicates if auditing for failures.
- string
- Name of user account that created the policy.
- autoScan booleanConfigured 
- autoScan booleanEnabled 
- autoScan GetTimes Kubernetes Assurance Policy Auto Scan Time[] 
- blacklistPermissions string[]
- List of function's forbidden permissions.
- blacklistPermissions booleanEnabled 
- Indicates if blacklist permissions is relevant.
- blacklistedLicenses string[]
- List of blacklisted licenses.
- blacklistedLicenses booleanEnabled 
- Indicates if license blacklist is relevant.
- blockFailed boolean
- Indicates if failed images are blocked.
- controlExclude booleanNo Fix 
- customChecks GetKubernetes Assurance Policy Custom Check[] 
- List of Custom user scripts for checks.
- customChecks booleanEnabled 
- Indicates if scanning should include custom checks.
- customSeverity booleanEnabled 
- cvesBlack booleanList Enabled 
- Indicates if CVEs blacklist is relevant.
- cvesBlack string[]Lists 
- List of CVEs blacklisted items.
- cvesWhite booleanList Enabled 
- Indicates if CVEs whitelist is relevant.
- cvesWhite string[]Lists 
- List of CVEs whitelisted licenses
- cvssSeverity string
- Identifier of the CVSS severity.
- cvssSeverity booleanEnabled 
- Indicates if the CVSS severity is scanned.
- cvssSeverity booleanExclude No Fix 
- Indicates that policy should ignore CVSS cases that do not have a known fix.
- description string
- disallowMalware boolean
- Indicates if malware should block the image.
- dockerCis booleanEnabled 
- Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
- domain string
- Name of the container image.
- domainName string
- dtaEnabled boolean
- dtaSeverity string
- enabled boolean
- enforce boolean
- enforceAfter numberDays 
- enforceExcessive booleanPermissions 
- exceptionalMonitored string[]Malware Paths 
- Directories to be excluded from monitoring.
- failCicd boolean
- Indicates if CI/CD failures will fail the image.
- forbiddenLabels GetKubernetes Assurance Policy Forbidden Label[] 
- forbiddenLabels booleanEnabled 
- forceMicroenforcer boolean
- functionIntegrity booleanEnabled 
- id string
- The ID of this resource.
- ignoreRecently booleanPublished Vln 
- ignoreRecently numberPublished Vln Period 
- ignoreRisk booleanResources Enabled 
- Indicates if risk resources are ignored.
- ignoredRisk string[]Resources 
- List of ignored risk resources.
- images string[]
- List of images.
- kubeCis booleanEnabled 
- Performs a Kubernetes CIS benchmark check for the host.
- kubernetesControls string[]Names 
- List of kubernetes control names
- labels string[]
- List of labels.
- malwareAction string
- maximumScore number
- Value of allowed maximum score.
- maximumScore booleanEnabled 
- Indicates if exceeding the maximum score is scanned.
- maximumScore booleanExclude No Fix 
- Indicates that policy should ignore cases that do not have a known fix.
- monitoredMalware string[]Paths 
- Directories to be monitored.
- name string
- onlyNone booleanRoot Users 
- Indicates if raise a warning for images that should only be run as root.
- packagesBlack booleanList Enabled 
- Indicates if packages blacklist is relevant.
- packagesBlack GetLists Kubernetes Assurance Policy Packages Black List[] 
- List of blacklisted images.
- packagesWhite booleanList Enabled 
- Indicates if packages whitelist is relevant.
- packagesWhite GetLists Kubernetes Assurance Policy Packages White List[] 
- List of whitelisted images.
- partialResults booleanImage Fail 
- readOnly boolean
- registries string[]
- List of registries.
- registry string
- requiredLabels GetKubernetes Assurance Policy Required Label[] 
- requiredLabels booleanEnabled 
- scanNfs booleanMounts 
- scanSensitive booleanData 
- Indicates if scan should include sensitive data in the image.
- scapEnabled boolean
- Indicates if scanning should include SCAP.
- scapFiles string[]
- List of SCAP user scripts for checks.
- scopes
GetKubernetes Assurance Policy Scope[] 
- trustedBase GetImages Kubernetes Assurance Policy Trusted Base Image[] 
- List of trusted images.
- trustedBase booleanImages Enabled 
- Indicates if list of trusted base images is relevant.
- whitelistedLicenses string[]
- List of whitelisted licenses.
- whitelistedLicenses booleanEnabled 
- Indicates if license blacklist is relevant.
- allowed_images Sequence[str]
- List of explicitly allowed images.
- application_scopes Sequence[str]
- audit_on_ boolfailure 
- Indicates if auditing for failures.
- str
- Name of user account that created the policy.
- auto_scan_ boolconfigured 
- auto_scan_ boolenabled 
- auto_scan_ Sequence[Gettimes Kubernetes Assurance Policy Auto Scan Time] 
- blacklist_permissions Sequence[str]
- List of function's forbidden permissions.
- blacklist_permissions_ boolenabled 
- Indicates if blacklist permissions is relevant.
- blacklisted_licenses Sequence[str]
- List of blacklisted licenses.
- blacklisted_licenses_ boolenabled 
- Indicates if license blacklist is relevant.
- block_failed bool
- Indicates if failed images are blocked.
- control_exclude_ boolno_ fix 
- custom_checks Sequence[GetKubernetes Assurance Policy Custom Check] 
- List of Custom user scripts for checks.
- custom_checks_ boolenabled 
- Indicates if scanning should include custom checks.
- custom_severity_ boolenabled 
- cves_black_ boollist_ enabled 
- Indicates if CVEs blacklist is relevant.
- cves_black_ Sequence[str]lists 
- List of CVEs blacklisted items.
- cves_white_ boollist_ enabled 
- Indicates if CVEs whitelist is relevant.
- cves_white_ Sequence[str]lists 
- List of CVEs whitelisted licenses
- cvss_severity str
- Identifier of the CVSS severity.
- cvss_severity_ boolenabled 
- Indicates if the CVSS severity is scanned.
- cvss_severity_ boolexclude_ no_ fix 
- Indicates that policy should ignore CVSS cases that do not have a known fix.
- description str
- disallow_malware bool
- Indicates if malware should block the image.
- docker_cis_ boolenabled 
- Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
- domain str
- Name of the container image.
- domain_name str
- dta_enabled bool
- dta_severity str
- enabled bool
- enforce bool
- enforce_after_ intdays 
- enforce_excessive_ boolpermissions 
- exceptional_monitored_ Sequence[str]malware_ paths 
- Directories to be excluded from monitoring.
- fail_cicd bool
- Indicates if CI/CD failures will fail the image.
- forbidden_labels Sequence[GetKubernetes Assurance Policy Forbidden Label] 
- forbidden_labels_ boolenabled 
- force_microenforcer bool
- function_integrity_ boolenabled 
- id str
- The ID of this resource.
- ignore_recently_ boolpublished_ vln 
- ignore_recently_ intpublished_ vln_ period 
- ignore_risk_ boolresources_ enabled 
- Indicates if risk resources are ignored.
- ignored_risk_ Sequence[str]resources 
- List of ignored risk resources.
- images Sequence[str]
- List of images.
- kube_cis_ boolenabled 
- Performs a Kubernetes CIS benchmark check for the host.
- kubernetes_controls_ Sequence[str]names 
- List of kubernetes control names
- labels Sequence[str]
- List of labels.
- malware_action str
- maximum_score float
- Value of allowed maximum score.
- maximum_score_ boolenabled 
- Indicates if exceeding the maximum score is scanned.
- maximum_score_ boolexclude_ no_ fix 
- Indicates that policy should ignore cases that do not have a known fix.
- monitored_malware_ Sequence[str]paths 
- Directories to be monitored.
- name str
- only_none_ boolroot_ users 
- Indicates if raise a warning for images that should only be run as root.
- packages_black_ boollist_ enabled 
- Indicates if packages blacklist is relevant.
- packages_black_ Sequence[Getlists Kubernetes Assurance Policy Packages Black List] 
- List of blacklisted images.
- packages_white_ boollist_ enabled 
- Indicates if packages whitelist is relevant.
- packages_white_ Sequence[Getlists Kubernetes Assurance Policy Packages White List] 
- List of whitelisted images.
- partial_results_ boolimage_ fail 
- read_only bool
- registries Sequence[str]
- List of registries.
- registry str
- required_labels Sequence[GetKubernetes Assurance Policy Required Label] 
- required_labels_ boolenabled 
- scan_nfs_ boolmounts 
- scan_sensitive_ booldata 
- Indicates if scan should include sensitive data in the image.
- scap_enabled bool
- Indicates if scanning should include SCAP.
- scap_files Sequence[str]
- List of SCAP user scripts for checks.
- scopes
Sequence[GetKubernetes Assurance Policy Scope] 
- trusted_base_ Sequence[Getimages Kubernetes Assurance Policy Trusted Base Image] 
- List of trusted images.
- trusted_base_ boolimages_ enabled 
- Indicates if list of trusted base images is relevant.
- whitelisted_licenses Sequence[str]
- List of whitelisted licenses.
- whitelisted_licenses_ boolenabled 
- Indicates if license blacklist is relevant.
- allowedImages List<String>
- List of explicitly allowed images.
- applicationScopes List<String>
- auditOn BooleanFailure 
- Indicates if auditing for failures.
- String
- Name of user account that created the policy.
- autoScan BooleanConfigured 
- autoScan BooleanEnabled 
- autoScan List<Property Map>Times 
- blacklistPermissions List<String>
- List of function's forbidden permissions.
- blacklistPermissions BooleanEnabled 
- Indicates if blacklist permissions is relevant.
- blacklistedLicenses List<String>
- List of blacklisted licenses.
- blacklistedLicenses BooleanEnabled 
- Indicates if license blacklist is relevant.
- blockFailed Boolean
- Indicates if failed images are blocked.
- controlExclude BooleanNo Fix 
- customChecks List<Property Map>
- List of Custom user scripts for checks.
- customChecks BooleanEnabled 
- Indicates if scanning should include custom checks.
- customSeverity BooleanEnabled 
- cvesBlack BooleanList Enabled 
- Indicates if CVEs blacklist is relevant.
- cvesBlack List<String>Lists 
- List of CVEs blacklisted items.
- cvesWhite BooleanList Enabled 
- Indicates if CVEs whitelist is relevant.
- cvesWhite List<String>Lists 
- List of CVEs whitelisted licenses
- cvssSeverity String
- Identifier of the CVSS severity.
- cvssSeverity BooleanEnabled 
- Indicates if the CVSS severity is scanned.
- cvssSeverity BooleanExclude No Fix 
- Indicates that policy should ignore CVSS cases that do not have a known fix.
- description String
- disallowMalware Boolean
- Indicates if malware should block the image.
- dockerCis BooleanEnabled 
- Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
- domain String
- Name of the container image.
- domainName String
- dtaEnabled Boolean
- dtaSeverity String
- enabled Boolean
- enforce Boolean
- enforceAfter NumberDays 
- enforceExcessive BooleanPermissions 
- exceptionalMonitored List<String>Malware Paths 
- Directories to be excluded from monitoring.
- failCicd Boolean
- Indicates if CI/CD failures will fail the image.
- forbiddenLabels List<Property Map>
- forbiddenLabels BooleanEnabled 
- forceMicroenforcer Boolean
- functionIntegrity BooleanEnabled 
- id String
- The ID of this resource.
- ignoreRecently BooleanPublished Vln 
- ignoreRecently NumberPublished Vln Period 
- ignoreRisk BooleanResources Enabled 
- Indicates if risk resources are ignored.
- ignoredRisk List<String>Resources 
- List of ignored risk resources.
- images List<String>
- List of images.
- kubeCis BooleanEnabled 
- Performs a Kubernetes CIS benchmark check for the host.
- kubernetesControls List<String>Names 
- List of kubernetes control names
- labels List<String>
- List of labels.
- malwareAction String
- maximumScore Number
- Value of allowed maximum score.
- maximumScore BooleanEnabled 
- Indicates if exceeding the maximum score is scanned.
- maximumScore BooleanExclude No Fix 
- Indicates that policy should ignore cases that do not have a known fix.
- monitoredMalware List<String>Paths 
- Directories to be monitored.
- name String
- onlyNone BooleanRoot Users 
- Indicates if raise a warning for images that should only be run as root.
- packagesBlack BooleanList Enabled 
- Indicates if packages blacklist is relevant.
- packagesBlack List<Property Map>Lists 
- List of blacklisted images.
- packagesWhite BooleanList Enabled 
- Indicates if packages whitelist is relevant.
- packagesWhite List<Property Map>Lists 
- List of whitelisted images.
- partialResults BooleanImage Fail 
- readOnly Boolean
- registries List<String>
- List of registries.
- registry String
- requiredLabels List<Property Map>
- requiredLabels BooleanEnabled 
- scanNfs BooleanMounts 
- scanSensitive BooleanData 
- Indicates if scan should include sensitive data in the image.
- scapEnabled Boolean
- Indicates if scanning should include SCAP.
- scapFiles List<String>
- List of SCAP user scripts for checks.
- scopes List<Property Map>
- trustedBase List<Property Map>Images 
- List of trusted images.
- trustedBase BooleanImages Enabled 
- Indicates if list of trusted base images is relevant.
- whitelistedLicenses List<String>
- List of whitelisted licenses.
- whitelistedLicenses BooleanEnabled 
- Indicates if license blacklist is relevant.
Supporting Types
GetKubernetesAssurancePolicyAutoScanTime      
- Iteration int
- IterationType string
- Time string
- WeekDays List<string>
- Iteration int
- IterationType string
- Time string
- WeekDays []string
- iteration Integer
- iterationType String
- time String
- weekDays List<String>
- iteration number
- iterationType string
- time string
- weekDays string[]
- iteration int
- iteration_type str
- time str
- week_days Sequence[str]
- iteration Number
- iterationType String
- time String
- weekDays List<String>
GetKubernetesAssurancePolicyCustomCheck     
- string
- Name of user account that created the policy.
- Description string
- Engine string
- LastModified int
- Name string
- Path string
- ReadOnly bool
- ScriptId string
- Severity string
- Snippet string
- string
- Name of user account that created the policy.
- Description string
- Engine string
- LastModified int
- Name string
- Path string
- ReadOnly bool
- ScriptId string
- Severity string
- Snippet string
- String
- Name of user account that created the policy.
- description String
- engine String
- lastModified Integer
- name String
- path String
- readOnly Boolean
- scriptId String
- severity String
- snippet String
- string
- Name of user account that created the policy.
- description string
- engine string
- lastModified number
- name string
- path string
- readOnly boolean
- scriptId string
- severity string
- snippet string
- str
- Name of user account that created the policy.
- description str
- engine str
- last_modified int
- name str
- path str
- read_only bool
- script_id str
- severity str
- snippet str
- String
- Name of user account that created the policy.
- description String
- engine String
- lastModified Number
- name String
- path String
- readOnly Boolean
- scriptId String
- severity String
- snippet String
GetKubernetesAssurancePolicyForbiddenLabel     
GetKubernetesAssurancePolicyPackagesBlackList      
GetKubernetesAssurancePolicyPackagesWhiteList      
GetKubernetesAssurancePolicyRequiredLabel     
GetKubernetesAssurancePolicyScope    
GetKubernetesAssurancePolicyScopeVariable     
GetKubernetesAssurancePolicyTrustedBaseImage      
Package Details
- Repository
- aquasec pulumiverse/pulumi-aquasec
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the aquasecTerraform Provider.
