Aquasec

v0.2.2 published on Monday, Nov 14, 2022 by Pulumiverse

getKubernetesAssurancePolicy

Using getKubernetesAssurancePolicy

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getKubernetesAssurancePolicy(args: GetKubernetesAssurancePolicyArgs, opts?: InvokeOptions): Promise<GetKubernetesAssurancePolicyResult>
function getKubernetesAssurancePolicyOutput(args: GetKubernetesAssurancePolicyOutputArgs, opts?: InvokeOptions): Output<GetKubernetesAssurancePolicyResult>
def get_kubernetes_assurance_policy(name: Optional[str] = None,
                                    opts: Optional[InvokeOptions] = None) -> GetKubernetesAssurancePolicyResult
def get_kubernetes_assurance_policy_output(name: Optional[pulumi.Input[str]] = None,
                                    opts: Optional[InvokeOptions] = None) -> Output[GetKubernetesAssurancePolicyResult]
func LookupKubernetesAssurancePolicy(ctx *Context, args *LookupKubernetesAssurancePolicyArgs, opts ...InvokeOption) (*LookupKubernetesAssurancePolicyResult, error)
func LookupKubernetesAssurancePolicyOutput(ctx *Context, args *LookupKubernetesAssurancePolicyOutputArgs, opts ...InvokeOption) LookupKubernetesAssurancePolicyResultOutput

> Note: This function is named LookupKubernetesAssurancePolicy in the Go SDK.

public static class GetKubernetesAssurancePolicy 
{
    public static Task<GetKubernetesAssurancePolicyResult> InvokeAsync(GetKubernetesAssurancePolicyArgs args, InvokeOptions? opts = null)
    public static Output<GetKubernetesAssurancePolicyResult> Invoke(GetKubernetesAssurancePolicyInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetKubernetesAssurancePolicyResult> getKubernetesAssurancePolicy(GetKubernetesAssurancePolicyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: aquasec:index/getKubernetesAssurancePolicy:getKubernetesAssurancePolicy
  arguments:
    # arguments dictionary

The following arguments are supported:

Name string
Name string
name String
name string
name str
name String

getKubernetesAssurancePolicy Result

The following output properties are available:

AllowedImages List<string>

List of explicitly allowed images.

ApplicationScopes List<string>
AuditOnFailure bool

Indicates if auditing for failures.

Author string

Name of user account that created the policy.

AutoScanConfigured bool
AutoScanEnabled bool
AutoScanTimes List<Pulumiverse.Aquasec.Outputs.GetKubernetesAssurancePolicyAutoScanTime>
BlacklistPermissions List<string>

List of function's forbidden permissions.

BlacklistPermissionsEnabled bool

Indicates if blacklist permissions is relevant.

BlacklistedLicenses List<string>

List of blacklisted licenses.

BlacklistedLicensesEnabled bool

Lndicates if license blacklist is relevant.

BlockFailed bool

Indicates if failed images are blocked.

ControlExcludeNoFix bool
CustomChecks List<Pulumiverse.Aquasec.Outputs.GetKubernetesAssurancePolicyCustomCheck>

List of Custom user scripts for checks.

CustomChecksEnabled bool

Indicates if scanning should include custom checks.

CustomSeverityEnabled bool
CvesBlackListEnabled bool

Indicates if cves blacklist is relevant.

CvesBlackLists List<string>

List of cves blacklisted items.

CvesWhiteListEnabled bool

Indicates if cves whitelist is relevant.

CvesWhiteLists List<string>

List of cves whitelisted licenses

CvssSeverity string

Identifier of the cvss severity.

CvssSeverityEnabled bool

Indicates if the cvss severity is scanned.

CvssSeverityExcludeNoFix bool

Indicates that policy should ignore cvss cases that do not have a known fix.

Description string
DisallowMalware bool

Indicates if malware should block the image.

DockerCisEnabled bool
Domain string

Name of the container image.

DomainName string
DtaEnabled bool
DtaSeverity string
Enabled bool
Enforce bool
EnforceAfterDays int
EnforceExcessivePermissions bool
ExceptionalMonitoredMalwarePaths List<string>
FailCicd bool

Indicates if cicd failures will fail the image.

ForbiddenLabels List<Pulumiverse.Aquasec.Outputs.GetKubernetesAssurancePolicyForbiddenLabel>
ForbiddenLabelsEnabled bool
ForceMicroenforcer bool
FunctionIntegrityEnabled bool
Id string

The ID of this resource.

IgnoreRecentlyPublishedVln bool
IgnoreRecentlyPublishedVlnPeriod int
IgnoreRiskResourcesEnabled bool

Indicates if risk resources are ignored.

IgnoredRiskResources List<string>

List of ignored risk resources.

Images List<string>

List of images.

KubeCisEnabled bool
KubernetesControlsNames List<string>

List of kubernetes control names

Labels List<string>

List of labels.

MalwareAction string
MaximumScore double

Value of allowed maximum score.

MaximumScoreEnabled bool

Indicates if exceeding the maximum score is scanned.

MaximumScoreExcludeNoFix bool

Indicates that policy should ignore cases that do not have a known fix.

MonitoredMalwarePaths List<string>
Name string
OnlyNoneRootUsers bool

Indicates if raise a warning for images that should only be run as root.

PackagesBlackListEnabled bool

Indicates if packages blacklist is relevant.

PackagesBlackLists List<Pulumiverse.Aquasec.Outputs.GetKubernetesAssurancePolicyPackagesBlackList>

List of backlisted images.

PackagesWhiteListEnabled bool

Indicates if packages whitelist is relevant.

PackagesWhiteLists List<Pulumiverse.Aquasec.Outputs.GetKubernetesAssurancePolicyPackagesWhiteList>

List of whitelisted images.

PartialResultsImageFail bool
ReadOnly bool
Registries List<string>

List of registries.

Registry string
RequiredLabels List<Pulumiverse.Aquasec.Outputs.GetKubernetesAssurancePolicyRequiredLabel>
RequiredLabelsEnabled bool
ScanNfsMounts bool
ScanSensitiveData bool

Indicates if scan should include sensitive data in the image.

ScapEnabled bool

Indicates if scanning should include scap.

ScapFiles List<string>

List of SCAP user scripts for checks.

Scopes List<Pulumiverse.Aquasec.Outputs.GetKubernetesAssurancePolicyScope>
TrustedBaseImages List<Pulumiverse.Aquasec.Outputs.GetKubernetesAssurancePolicyTrustedBaseImage>

List of trusted images.

TrustedBaseImagesEnabled bool

Indicates if list of trusted base images is relevant.

WhitelistedLicenses List<string>

List of whitelisted licenses.

WhitelistedLicensesEnabled bool

Indicates if license blacklist is relevant.

AllowedImages []string

List of explicitly allowed images.

ApplicationScopes []string
AuditOnFailure bool

Indicates if auditing for failures.

Author string

Name of user account that created the policy.

AutoScanConfigured bool
AutoScanEnabled bool
AutoScanTimes []GetKubernetesAssurancePolicyAutoScanTime
BlacklistPermissions []string

List of function's forbidden permissions.

BlacklistPermissionsEnabled bool

Indicates if blacklist permissions is relevant.

BlacklistedLicenses []string

List of blacklisted licenses.

BlacklistedLicensesEnabled bool

Lndicates if license blacklist is relevant.

BlockFailed bool

Indicates if failed images are blocked.

ControlExcludeNoFix bool
CustomChecks []GetKubernetesAssurancePolicyCustomCheck

List of Custom user scripts for checks.

CustomChecksEnabled bool

Indicates if scanning should include custom checks.

CustomSeverityEnabled bool
CvesBlackListEnabled bool

Indicates if cves blacklist is relevant.

CvesBlackLists []string

List of cves blacklisted items.

CvesWhiteListEnabled bool

Indicates if cves whitelist is relevant.

CvesWhiteLists []string

List of cves whitelisted licenses

CvssSeverity string

Identifier of the cvss severity.

CvssSeverityEnabled bool

Indicates if the cvss severity is scanned.

CvssSeverityExcludeNoFix bool

Indicates that policy should ignore cvss cases that do not have a known fix.

Description string
DisallowMalware bool

Indicates if malware should block the image.

DockerCisEnabled bool
Domain string

Name of the container image.

DomainName string
DtaEnabled bool
DtaSeverity string
Enabled bool
Enforce bool
EnforceAfterDays int
EnforceExcessivePermissions bool
ExceptionalMonitoredMalwarePaths []string
FailCicd bool

Indicates if cicd failures will fail the image.

ForbiddenLabels []GetKubernetesAssurancePolicyForbiddenLabel
ForbiddenLabelsEnabled bool
ForceMicroenforcer bool
FunctionIntegrityEnabled bool
Id string

The ID of this resource.

IgnoreRecentlyPublishedVln bool
IgnoreRecentlyPublishedVlnPeriod int
IgnoreRiskResourcesEnabled bool

Indicates if risk resources are ignored.

IgnoredRiskResources []string

List of ignored risk resources.

Images []string

List of images.

KubeCisEnabled bool
KubernetesControlsNames []string

List of kubernetes control names

Labels []string

List of labels.

MalwareAction string
MaximumScore float64

Value of allowed maximum score.

MaximumScoreEnabled bool

Indicates if exceeding the maximum score is scanned.

MaximumScoreExcludeNoFix bool

Indicates that policy should ignore cases that do not have a known fix.

MonitoredMalwarePaths []string
Name string
OnlyNoneRootUsers bool

Indicates if raise a warning for images that should only be run as root.

PackagesBlackListEnabled bool

Indicates if packages blacklist is relevant.

PackagesBlackLists []GetKubernetesAssurancePolicyPackagesBlackList

List of backlisted images.

PackagesWhiteListEnabled bool

Indicates if packages whitelist is relevant.

PackagesWhiteLists []GetKubernetesAssurancePolicyPackagesWhiteList

List of whitelisted images.

PartialResultsImageFail bool
ReadOnly bool
Registries []string

List of registries.

Registry string
RequiredLabels []GetKubernetesAssurancePolicyRequiredLabel
RequiredLabelsEnabled bool
ScanNfsMounts bool
ScanSensitiveData bool

Indicates if scan should include sensitive data in the image.

ScapEnabled bool

Indicates if scanning should include scap.

ScapFiles []string

List of SCAP user scripts for checks.

Scopes []GetKubernetesAssurancePolicyScope
TrustedBaseImages []GetKubernetesAssurancePolicyTrustedBaseImage

List of trusted images.

TrustedBaseImagesEnabled bool

Indicates if list of trusted base images is relevant.

WhitelistedLicenses []string

List of whitelisted licenses.

WhitelistedLicensesEnabled bool

Indicates if license blacklist is relevant.

allowedImages List<String>

List of explicitly allowed images.

applicationScopes List<String>
auditOnFailure Boolean

Indicates if auditing for failures.

author String

Name of user account that created the policy.

autoScanConfigured Boolean
autoScanEnabled Boolean
autoScanTimes List<GetKubernetesAssurancePolicyAutoScanTime>
blacklistPermissions List<String>

List of function's forbidden permissions.

blacklistPermissionsEnabled Boolean

Indicates if blacklist permissions is relevant.

blacklistedLicenses List<String>

List of blacklisted licenses.

blacklistedLicensesEnabled Boolean

Lndicates if license blacklist is relevant.

blockFailed Boolean

Indicates if failed images are blocked.

controlExcludeNoFix Boolean
customChecks List<GetKubernetesAssurancePolicyCustomCheck>

List of Custom user scripts for checks.

customChecksEnabled Boolean

Indicates if scanning should include custom checks.

customSeverityEnabled Boolean
cvesBlackListEnabled Boolean

Indicates if cves blacklist is relevant.

cvesBlackLists List<String>

List of cves blacklisted items.

cvesWhiteListEnabled Boolean

Indicates if cves whitelist is relevant.

cvesWhiteLists List<String>

List of cves whitelisted licenses

cvssSeverity String

Identifier of the cvss severity.

cvssSeverityEnabled Boolean

Indicates if the cvss severity is scanned.

cvssSeverityExcludeNoFix Boolean

Indicates that policy should ignore cvss cases that do not have a known fix.

description String
disallowMalware Boolean

Indicates if malware should block the image.

dockerCisEnabled Boolean
domain String

Name of the container image.

domainName String
dtaEnabled Boolean
dtaSeverity String
enabled Boolean
enforce Boolean
enforceAfterDays Integer
enforceExcessivePermissions Boolean
exceptionalMonitoredMalwarePaths List<String>
failCicd Boolean

Indicates if cicd failures will fail the image.

forbiddenLabels List<GetKubernetesAssurancePolicyForbiddenLabel>
forbiddenLabelsEnabled Boolean
forceMicroenforcer Boolean
functionIntegrityEnabled Boolean
id String

The ID of this resource.

ignoreRecentlyPublishedVln Boolean
ignoreRecentlyPublishedVlnPeriod Integer
ignoreRiskResourcesEnabled Boolean

Indicates if risk resources are ignored.

ignoredRiskResources List<String>

List of ignored risk resources.

images List<String>

List of images.

kubeCisEnabled Boolean
kubernetesControlsNames List<String>

List of kubernetes control names

labels List<String>

List of labels.

malwareAction String
maximumScore Double

Value of allowed maximum score.

maximumScoreEnabled Boolean

Indicates if exceeding the maximum score is scanned.

maximumScoreExcludeNoFix Boolean

Indicates that policy should ignore cases that do not have a known fix.

monitoredMalwarePaths List<String>
name String
onlyNoneRootUsers Boolean

Indicates if raise a warning for images that should only be run as root.

packagesBlackListEnabled Boolean

Indicates if packages blacklist is relevant.

packagesBlackLists List<GetKubernetesAssurancePolicyPackagesBlackList>

List of backlisted images.

packagesWhiteListEnabled Boolean

Indicates if packages whitelist is relevant.

packagesWhiteLists List<GetKubernetesAssurancePolicyPackagesWhiteList>

List of whitelisted images.

partialResultsImageFail Boolean
readOnly Boolean
registries List<String>

List of registries.

registry String
requiredLabels List<GetKubernetesAssurancePolicyRequiredLabel>
requiredLabelsEnabled Boolean
scanNfsMounts Boolean
scanSensitiveData Boolean

Indicates if scan should include sensitive data in the image.

scapEnabled Boolean

Indicates if scanning should include scap.

scapFiles List<String>

List of SCAP user scripts for checks.

scopes List<GetKubernetesAssurancePolicyScope>
trustedBaseImages List<GetKubernetesAssurancePolicyTrustedBaseImage>

List of trusted images.

trustedBaseImagesEnabled Boolean

Indicates if list of trusted base images is relevant.

whitelistedLicenses List<String>

List of whitelisted licenses.

whitelistedLicensesEnabled Boolean

Indicates if license blacklist is relevant.

allowedImages string[]

List of explicitly allowed images.

applicationScopes string[]
auditOnFailure boolean

Indicates if auditing for failures.

author string

Name of user account that created the policy.

autoScanConfigured boolean
autoScanEnabled boolean
autoScanTimes GetKubernetesAssurancePolicyAutoScanTime[]
blacklistPermissions string[]

List of function's forbidden permissions.

blacklistPermissionsEnabled boolean

Indicates if blacklist permissions is relevant.

blacklistedLicenses string[]

List of blacklisted licenses.

blacklistedLicensesEnabled boolean

Lndicates if license blacklist is relevant.

blockFailed boolean

Indicates if failed images are blocked.

controlExcludeNoFix boolean
customChecks GetKubernetesAssurancePolicyCustomCheck[]

List of Custom user scripts for checks.

customChecksEnabled boolean

Indicates if scanning should include custom checks.

customSeverityEnabled boolean
cvesBlackListEnabled boolean

Indicates if cves blacklist is relevant.

cvesBlackLists string[]

List of cves blacklisted items.

cvesWhiteListEnabled boolean

Indicates if cves whitelist is relevant.

cvesWhiteLists string[]

List of cves whitelisted licenses

cvssSeverity string

Identifier of the cvss severity.

cvssSeverityEnabled boolean

Indicates if the cvss severity is scanned.

cvssSeverityExcludeNoFix boolean

Indicates that policy should ignore cvss cases that do not have a known fix.

description string
disallowMalware boolean

Indicates if malware should block the image.

dockerCisEnabled boolean
domain string

Name of the container image.

domainName string
dtaEnabled boolean
dtaSeverity string
enabled boolean
enforce boolean
enforceAfterDays number
enforceExcessivePermissions boolean
exceptionalMonitoredMalwarePaths string[]
failCicd boolean

Indicates if cicd failures will fail the image.

forbiddenLabels GetKubernetesAssurancePolicyForbiddenLabel[]
forbiddenLabelsEnabled boolean
forceMicroenforcer boolean
functionIntegrityEnabled boolean
id string

The ID of this resource.

ignoreRecentlyPublishedVln boolean
ignoreRecentlyPublishedVlnPeriod number
ignoreRiskResourcesEnabled boolean

Indicates if risk resources are ignored.

ignoredRiskResources string[]

List of ignored risk resources.

images string[]

List of images.

kubeCisEnabled boolean
kubernetesControlsNames string[]

List of kubernetes control names

labels string[]

List of labels.

malwareAction string
maximumScore number

Value of allowed maximum score.

maximumScoreEnabled boolean

Indicates if exceeding the maximum score is scanned.

maximumScoreExcludeNoFix boolean

Indicates that policy should ignore cases that do not have a known fix.

monitoredMalwarePaths string[]
name string
onlyNoneRootUsers boolean

Indicates if raise a warning for images that should only be run as root.

packagesBlackListEnabled boolean

Indicates if packages blacklist is relevant.

packagesBlackLists GetKubernetesAssurancePolicyPackagesBlackList[]

List of backlisted images.

packagesWhiteListEnabled boolean

Indicates if packages whitelist is relevant.

packagesWhiteLists GetKubernetesAssurancePolicyPackagesWhiteList[]

List of whitelisted images.

partialResultsImageFail boolean
readOnly boolean
registries string[]

List of registries.

registry string
requiredLabels GetKubernetesAssurancePolicyRequiredLabel[]
requiredLabelsEnabled boolean
scanNfsMounts boolean
scanSensitiveData boolean

Indicates if scan should include sensitive data in the image.

scapEnabled boolean

Indicates if scanning should include scap.

scapFiles string[]

List of SCAP user scripts for checks.

scopes GetKubernetesAssurancePolicyScope[]
trustedBaseImages GetKubernetesAssurancePolicyTrustedBaseImage[]

List of trusted images.

trustedBaseImagesEnabled boolean

Indicates if list of trusted base images is relevant.

whitelistedLicenses string[]

List of whitelisted licenses.

whitelistedLicensesEnabled boolean

Indicates if license blacklist is relevant.

allowed_images Sequence[str]

List of explicitly allowed images.

application_scopes Sequence[str]
audit_on_failure bool

Indicates if auditing for failures.

author str

Name of user account that created the policy.

auto_scan_configured bool
auto_scan_enabled bool
auto_scan_times Sequence[GetKubernetesAssurancePolicyAutoScanTime]
blacklist_permissions Sequence[str]

List of function's forbidden permissions.

blacklist_permissions_enabled bool

Indicates if blacklist permissions is relevant.

blacklisted_licenses Sequence[str]

List of blacklisted licenses.

blacklisted_licenses_enabled bool

Lndicates if license blacklist is relevant.

block_failed bool

Indicates if failed images are blocked.

control_exclude_no_fix bool
custom_checks Sequence[GetKubernetesAssurancePolicyCustomCheck]

List of Custom user scripts for checks.

custom_checks_enabled bool

Indicates if scanning should include custom checks.

custom_severity_enabled bool
cves_black_list_enabled bool

Indicates if cves blacklist is relevant.

cves_black_lists Sequence[str]

List of cves blacklisted items.

cves_white_list_enabled bool

Indicates if cves whitelist is relevant.

cves_white_lists Sequence[str]

List of cves whitelisted licenses

cvss_severity str

Identifier of the cvss severity.

cvss_severity_enabled bool

Indicates if the cvss severity is scanned.

cvss_severity_exclude_no_fix bool

Indicates that policy should ignore cvss cases that do not have a known fix.

description str
disallow_malware bool

Indicates if malware should block the image.

docker_cis_enabled bool
domain str

Name of the container image.

domain_name str
dta_enabled bool
dta_severity str
enabled bool
enforce bool
enforce_after_days int
enforce_excessive_permissions bool
exceptional_monitored_malware_paths Sequence[str]
fail_cicd bool

Indicates if cicd failures will fail the image.

forbidden_labels Sequence[GetKubernetesAssurancePolicyForbiddenLabel]
forbidden_labels_enabled bool
force_microenforcer bool
function_integrity_enabled bool
id str

The ID of this resource.

ignore_recently_published_vln bool
ignore_recently_published_vln_period int
ignore_risk_resources_enabled bool

Indicates if risk resources are ignored.

ignored_risk_resources Sequence[str]

List of ignored risk resources.

images Sequence[str]

List of images.

kube_cis_enabled bool
kubernetes_controls_names Sequence[str]

List of kubernetes control names

labels Sequence[str]

List of labels.

malware_action str
maximum_score float

Value of allowed maximum score.

maximum_score_enabled bool

Indicates if exceeding the maximum score is scanned.

maximum_score_exclude_no_fix bool

Indicates that policy should ignore cases that do not have a known fix.

monitored_malware_paths Sequence[str]
name str
only_none_root_users bool

Indicates if raise a warning for images that should only be run as root.

packages_black_list_enabled bool

Indicates if packages blacklist is relevant.

packages_black_lists Sequence[GetKubernetesAssurancePolicyPackagesBlackList]

List of backlisted images.

packages_white_list_enabled bool

Indicates if packages whitelist is relevant.

packages_white_lists Sequence[GetKubernetesAssurancePolicyPackagesWhiteList]

List of whitelisted images.

partial_results_image_fail bool
read_only bool
registries Sequence[str]

List of registries.

registry str
required_labels Sequence[GetKubernetesAssurancePolicyRequiredLabel]
required_labels_enabled bool
scan_nfs_mounts bool
scan_sensitive_data bool

Indicates if scan should include sensitive data in the image.

scap_enabled bool

Indicates if scanning should include scap.

scap_files Sequence[str]

List of SCAP user scripts for checks.

scopes Sequence[GetKubernetesAssurancePolicyScope]
trusted_base_images Sequence[GetKubernetesAssurancePolicyTrustedBaseImage]

List of trusted images.

trusted_base_images_enabled bool

Indicates if list of trusted base images is relevant.

whitelisted_licenses Sequence[str]

List of whitelisted licenses.

whitelisted_licenses_enabled bool

Indicates if license blacklist is relevant.

allowedImages List<String>

List of explicitly allowed images.

applicationScopes List<String>
auditOnFailure Boolean

Indicates if auditing for failures.

author String

Name of user account that created the policy.

autoScanConfigured Boolean
autoScanEnabled Boolean
autoScanTimes List<Property Map>
blacklistPermissions List<String>

List of function's forbidden permissions.

blacklistPermissionsEnabled Boolean

Indicates if blacklist permissions is relevant.

blacklistedLicenses List<String>

List of blacklisted licenses.

blacklistedLicensesEnabled Boolean

Lndicates if license blacklist is relevant.

blockFailed Boolean

Indicates if failed images are blocked.

controlExcludeNoFix Boolean
customChecks List<Property Map>

List of Custom user scripts for checks.

customChecksEnabled Boolean

Indicates if scanning should include custom checks.

customSeverityEnabled Boolean
cvesBlackListEnabled Boolean

Indicates if cves blacklist is relevant.

cvesBlackLists List<String>

List of cves blacklisted items.

cvesWhiteListEnabled Boolean

Indicates if cves whitelist is relevant.

cvesWhiteLists List<String>

List of cves whitelisted licenses

cvssSeverity String

Identifier of the cvss severity.

cvssSeverityEnabled Boolean

Indicates if the cvss severity is scanned.

cvssSeverityExcludeNoFix Boolean

Indicates that policy should ignore cvss cases that do not have a known fix.

description String
disallowMalware Boolean

Indicates if malware should block the image.

dockerCisEnabled Boolean
domain String

Name of the container image.

domainName String
dtaEnabled Boolean
dtaSeverity String
enabled Boolean
enforce Boolean
enforceAfterDays Number
enforceExcessivePermissions Boolean
exceptionalMonitoredMalwarePaths List<String>
failCicd Boolean

Indicates if cicd failures will fail the image.

forbiddenLabels List<Property Map>
forbiddenLabelsEnabled Boolean
forceMicroenforcer Boolean
functionIntegrityEnabled Boolean
id String

The ID of this resource.

ignoreRecentlyPublishedVln Boolean
ignoreRecentlyPublishedVlnPeriod Number
ignoreRiskResourcesEnabled Boolean

Indicates if risk resources are ignored.

ignoredRiskResources List<String>

List of ignored risk resources.

images List<String>

List of images.

kubeCisEnabled Boolean
kubernetesControlsNames List<String>

List of kubernetes control names

labels List<String>

List of labels.

malwareAction String
maximumScore Number

Value of allowed maximum score.

maximumScoreEnabled Boolean

Indicates if exceeding the maximum score is scanned.

maximumScoreExcludeNoFix Boolean

Indicates that policy should ignore cases that do not have a known fix.

monitoredMalwarePaths List<String>
name String
onlyNoneRootUsers Boolean

Indicates if raise a warning for images that should only be run as root.

packagesBlackListEnabled Boolean

Indicates if packages blacklist is relevant.

packagesBlackLists List<Property Map>

List of backlisted images.

packagesWhiteListEnabled Boolean

Indicates if packages whitelist is relevant.

packagesWhiteLists List<Property Map>

List of whitelisted images.

partialResultsImageFail Boolean
readOnly Boolean
registries List<String>

List of registries.

registry String
requiredLabels List<Property Map>
requiredLabelsEnabled Boolean
scanNfsMounts Boolean
scanSensitiveData Boolean

Indicates if scan should include sensitive data in the image.

scapEnabled Boolean

Indicates if scanning should include scap.

scapFiles List<String>

List of SCAP user scripts for checks.

scopes List<Property Map>
trustedBaseImages List<Property Map>

List of trusted images.

trustedBaseImagesEnabled Boolean

Indicates if list of trusted base images is relevant.

whitelistedLicenses List<String>

List of whitelisted licenses.

whitelistedLicensesEnabled Boolean

Indicates if license blacklist is relevant.

Supporting Types

GetKubernetesAssurancePolicyAutoScanTime

Iteration int
IterationType string
Time string
WeekDays List<string>
Iteration int
IterationType string
Time string
WeekDays []string
iteration Integer
iterationType String
time String
weekDays List<String>
iteration number
iterationType string
time string
weekDays string[]
iteration int
iteration_type str
time str
week_days Sequence[str]
iteration Number
iterationType String
time String
weekDays List<String>

GetKubernetesAssurancePolicyCustomCheck

Author string

Name of user account that created the policy.

Description string
Engine string
LastModified int
Name string
Path string
ReadOnly bool
ScriptId string
Severity string
Snippet string
Author string

Name of user account that created the policy.

Description string
Engine string
LastModified int
Name string
Path string
ReadOnly bool
ScriptId string
Severity string
Snippet string
author String

Name of user account that created the policy.

description String
engine String
lastModified Integer
name String
path String
readOnly Boolean
scriptId String
severity String
snippet String
author string

Name of user account that created the policy.

description string
engine string
lastModified number
name string
path string
readOnly boolean
scriptId string
severity string
snippet string
author str

Name of user account that created the policy.

description str
engine str
last_modified int
name str
path str
read_only bool
script_id str
severity str
snippet str
author String

Name of user account that created the policy.

description String
engine String
lastModified Number
name String
path String
readOnly Boolean
scriptId String
severity String
snippet String

GetKubernetesAssurancePolicyForbiddenLabel

Key string
Value string
Key string
Value string
key String
value String
key string
value string
key str
value str
key String
value String

GetKubernetesAssurancePolicyPackagesBlackList

Arch string
Display string
Epoch string
Format string
License string
Name string
Release string
Version string
VersionRange string
Arch string
Display string
Epoch string
Format string
License string
Name string
Release string
Version string
VersionRange string
arch String
display String
epoch String
format String
license String
name String
release String
version String
versionRange String
arch string
display string
epoch string
format string
license string
name string
release string
version string
versionRange string
arch String
display String
epoch String
format String
license String
name String
release String
version String
versionRange String

GetKubernetesAssurancePolicyPackagesWhiteList

Arch string
Display string
Epoch string
Format string
License string
Name string
Release string
Version string
VersionRange string
Arch string
Display string
Epoch string
Format string
License string
Name string
Release string
Version string
VersionRange string
arch String
display String
epoch String
format String
license String
name String
release String
version String
versionRange String
arch string
display string
epoch string
format string
license string
name string
release string
version string
versionRange string
arch String
display String
epoch String
format String
license String
name String
release String
version String
versionRange String

GetKubernetesAssurancePolicyRequiredLabel

Key string
Value string
Key string
Value string
key String
value String
key string
value string
key str
value str
key String
value String

GetKubernetesAssurancePolicyScope

GetKubernetesAssurancePolicyScopeVariable

Attribute string
Name string
Value string
Attribute string
Name string
Value string
attribute String
name String
value String
attribute string
name string
value string
attribute str
name str
value str
attribute String
name String
value String

GetKubernetesAssurancePolicyTrustedBaseImage

Imagename string
Registry string
Imagename string
Registry string
imagename String
registry String
imagename string
registry string
imagename String
registry String

Package Details

Repository
https://github.com/pulumiverse/pulumi-aquasec
License
Apache-2.0
Notes

This Pulumi package is based on the aquasec Terraform Provider.