1. Packages
  2. Aquasec
  3. API Docs
  4. HostAssurancePolicy
Aquasec v0.8.27 published on Monday, Jan 29, 2024 by Pulumiverse

aquasec.HostAssurancePolicy

Explore with Pulumi AI

aquasec logo
Aquasec v0.8.27 published on Monday, Jan 29, 2024 by Pulumiverse

    Host Assurance is a subsystem of Aqua. It is responsible for: Scans host VMs and Kubernetes nodes’ file system for security issues, vulnerabilities in OS and programming language packages, open-source licenses, and compliance with CIS benchmarks. Evaluates scan findings according to defined Host Assurance Policies. Determines host compliance based on these policies. Generates an audit event for host assurance failure.

    Create HostAssurancePolicy Resource

    new HostAssurancePolicy(name: string, args: HostAssurancePolicyArgs, opts?: CustomResourceOptions);
    @overload
    def HostAssurancePolicy(resource_name: str,
                            opts: Optional[ResourceOptions] = None,
                            aggregated_vulnerability: Optional[Mapping[str, str]] = None,
                            allowed_images: Optional[Sequence[str]] = None,
                            application_scopes: Optional[Sequence[str]] = None,
                            assurance_type: Optional[str] = None,
                            audit_on_failure: Optional[bool] = None,
                            author: Optional[str] = None,
                            auto_scan_configured: Optional[bool] = None,
                            auto_scan_enabled: Optional[bool] = None,
                            auto_scan_times: Optional[Sequence[HostAssurancePolicyAutoScanTimeArgs]] = None,
                            blacklist_permissions: Optional[Sequence[str]] = None,
                            blacklist_permissions_enabled: Optional[bool] = None,
                            blacklisted_licenses: Optional[Sequence[str]] = None,
                            blacklisted_licenses_enabled: Optional[bool] = None,
                            block_failed: Optional[bool] = None,
                            control_exclude_no_fix: Optional[bool] = None,
                            custom_checks: Optional[Sequence[HostAssurancePolicyCustomCheckArgs]] = None,
                            custom_checks_enabled: Optional[bool] = None,
                            custom_severity: Optional[str] = None,
                            custom_severity_enabled: Optional[bool] = None,
                            cves_black_list_enabled: Optional[bool] = None,
                            cves_black_lists: Optional[Sequence[str]] = None,
                            cves_white_list_enabled: Optional[bool] = None,
                            cves_white_lists: Optional[Sequence[str]] = None,
                            cvss_severity: Optional[str] = None,
                            cvss_severity_enabled: Optional[bool] = None,
                            cvss_severity_exclude_no_fix: Optional[bool] = None,
                            description: Optional[str] = None,
                            disallow_exploit_types: Optional[Sequence[str]] = None,
                            disallow_malware: Optional[bool] = None,
                            docker_cis_enabled: Optional[bool] = None,
                            domain: Optional[str] = None,
                            domain_name: Optional[str] = None,
                            dta_enabled: Optional[bool] = None,
                            dta_severity: Optional[str] = None,
                            enabled: Optional[bool] = None,
                            enforce: Optional[bool] = None,
                            enforce_after_days: Optional[int] = None,
                            enforce_excessive_permissions: Optional[bool] = None,
                            exceptional_monitored_malware_paths: Optional[Sequence[str]] = None,
                            exclude_application_scopes: Optional[Sequence[str]] = None,
                            fail_cicd: Optional[bool] = None,
                            forbidden_labels: Optional[Sequence[HostAssurancePolicyForbiddenLabelArgs]] = None,
                            forbidden_labels_enabled: Optional[bool] = None,
                            force_microenforcer: Optional[bool] = None,
                            function_integrity_enabled: Optional[bool] = None,
                            ignore_base_image_vln: Optional[bool] = None,
                            ignore_recently_published_vln: Optional[bool] = None,
                            ignore_recently_published_vln_period: Optional[int] = None,
                            ignore_risk_resources_enabled: Optional[bool] = None,
                            ignored_risk_resources: Optional[Sequence[str]] = None,
                            ignored_sensitive_resources: Optional[Sequence[str]] = None,
                            images: Optional[Sequence[str]] = None,
                            kube_cis_enabled: Optional[bool] = None,
                            kubernetes_controls: Optional[Sequence[str]] = None,
                            kubernetes_controls_avd_ids: Optional[Sequence[str]] = None,
                            kubernetes_controls_names: Optional[Sequence[str]] = None,
                            labels: Optional[Sequence[str]] = None,
                            lastupdate: Optional[str] = None,
                            linux_cis_enabled: Optional[bool] = None,
                            malware_action: Optional[str] = None,
                            maximum_score: Optional[float] = None,
                            maximum_score_enabled: Optional[bool] = None,
                            maximum_score_exclude_no_fix: Optional[bool] = None,
                            monitored_malware_paths: Optional[Sequence[str]] = None,
                            name: Optional[str] = None,
                            only_none_root_users: Optional[bool] = None,
                            openshift_hardening_enabled: Optional[bool] = None,
                            packages_black_list_enabled: Optional[bool] = None,
                            packages_black_lists: Optional[Sequence[HostAssurancePolicyPackagesBlackListArgs]] = None,
                            packages_white_list_enabled: Optional[bool] = None,
                            packages_white_lists: Optional[Sequence[HostAssurancePolicyPackagesWhiteListArgs]] = None,
                            partial_results_image_fail: Optional[bool] = None,
                            permission: Optional[str] = None,
                            policy_settings: Optional[HostAssurancePolicyPolicySettingsArgs] = None,
                            read_only: Optional[bool] = None,
                            registries: Optional[Sequence[str]] = None,
                            registry: Optional[str] = None,
                            required_labels: Optional[Sequence[HostAssurancePolicyRequiredLabelArgs]] = None,
                            required_labels_enabled: Optional[bool] = None,
                            scan_malware_in_archives: Optional[bool] = None,
                            scan_nfs_mounts: Optional[bool] = None,
                            scan_process_memory: Optional[bool] = None,
                            scan_sensitive_data: Optional[bool] = None,
                            scan_windows_registry: Optional[bool] = None,
                            scap_enabled: Optional[bool] = None,
                            scap_files: Optional[Sequence[str]] = None,
                            scopes: Optional[Sequence[HostAssurancePolicyScopeArgs]] = None,
                            trusted_base_images: Optional[Sequence[HostAssurancePolicyTrustedBaseImageArgs]] = None,
                            trusted_base_images_enabled: Optional[bool] = None,
                            vulnerability_exploitability: Optional[bool] = None,
                            vulnerability_score_ranges: Optional[Sequence[int]] = None,
                            whitelisted_licenses: Optional[Sequence[str]] = None,
                            whitelisted_licenses_enabled: Optional[bool] = None,
                            windows_cis_enabled: Optional[bool] = None)
    @overload
    def HostAssurancePolicy(resource_name: str,
                            args: HostAssurancePolicyArgs,
                            opts: Optional[ResourceOptions] = None)
    func NewHostAssurancePolicy(ctx *Context, name string, args HostAssurancePolicyArgs, opts ...ResourceOption) (*HostAssurancePolicy, error)
    public HostAssurancePolicy(string name, HostAssurancePolicyArgs args, CustomResourceOptions? opts = null)
    public HostAssurancePolicy(String name, HostAssurancePolicyArgs args)
    public HostAssurancePolicy(String name, HostAssurancePolicyArgs args, CustomResourceOptions options)
    
    type: aquasec:HostAssurancePolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args HostAssurancePolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args HostAssurancePolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args HostAssurancePolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args HostAssurancePolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args HostAssurancePolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    HostAssurancePolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The HostAssurancePolicy resource accepts the following input properties:

    ApplicationScopes List<string>
    AggregatedVulnerability Dictionary<string, string>
    Aggregated vulnerability information.
    AllowedImages List<string>
    List of explicitly allowed images.
    AssuranceType string
    What type of assurance policy is described.
    AuditOnFailure bool
    Indicates if auditing for failures.
    Author string
    Name of user account that created the policy.
    AutoScanConfigured bool
    AutoScanEnabled bool
    AutoScanTimes List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyAutoScanTime>
    BlacklistPermissions List<string>
    List of function's forbidden permissions.
    BlacklistPermissionsEnabled bool
    Indicates if blacklist permissions is relevant.
    BlacklistedLicenses List<string>
    List of blacklisted licenses.
    BlacklistedLicensesEnabled bool
    Indicates if license blacklist is relevant.
    BlockFailed bool
    Indicates if failed images are blocked.
    ControlExcludeNoFix bool
    CustomChecks List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyCustomCheck>
    List of Custom user scripts for checks.
    CustomChecksEnabled bool
    Indicates if scanning should include custom checks.
    CustomSeverity string
    CustomSeverityEnabled bool
    CvesBlackListEnabled bool
    Indicates if CVEs blacklist is relevant.
    CvesBlackLists List<string>
    List of CVEs blacklisted items.
    CvesWhiteListEnabled bool
    Indicates if CVEs whitelist is relevant.
    CvesWhiteLists List<string>
    List of cves whitelisted licenses
    CvssSeverity string
    Identifier of the cvss severity.
    CvssSeverityEnabled bool
    Indicates if the cvss severity is scanned.
    CvssSeverityExcludeNoFix bool
    Indicates that policy should ignore cvss cases that do not have a known fix.
    Description string
    DisallowExploitTypes List<string>
    DisallowMalware bool
    Indicates if malware should block the image.
    DockerCisEnabled bool
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    Domain string
    Name of the container image.
    DomainName string
    DtaEnabled bool
    DtaSeverity string
    Enabled bool
    Enforce bool
    EnforceAfterDays int
    EnforceExcessivePermissions bool
    ExceptionalMonitoredMalwarePaths List<string>
    ExcludeApplicationScopes List<string>
    FailCicd bool
    Indicates if cicd failures will fail the image.
    ForbiddenLabels List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyForbiddenLabel>
    ForbiddenLabelsEnabled bool
    ForceMicroenforcer bool
    FunctionIntegrityEnabled bool
    IgnoreBaseImageVln bool
    IgnoreRecentlyPublishedVln bool
    IgnoreRecentlyPublishedVlnPeriod int
    IgnoreRiskResourcesEnabled bool
    Indicates if risk resources are ignored.
    IgnoredRiskResources List<string>
    List of ignored risk resources.
    IgnoredSensitiveResources List<string>
    Images List<string>
    List of images.
    KubeCisEnabled bool
    Performs a Kubernetes CIS benchmark check for the host.
    KubernetesControls List<string>
    KubernetesControlsAvdIds List<string>
    KubernetesControlsNames List<string>
    Labels List<string>
    List of labels.
    Lastupdate string
    LinuxCisEnabled bool
    MalwareAction string
    MaximumScore double
    Value of allowed maximum score.
    MaximumScoreEnabled bool
    Indicates if exceeding the maximum score is scanned.
    MaximumScoreExcludeNoFix bool
    Indicates that policy should ignore cases that do not have a known fix.
    MonitoredMalwarePaths List<string>
    Name string
    OnlyNoneRootUsers bool
    Indicates if raise a warning for images that should only be run as root.
    OpenshiftHardeningEnabled bool
    PackagesBlackListEnabled bool
    Indicates if packages blacklist is relevant.
    PackagesBlackLists List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyPackagesBlackList>
    List of blacklisted images.
    PackagesWhiteListEnabled bool
    Indicates if packages whitelist is relevant.
    PackagesWhiteLists List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyPackagesWhiteList>
    List of whitelisted images.
    PartialResultsImageFail bool
    Permission string
    PolicySettings Pulumiverse.Aquasec.Inputs.HostAssurancePolicyPolicySettings
    ReadOnly bool
    Registries List<string>
    List of registries.
    Registry string
    RequiredLabels List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyRequiredLabel>
    RequiredLabelsEnabled bool
    ScanMalwareInArchives bool
    ScanNfsMounts bool
    ScanProcessMemory bool
    ScanSensitiveData bool
    Indicates if scan should include sensitive data in the image.
    ScanWindowsRegistry bool
    ScapEnabled bool
    Indicates if scanning should include scap.
    ScapFiles List<string>
    List of SCAP user scripts for checks.
    Scopes List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyScope>
    TrustedBaseImages List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyTrustedBaseImage>
    List of trusted images.
    TrustedBaseImagesEnabled bool
    Indicates if list of trusted base images is relevant.
    VulnerabilityExploitability bool
    VulnerabilityScoreRanges List<int>
    WhitelistedLicenses List<string>
    List of whitelisted licenses.
    WhitelistedLicensesEnabled bool
    Indicates if license blacklist is relevant.
    WindowsCisEnabled bool
    Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).
    ApplicationScopes []string
    AggregatedVulnerability map[string]string
    Aggregated vulnerability information.
    AllowedImages []string
    List of explicitly allowed images.
    AssuranceType string
    What type of assurance policy is described.
    AuditOnFailure bool
    Indicates if auditing for failures.
    Author string
    Name of user account that created the policy.
    AutoScanConfigured bool
    AutoScanEnabled bool
    AutoScanTimes []HostAssurancePolicyAutoScanTimeArgs
    BlacklistPermissions []string
    List of function's forbidden permissions.
    BlacklistPermissionsEnabled bool
    Indicates if blacklist permissions is relevant.
    BlacklistedLicenses []string
    List of blacklisted licenses.
    BlacklistedLicensesEnabled bool
    Indicates if license blacklist is relevant.
    BlockFailed bool
    Indicates if failed images are blocked.
    ControlExcludeNoFix bool
    CustomChecks []HostAssurancePolicyCustomCheckArgs
    List of Custom user scripts for checks.
    CustomChecksEnabled bool
    Indicates if scanning should include custom checks.
    CustomSeverity string
    CustomSeverityEnabled bool
    CvesBlackListEnabled bool
    Indicates if CVEs blacklist is relevant.
    CvesBlackLists []string
    List of CVEs blacklisted items.
    CvesWhiteListEnabled bool
    Indicates if CVEs whitelist is relevant.
    CvesWhiteLists []string
    List of cves whitelisted licenses
    CvssSeverity string
    Identifier of the cvss severity.
    CvssSeverityEnabled bool
    Indicates if the cvss severity is scanned.
    CvssSeverityExcludeNoFix bool
    Indicates that policy should ignore cvss cases that do not have a known fix.
    Description string
    DisallowExploitTypes []string
    DisallowMalware bool
    Indicates if malware should block the image.
    DockerCisEnabled bool
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    Domain string
    Name of the container image.
    DomainName string
    DtaEnabled bool
    DtaSeverity string
    Enabled bool
    Enforce bool
    EnforceAfterDays int
    EnforceExcessivePermissions bool
    ExceptionalMonitoredMalwarePaths []string
    ExcludeApplicationScopes []string
    FailCicd bool
    Indicates if cicd failures will fail the image.
    ForbiddenLabels []HostAssurancePolicyForbiddenLabelArgs
    ForbiddenLabelsEnabled bool
    ForceMicroenforcer bool
    FunctionIntegrityEnabled bool
    IgnoreBaseImageVln bool
    IgnoreRecentlyPublishedVln bool
    IgnoreRecentlyPublishedVlnPeriod int
    IgnoreRiskResourcesEnabled bool
    Indicates if risk resources are ignored.
    IgnoredRiskResources []string
    List of ignored risk resources.
    IgnoredSensitiveResources []string
    Images []string
    List of images.
    KubeCisEnabled bool
    Performs a Kubernetes CIS benchmark check for the host.
    KubernetesControls []string
    KubernetesControlsAvdIds []string
    KubernetesControlsNames []string
    Labels []string
    List of labels.
    Lastupdate string
    LinuxCisEnabled bool
    MalwareAction string
    MaximumScore float64
    Value of allowed maximum score.
    MaximumScoreEnabled bool
    Indicates if exceeding the maximum score is scanned.
    MaximumScoreExcludeNoFix bool
    Indicates that policy should ignore cases that do not have a known fix.
    MonitoredMalwarePaths []string
    Name string
    OnlyNoneRootUsers bool
    Indicates if raise a warning for images that should only be run as root.
    OpenshiftHardeningEnabled bool
    PackagesBlackListEnabled bool
    Indicates if packages blacklist is relevant.
    PackagesBlackLists []HostAssurancePolicyPackagesBlackListArgs
    List of blacklisted images.
    PackagesWhiteListEnabled bool
    Indicates if packages whitelist is relevant.
    PackagesWhiteLists []HostAssurancePolicyPackagesWhiteListArgs
    List of whitelisted images.
    PartialResultsImageFail bool
    Permission string
    PolicySettings HostAssurancePolicyPolicySettingsArgs
    ReadOnly bool
    Registries []string
    List of registries.
    Registry string
    RequiredLabels []HostAssurancePolicyRequiredLabelArgs
    RequiredLabelsEnabled bool
    ScanMalwareInArchives bool
    ScanNfsMounts bool
    ScanProcessMemory bool
    ScanSensitiveData bool
    Indicates if scan should include sensitive data in the image.
    ScanWindowsRegistry bool
    ScapEnabled bool
    Indicates if scanning should include scap.
    ScapFiles []string
    List of SCAP user scripts for checks.
    Scopes []HostAssurancePolicyScopeArgs
    TrustedBaseImages []HostAssurancePolicyTrustedBaseImageArgs
    List of trusted images.
    TrustedBaseImagesEnabled bool
    Indicates if list of trusted base images is relevant.
    VulnerabilityExploitability bool
    VulnerabilityScoreRanges []int
    WhitelistedLicenses []string
    List of whitelisted licenses.
    WhitelistedLicensesEnabled bool
    Indicates if license blacklist is relevant.
    WindowsCisEnabled bool
    Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).
    applicationScopes List<String>
    aggregatedVulnerability Map<String,String>
    Aggregated vulnerability information.
    allowedImages List<String>
    List of explicitly allowed images.
    assuranceType String
    What type of assurance policy is described.
    auditOnFailure Boolean
    Indicates if auditing for failures.
    author String
    Name of user account that created the policy.
    autoScanConfigured Boolean
    autoScanEnabled Boolean
    autoScanTimes List<HostAssurancePolicyAutoScanTime>
    blacklistPermissions List<String>
    List of function's forbidden permissions.
    blacklistPermissionsEnabled Boolean
    Indicates if blacklist permissions is relevant.
    blacklistedLicenses List<String>
    List of blacklisted licenses.
    blacklistedLicensesEnabled Boolean
    Indicates if license blacklist is relevant.
    blockFailed Boolean
    Indicates if failed images are blocked.
    controlExcludeNoFix Boolean
    customChecks List<HostAssurancePolicyCustomCheck>
    List of Custom user scripts for checks.
    customChecksEnabled Boolean
    Indicates if scanning should include custom checks.
    customSeverity String
    customSeverityEnabled Boolean
    cvesBlackListEnabled Boolean
    Indicates if CVEs blacklist is relevant.
    cvesBlackLists List<String>
    List of CVEs blacklisted items.
    cvesWhiteListEnabled Boolean
    Indicates if CVEs whitelist is relevant.
    cvesWhiteLists List<String>
    List of cves whitelisted licenses
    cvssSeverity String
    Identifier of the cvss severity.
    cvssSeverityEnabled Boolean
    Indicates if the cvss severity is scanned.
    cvssSeverityExcludeNoFix Boolean
    Indicates that policy should ignore cvss cases that do not have a known fix.
    description String
    disallowExploitTypes List<String>
    disallowMalware Boolean
    Indicates if malware should block the image.
    dockerCisEnabled Boolean
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    domain String
    Name of the container image.
    domainName String
    dtaEnabled Boolean
    dtaSeverity String
    enabled Boolean
    enforce Boolean
    enforceAfterDays Integer
    enforceExcessivePermissions Boolean
    exceptionalMonitoredMalwarePaths List<String>
    excludeApplicationScopes List<String>
    failCicd Boolean
    Indicates if cicd failures will fail the image.
    forbiddenLabels List<HostAssurancePolicyForbiddenLabel>
    forbiddenLabelsEnabled Boolean
    forceMicroenforcer Boolean
    functionIntegrityEnabled Boolean
    ignoreBaseImageVln Boolean
    ignoreRecentlyPublishedVln Boolean
    ignoreRecentlyPublishedVlnPeriod Integer
    ignoreRiskResourcesEnabled Boolean
    Indicates if risk resources are ignored.
    ignoredRiskResources List<String>
    List of ignored risk resources.
    ignoredSensitiveResources List<String>
    images List<String>
    List of images.
    kubeCisEnabled Boolean
    Performs a Kubernetes CIS benchmark check for the host.
    kubernetesControls List<String>
    kubernetesControlsAvdIds List<String>
    kubernetesControlsNames List<String>
    labels List<String>
    List of labels.
    lastupdate String
    linuxCisEnabled Boolean
    malwareAction String
    maximumScore Double
    Value of allowed maximum score.
    maximumScoreEnabled Boolean
    Indicates if exceeding the maximum score is scanned.
    maximumScoreExcludeNoFix Boolean
    Indicates that policy should ignore cases that do not have a known fix.
    monitoredMalwarePaths List<String>
    name String
    onlyNoneRootUsers Boolean
    Indicates if raise a warning for images that should only be run as root.
    openshiftHardeningEnabled Boolean
    packagesBlackListEnabled Boolean
    Indicates if packages blacklist is relevant.
    packagesBlackLists List<HostAssurancePolicyPackagesBlackList>
    List of blacklisted images.
    packagesWhiteListEnabled Boolean
    Indicates if packages whitelist is relevant.
    packagesWhiteLists List<HostAssurancePolicyPackagesWhiteList>
    List of whitelisted images.
    partialResultsImageFail Boolean
    permission String
    policySettings HostAssurancePolicyPolicySettings
    readOnly Boolean
    registries List<String>
    List of registries.
    registry String
    requiredLabels List<HostAssurancePolicyRequiredLabel>
    requiredLabelsEnabled Boolean
    scanMalwareInArchives Boolean
    scanNfsMounts Boolean
    scanProcessMemory Boolean
    scanSensitiveData Boolean
    Indicates if scan should include sensitive data in the image.
    scanWindowsRegistry Boolean
    scapEnabled Boolean
    Indicates if scanning should include scap.
    scapFiles List<String>
    List of SCAP user scripts for checks.
    scopes List<HostAssurancePolicyScope>
    trustedBaseImages List<HostAssurancePolicyTrustedBaseImage>
    List of trusted images.
    trustedBaseImagesEnabled Boolean
    Indicates if list of trusted base images is relevant.
    vulnerabilityExploitability Boolean
    vulnerabilityScoreRanges List<Integer>
    whitelistedLicenses List<String>
    List of whitelisted licenses.
    whitelistedLicensesEnabled Boolean
    Indicates if license blacklist is relevant.
    windowsCisEnabled Boolean
    Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).
    applicationScopes string[]
    aggregatedVulnerability {[key: string]: string}
    Aggregated vulnerability information.
    allowedImages string[]
    List of explicitly allowed images.
    assuranceType string
    What type of assurance policy is described.
    auditOnFailure boolean
    Indicates if auditing for failures.
    author string
    Name of user account that created the policy.
    autoScanConfigured boolean
    autoScanEnabled boolean
    autoScanTimes HostAssurancePolicyAutoScanTime[]
    blacklistPermissions string[]
    List of function's forbidden permissions.
    blacklistPermissionsEnabled boolean
    Indicates if blacklist permissions is relevant.
    blacklistedLicenses string[]
    List of blacklisted licenses.
    blacklistedLicensesEnabled boolean
    Indicates if license blacklist is relevant.
    blockFailed boolean
    Indicates if failed images are blocked.
    controlExcludeNoFix boolean
    customChecks HostAssurancePolicyCustomCheck[]
    List of Custom user scripts for checks.
    customChecksEnabled boolean
    Indicates if scanning should include custom checks.
    customSeverity string
    customSeverityEnabled boolean
    cvesBlackListEnabled boolean
    Indicates if CVEs blacklist is relevant.
    cvesBlackLists string[]
    List of CVEs blacklisted items.
    cvesWhiteListEnabled boolean
    Indicates if CVEs whitelist is relevant.
    cvesWhiteLists string[]
    List of cves whitelisted licenses
    cvssSeverity string
    Identifier of the cvss severity.
    cvssSeverityEnabled boolean
    Indicates if the cvss severity is scanned.
    cvssSeverityExcludeNoFix boolean
    Indicates that policy should ignore cvss cases that do not have a known fix.
    description string
    disallowExploitTypes string[]
    disallowMalware boolean
    Indicates if malware should block the image.
    dockerCisEnabled boolean
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    domain string
    Name of the container image.
    domainName string
    dtaEnabled boolean
    dtaSeverity string
    enabled boolean
    enforce boolean
    enforceAfterDays number
    enforceExcessivePermissions boolean
    exceptionalMonitoredMalwarePaths string[]
    excludeApplicationScopes string[]
    failCicd boolean
    Indicates if cicd failures will fail the image.
    forbiddenLabels HostAssurancePolicyForbiddenLabel[]
    forbiddenLabelsEnabled boolean
    forceMicroenforcer boolean
    functionIntegrityEnabled boolean
    ignoreBaseImageVln boolean
    ignoreRecentlyPublishedVln boolean
    ignoreRecentlyPublishedVlnPeriod number
    ignoreRiskResourcesEnabled boolean
    Indicates if risk resources are ignored.
    ignoredRiskResources string[]
    List of ignored risk resources.
    ignoredSensitiveResources string[]
    images string[]
    List of images.
    kubeCisEnabled boolean
    Performs a Kubernetes CIS benchmark check for the host.
    kubernetesControls string[]
    kubernetesControlsAvdIds string[]
    kubernetesControlsNames string[]
    labels string[]
    List of labels.
    lastupdate string
    linuxCisEnabled boolean
    malwareAction string
    maximumScore number
    Value of allowed maximum score.
    maximumScoreEnabled boolean
    Indicates if exceeding the maximum score is scanned.
    maximumScoreExcludeNoFix boolean
    Indicates that policy should ignore cases that do not have a known fix.
    monitoredMalwarePaths string[]
    name string
    onlyNoneRootUsers boolean
    Indicates if raise a warning for images that should only be run as root.
    openshiftHardeningEnabled boolean
    packagesBlackListEnabled boolean
    Indicates if packages blacklist is relevant.
    packagesBlackLists HostAssurancePolicyPackagesBlackList[]
    List of blacklisted images.
    packagesWhiteListEnabled boolean
    Indicates if packages whitelist is relevant.
    packagesWhiteLists HostAssurancePolicyPackagesWhiteList[]
    List of whitelisted images.
    partialResultsImageFail boolean
    permission string
    policySettings HostAssurancePolicyPolicySettings
    readOnly boolean
    registries string[]
    List of registries.
    registry string
    requiredLabels HostAssurancePolicyRequiredLabel[]
    requiredLabelsEnabled boolean
    scanMalwareInArchives boolean
    scanNfsMounts boolean
    scanProcessMemory boolean
    scanSensitiveData boolean
    Indicates if scan should include sensitive data in the image.
    scanWindowsRegistry boolean
    scapEnabled boolean
    Indicates if scanning should include scap.
    scapFiles string[]
    List of SCAP user scripts for checks.
    scopes HostAssurancePolicyScope[]
    trustedBaseImages HostAssurancePolicyTrustedBaseImage[]
    List of trusted images.
    trustedBaseImagesEnabled boolean
    Indicates if list of trusted base images is relevant.
    vulnerabilityExploitability boolean
    vulnerabilityScoreRanges number[]
    whitelistedLicenses string[]
    List of whitelisted licenses.
    whitelistedLicensesEnabled boolean
    Indicates if license blacklist is relevant.
    windowsCisEnabled boolean
    Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).
    application_scopes Sequence[str]
    aggregated_vulnerability Mapping[str, str]
    Aggregated vulnerability information.
    allowed_images Sequence[str]
    List of explicitly allowed images.
    assurance_type str
    What type of assurance policy is described.
    audit_on_failure bool
    Indicates if auditing for failures.
    author str
    Name of user account that created the policy.
    auto_scan_configured bool
    auto_scan_enabled bool
    auto_scan_times Sequence[HostAssurancePolicyAutoScanTimeArgs]
    blacklist_permissions Sequence[str]
    List of function's forbidden permissions.
    blacklist_permissions_enabled bool
    Indicates if blacklist permissions is relevant.
    blacklisted_licenses Sequence[str]
    List of blacklisted licenses.
    blacklisted_licenses_enabled bool
    Indicates if license blacklist is relevant.
    block_failed bool
    Indicates if failed images are blocked.
    control_exclude_no_fix bool
    custom_checks Sequence[HostAssurancePolicyCustomCheckArgs]
    List of Custom user scripts for checks.
    custom_checks_enabled bool
    Indicates if scanning should include custom checks.
    custom_severity str
    custom_severity_enabled bool
    cves_black_list_enabled bool
    Indicates if CVEs blacklist is relevant.
    cves_black_lists Sequence[str]
    List of CVEs blacklisted items.
    cves_white_list_enabled bool
    Indicates if CVEs whitelist is relevant.
    cves_white_lists Sequence[str]
    List of cves whitelisted licenses
    cvss_severity str
    Identifier of the cvss severity.
    cvss_severity_enabled bool
    Indicates if the cvss severity is scanned.
    cvss_severity_exclude_no_fix bool
    Indicates that policy should ignore cvss cases that do not have a known fix.
    description str
    disallow_exploit_types Sequence[str]
    disallow_malware bool
    Indicates if malware should block the image.
    docker_cis_enabled bool
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    domain str
    Name of the container image.
    domain_name str
    dta_enabled bool
    dta_severity str
    enabled bool
    enforce bool
    enforce_after_days int
    enforce_excessive_permissions bool
    exceptional_monitored_malware_paths Sequence[str]
    exclude_application_scopes Sequence[str]
    fail_cicd bool
    Indicates if cicd failures will fail the image.
    forbidden_labels Sequence[HostAssurancePolicyForbiddenLabelArgs]
    forbidden_labels_enabled bool
    force_microenforcer bool
    function_integrity_enabled bool
    ignore_base_image_vln bool
    ignore_recently_published_vln bool
    ignore_recently_published_vln_period int
    ignore_risk_resources_enabled bool
    Indicates if risk resources are ignored.
    ignored_risk_resources Sequence[str]
    List of ignored risk resources.
    ignored_sensitive_resources Sequence[str]
    images Sequence[str]
    List of images.
    kube_cis_enabled bool
    Performs a Kubernetes CIS benchmark check for the host.
    kubernetes_controls Sequence[str]
    kubernetes_controls_avd_ids Sequence[str]
    kubernetes_controls_names Sequence[str]
    labels Sequence[str]
    List of labels.
    lastupdate str
    linux_cis_enabled bool
    malware_action str
    maximum_score float
    Value of allowed maximum score.
    maximum_score_enabled bool
    Indicates if exceeding the maximum score is scanned.
    maximum_score_exclude_no_fix bool
    Indicates that policy should ignore cases that do not have a known fix.
    monitored_malware_paths Sequence[str]
    name str
    only_none_root_users bool
    Indicates if raise a warning for images that should only be run as root.
    openshift_hardening_enabled bool
    packages_black_list_enabled bool
    Indicates if packages blacklist is relevant.
    packages_black_lists Sequence[HostAssurancePolicyPackagesBlackListArgs]
    List of blacklisted images.
    packages_white_list_enabled bool
    Indicates if packages whitelist is relevant.
    packages_white_lists Sequence[HostAssurancePolicyPackagesWhiteListArgs]
    List of whitelisted images.
    partial_results_image_fail bool
    permission str
    policy_settings HostAssurancePolicyPolicySettingsArgs
    read_only bool
    registries Sequence[str]
    List of registries.
    registry str
    required_labels Sequence[HostAssurancePolicyRequiredLabelArgs]
    required_labels_enabled bool
    scan_malware_in_archives bool
    scan_nfs_mounts bool
    scan_process_memory bool
    scan_sensitive_data bool
    Indicates if scan should include sensitive data in the image.
    scan_windows_registry bool
    scap_enabled bool
    Indicates if scanning should include scap.
    scap_files Sequence[str]
    List of SCAP user scripts for checks.
    scopes Sequence[HostAssurancePolicyScopeArgs]
    trusted_base_images Sequence[HostAssurancePolicyTrustedBaseImageArgs]
    List of trusted images.
    trusted_base_images_enabled bool
    Indicates if list of trusted base images is relevant.
    vulnerability_exploitability bool
    vulnerability_score_ranges Sequence[int]
    whitelisted_licenses Sequence[str]
    List of whitelisted licenses.
    whitelisted_licenses_enabled bool
    Indicates if license blacklist is relevant.
    windows_cis_enabled bool
    Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).
    applicationScopes List<String>
    aggregatedVulnerability Map<String>
    Aggregated vulnerability information.
    allowedImages List<String>
    List of explicitly allowed images.
    assuranceType String
    What type of assurance policy is described.
    auditOnFailure Boolean
    Indicates if auditing for failures.
    author String
    Name of user account that created the policy.
    autoScanConfigured Boolean
    autoScanEnabled Boolean
    autoScanTimes List<Property Map>
    blacklistPermissions List<String>
    List of function's forbidden permissions.
    blacklistPermissionsEnabled Boolean
    Indicates if blacklist permissions is relevant.
    blacklistedLicenses List<String>
    List of blacklisted licenses.
    blacklistedLicensesEnabled Boolean
    Indicates if license blacklist is relevant.
    blockFailed Boolean
    Indicates if failed images are blocked.
    controlExcludeNoFix Boolean
    customChecks List<Property Map>
    List of Custom user scripts for checks.
    customChecksEnabled Boolean
    Indicates if scanning should include custom checks.
    customSeverity String
    customSeverityEnabled Boolean
    cvesBlackListEnabled Boolean
    Indicates if CVEs blacklist is relevant.
    cvesBlackLists List<String>
    List of CVEs blacklisted items.
    cvesWhiteListEnabled Boolean
    Indicates if CVEs whitelist is relevant.
    cvesWhiteLists List<String>
    List of cves whitelisted licenses
    cvssSeverity String
    Identifier of the cvss severity.
    cvssSeverityEnabled Boolean
    Indicates if the cvss severity is scanned.
    cvssSeverityExcludeNoFix Boolean
    Indicates that policy should ignore cvss cases that do not have a known fix.
    description String
    disallowExploitTypes List<String>
    disallowMalware Boolean
    Indicates if malware should block the image.
    dockerCisEnabled Boolean
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    domain String
    Name of the container image.
    domainName String
    dtaEnabled Boolean
    dtaSeverity String
    enabled Boolean
    enforce Boolean
    enforceAfterDays Number
    enforceExcessivePermissions Boolean
    exceptionalMonitoredMalwarePaths List<String>
    excludeApplicationScopes List<String>
    failCicd Boolean
    Indicates if cicd failures will fail the image.
    forbiddenLabels List<Property Map>
    forbiddenLabelsEnabled Boolean
    forceMicroenforcer Boolean
    functionIntegrityEnabled Boolean
    ignoreBaseImageVln Boolean
    ignoreRecentlyPublishedVln Boolean
    ignoreRecentlyPublishedVlnPeriod Number
    ignoreRiskResourcesEnabled Boolean
    Indicates if risk resources are ignored.
    ignoredRiskResources List<String>
    List of ignored risk resources.
    ignoredSensitiveResources List<String>
    images List<String>
    List of images.
    kubeCisEnabled Boolean
    Performs a Kubernetes CIS benchmark check for the host.
    kubernetesControls List<String>
    kubernetesControlsAvdIds List<String>
    kubernetesControlsNames List<String>
    labels List<String>
    List of labels.
    lastupdate String
    linuxCisEnabled Boolean
    malwareAction String
    maximumScore Number
    Value of allowed maximum score.
    maximumScoreEnabled Boolean
    Indicates if exceeding the maximum score is scanned.
    maximumScoreExcludeNoFix Boolean
    Indicates that policy should ignore cases that do not have a known fix.
    monitoredMalwarePaths List<String>
    name String
    onlyNoneRootUsers Boolean
    Indicates if raise a warning for images that should only be run as root.
    openshiftHardeningEnabled Boolean
    packagesBlackListEnabled Boolean
    Indicates if packages blacklist is relevant.
    packagesBlackLists List<Property Map>
    List of blacklisted images.
    packagesWhiteListEnabled Boolean
    Indicates if packages whitelist is relevant.
    packagesWhiteLists List<Property Map>
    List of whitelisted images.
    partialResultsImageFail Boolean
    permission String
    policySettings Property Map
    readOnly Boolean
    registries List<String>
    List of registries.
    registry String
    requiredLabels List<Property Map>
    requiredLabelsEnabled Boolean
    scanMalwareInArchives Boolean
    scanNfsMounts Boolean
    scanProcessMemory Boolean
    scanSensitiveData Boolean
    Indicates if scan should include sensitive data in the image.
    scanWindowsRegistry Boolean
    scapEnabled Boolean
    Indicates if scanning should include scap.
    scapFiles List<String>
    List of SCAP user scripts for checks.
    scopes List<Property Map>
    trustedBaseImages List<Property Map>
    List of trusted images.
    trustedBaseImagesEnabled Boolean
    Indicates if list of trusted base images is relevant.
    vulnerabilityExploitability Boolean
    vulnerabilityScoreRanges List<Number>
    whitelistedLicenses List<String>
    List of whitelisted licenses.
    whitelistedLicensesEnabled Boolean
    Indicates if license blacklist is relevant.
    windowsCisEnabled Boolean
    Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).

    Outputs

    All input properties are implicitly available as output properties. Additionally, the HostAssurancePolicy resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing HostAssurancePolicy Resource

    Get an existing HostAssurancePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: HostAssurancePolicyState, opts?: CustomResourceOptions): HostAssurancePolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            aggregated_vulnerability: Optional[Mapping[str, str]] = None,
            allowed_images: Optional[Sequence[str]] = None,
            application_scopes: Optional[Sequence[str]] = None,
            assurance_type: Optional[str] = None,
            audit_on_failure: Optional[bool] = None,
            author: Optional[str] = None,
            auto_scan_configured: Optional[bool] = None,
            auto_scan_enabled: Optional[bool] = None,
            auto_scan_times: Optional[Sequence[HostAssurancePolicyAutoScanTimeArgs]] = None,
            blacklist_permissions: Optional[Sequence[str]] = None,
            blacklist_permissions_enabled: Optional[bool] = None,
            blacklisted_licenses: Optional[Sequence[str]] = None,
            blacklisted_licenses_enabled: Optional[bool] = None,
            block_failed: Optional[bool] = None,
            control_exclude_no_fix: Optional[bool] = None,
            custom_checks: Optional[Sequence[HostAssurancePolicyCustomCheckArgs]] = None,
            custom_checks_enabled: Optional[bool] = None,
            custom_severity: Optional[str] = None,
            custom_severity_enabled: Optional[bool] = None,
            cves_black_list_enabled: Optional[bool] = None,
            cves_black_lists: Optional[Sequence[str]] = None,
            cves_white_list_enabled: Optional[bool] = None,
            cves_white_lists: Optional[Sequence[str]] = None,
            cvss_severity: Optional[str] = None,
            cvss_severity_enabled: Optional[bool] = None,
            cvss_severity_exclude_no_fix: Optional[bool] = None,
            description: Optional[str] = None,
            disallow_exploit_types: Optional[Sequence[str]] = None,
            disallow_malware: Optional[bool] = None,
            docker_cis_enabled: Optional[bool] = None,
            domain: Optional[str] = None,
            domain_name: Optional[str] = None,
            dta_enabled: Optional[bool] = None,
            dta_severity: Optional[str] = None,
            enabled: Optional[bool] = None,
            enforce: Optional[bool] = None,
            enforce_after_days: Optional[int] = None,
            enforce_excessive_permissions: Optional[bool] = None,
            exceptional_monitored_malware_paths: Optional[Sequence[str]] = None,
            exclude_application_scopes: Optional[Sequence[str]] = None,
            fail_cicd: Optional[bool] = None,
            forbidden_labels: Optional[Sequence[HostAssurancePolicyForbiddenLabelArgs]] = None,
            forbidden_labels_enabled: Optional[bool] = None,
            force_microenforcer: Optional[bool] = None,
            function_integrity_enabled: Optional[bool] = None,
            ignore_base_image_vln: Optional[bool] = None,
            ignore_recently_published_vln: Optional[bool] = None,
            ignore_recently_published_vln_period: Optional[int] = None,
            ignore_risk_resources_enabled: Optional[bool] = None,
            ignored_risk_resources: Optional[Sequence[str]] = None,
            ignored_sensitive_resources: Optional[Sequence[str]] = None,
            images: Optional[Sequence[str]] = None,
            kube_cis_enabled: Optional[bool] = None,
            kubernetes_controls: Optional[Sequence[str]] = None,
            kubernetes_controls_avd_ids: Optional[Sequence[str]] = None,
            kubernetes_controls_names: Optional[Sequence[str]] = None,
            labels: Optional[Sequence[str]] = None,
            lastupdate: Optional[str] = None,
            linux_cis_enabled: Optional[bool] = None,
            malware_action: Optional[str] = None,
            maximum_score: Optional[float] = None,
            maximum_score_enabled: Optional[bool] = None,
            maximum_score_exclude_no_fix: Optional[bool] = None,
            monitored_malware_paths: Optional[Sequence[str]] = None,
            name: Optional[str] = None,
            only_none_root_users: Optional[bool] = None,
            openshift_hardening_enabled: Optional[bool] = None,
            packages_black_list_enabled: Optional[bool] = None,
            packages_black_lists: Optional[Sequence[HostAssurancePolicyPackagesBlackListArgs]] = None,
            packages_white_list_enabled: Optional[bool] = None,
            packages_white_lists: Optional[Sequence[HostAssurancePolicyPackagesWhiteListArgs]] = None,
            partial_results_image_fail: Optional[bool] = None,
            permission: Optional[str] = None,
            policy_settings: Optional[HostAssurancePolicyPolicySettingsArgs] = None,
            read_only: Optional[bool] = None,
            registries: Optional[Sequence[str]] = None,
            registry: Optional[str] = None,
            required_labels: Optional[Sequence[HostAssurancePolicyRequiredLabelArgs]] = None,
            required_labels_enabled: Optional[bool] = None,
            scan_malware_in_archives: Optional[bool] = None,
            scan_nfs_mounts: Optional[bool] = None,
            scan_process_memory: Optional[bool] = None,
            scan_sensitive_data: Optional[bool] = None,
            scan_windows_registry: Optional[bool] = None,
            scap_enabled: Optional[bool] = None,
            scap_files: Optional[Sequence[str]] = None,
            scopes: Optional[Sequence[HostAssurancePolicyScopeArgs]] = None,
            trusted_base_images: Optional[Sequence[HostAssurancePolicyTrustedBaseImageArgs]] = None,
            trusted_base_images_enabled: Optional[bool] = None,
            vulnerability_exploitability: Optional[bool] = None,
            vulnerability_score_ranges: Optional[Sequence[int]] = None,
            whitelisted_licenses: Optional[Sequence[str]] = None,
            whitelisted_licenses_enabled: Optional[bool] = None,
            windows_cis_enabled: Optional[bool] = None) -> HostAssurancePolicy
    func GetHostAssurancePolicy(ctx *Context, name string, id IDInput, state *HostAssurancePolicyState, opts ...ResourceOption) (*HostAssurancePolicy, error)
    public static HostAssurancePolicy Get(string name, Input<string> id, HostAssurancePolicyState? state, CustomResourceOptions? opts = null)
    public static HostAssurancePolicy get(String name, Output<String> id, HostAssurancePolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AggregatedVulnerability Dictionary<string, string>
    Aggregated vulnerability information.
    AllowedImages List<string>
    List of explicitly allowed images.
    ApplicationScopes List<string>
    AssuranceType string
    What type of assurance policy is described.
    AuditOnFailure bool
    Indicates if auditing for failures.
    Author string
    Name of user account that created the policy.
    AutoScanConfigured bool
    AutoScanEnabled bool
    AutoScanTimes List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyAutoScanTime>
    BlacklistPermissions List<string>
    List of function's forbidden permissions.
    BlacklistPermissionsEnabled bool
    Indicates if blacklist permissions is relevant.
    BlacklistedLicenses List<string>
    List of blacklisted licenses.
    BlacklistedLicensesEnabled bool
    Indicates if license blacklist is relevant.
    BlockFailed bool
    Indicates if failed images are blocked.
    ControlExcludeNoFix bool
    CustomChecks List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyCustomCheck>
    List of Custom user scripts for checks.
    CustomChecksEnabled bool
    Indicates if scanning should include custom checks.
    CustomSeverity string
    CustomSeverityEnabled bool
    CvesBlackListEnabled bool
    Indicates if CVEs blacklist is relevant.
    CvesBlackLists List<string>
    List of CVEs blacklisted items.
    CvesWhiteListEnabled bool
    Indicates if CVEs whitelist is relevant.
    CvesWhiteLists List<string>
    List of cves whitelisted licenses
    CvssSeverity string
    Identifier of the cvss severity.
    CvssSeverityEnabled bool
    Indicates if the cvss severity is scanned.
    CvssSeverityExcludeNoFix bool
    Indicates that policy should ignore cvss cases that do not have a known fix.
    Description string
    DisallowExploitTypes List<string>
    DisallowMalware bool
    Indicates if malware should block the image.
    DockerCisEnabled bool
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    Domain string
    Name of the container image.
    DomainName string
    DtaEnabled bool
    DtaSeverity string
    Enabled bool
    Enforce bool
    EnforceAfterDays int
    EnforceExcessivePermissions bool
    ExceptionalMonitoredMalwarePaths List<string>
    ExcludeApplicationScopes List<string>
    FailCicd bool
    Indicates if cicd failures will fail the image.
    ForbiddenLabels List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyForbiddenLabel>
    ForbiddenLabelsEnabled bool
    ForceMicroenforcer bool
    FunctionIntegrityEnabled bool
    IgnoreBaseImageVln bool
    IgnoreRecentlyPublishedVln bool
    IgnoreRecentlyPublishedVlnPeriod int
    IgnoreRiskResourcesEnabled bool
    Indicates if risk resources are ignored.
    IgnoredRiskResources List<string>
    List of ignored risk resources.
    IgnoredSensitiveResources List<string>
    Images List<string>
    List of images.
    KubeCisEnabled bool
    Performs a Kubernetes CIS benchmark check for the host.
    KubernetesControls List<string>
    KubernetesControlsAvdIds List<string>
    KubernetesControlsNames List<string>
    Labels List<string>
    List of labels.
    Lastupdate string
    LinuxCisEnabled bool
    MalwareAction string
    MaximumScore double
    Value of allowed maximum score.
    MaximumScoreEnabled bool
    Indicates if exceeding the maximum score is scanned.
    MaximumScoreExcludeNoFix bool
    Indicates that policy should ignore cases that do not have a known fix.
    MonitoredMalwarePaths List<string>
    Name string
    OnlyNoneRootUsers bool
    Indicates if raise a warning for images that should only be run as root.
    OpenshiftHardeningEnabled bool
    PackagesBlackListEnabled bool
    Indicates if packages blacklist is relevant.
    PackagesBlackLists List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyPackagesBlackList>
    List of blacklisted images.
    PackagesWhiteListEnabled bool
    Indicates if packages whitelist is relevant.
    PackagesWhiteLists List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyPackagesWhiteList>
    List of whitelisted images.
    PartialResultsImageFail bool
    Permission string
    PolicySettings Pulumiverse.Aquasec.Inputs.HostAssurancePolicyPolicySettings
    ReadOnly bool
    Registries List<string>
    List of registries.
    Registry string
    RequiredLabels List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyRequiredLabel>
    RequiredLabelsEnabled bool
    ScanMalwareInArchives bool
    ScanNfsMounts bool
    ScanProcessMemory bool
    ScanSensitiveData bool
    Indicates if scan should include sensitive data in the image.
    ScanWindowsRegistry bool
    ScapEnabled bool
    Indicates if scanning should include scap.
    ScapFiles List<string>
    List of SCAP user scripts for checks.
    Scopes List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyScope>
    TrustedBaseImages List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyTrustedBaseImage>
    List of trusted images.
    TrustedBaseImagesEnabled bool
    Indicates if list of trusted base images is relevant.
    VulnerabilityExploitability bool
    VulnerabilityScoreRanges List<int>
    WhitelistedLicenses List<string>
    List of whitelisted licenses.
    WhitelistedLicensesEnabled bool
    Indicates if license blacklist is relevant.
    WindowsCisEnabled bool
    Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).
    AggregatedVulnerability map[string]string
    Aggregated vulnerability information.
    AllowedImages []string
    List of explicitly allowed images.
    ApplicationScopes []string
    AssuranceType string
    What type of assurance policy is described.
    AuditOnFailure bool
    Indicates if auditing for failures.
    Author string
    Name of user account that created the policy.
    AutoScanConfigured bool
    AutoScanEnabled bool
    AutoScanTimes []HostAssurancePolicyAutoScanTimeArgs
    BlacklistPermissions []string
    List of function's forbidden permissions.
    BlacklistPermissionsEnabled bool
    Indicates if blacklist permissions is relevant.
    BlacklistedLicenses []string
    List of blacklisted licenses.
    BlacklistedLicensesEnabled bool
    Indicates if license blacklist is relevant.
    BlockFailed bool
    Indicates if failed images are blocked.
    ControlExcludeNoFix bool
    CustomChecks []HostAssurancePolicyCustomCheckArgs
    List of Custom user scripts for checks.
    CustomChecksEnabled bool
    Indicates if scanning should include custom checks.
    CustomSeverity string
    CustomSeverityEnabled bool
    CvesBlackListEnabled bool
    Indicates if CVEs blacklist is relevant.
    CvesBlackLists []string
    List of CVEs blacklisted items.
    CvesWhiteListEnabled bool
    Indicates if CVEs whitelist is relevant.
    CvesWhiteLists []string
    List of cves whitelisted licenses
    CvssSeverity string
    Identifier of the cvss severity.
    CvssSeverityEnabled bool
    Indicates if the cvss severity is scanned.
    CvssSeverityExcludeNoFix bool
    Indicates that policy should ignore cvss cases that do not have a known fix.
    Description string
    DisallowExploitTypes []string
    DisallowMalware bool
    Indicates if malware should block the image.
    DockerCisEnabled bool
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    Domain string
    Name of the container image.
    DomainName string
    DtaEnabled bool
    DtaSeverity string
    Enabled bool
    Enforce bool
    EnforceAfterDays int
    EnforceExcessivePermissions bool
    ExceptionalMonitoredMalwarePaths []string
    ExcludeApplicationScopes []string
    FailCicd bool
    Indicates if cicd failures will fail the image.
    ForbiddenLabels []HostAssurancePolicyForbiddenLabelArgs
    ForbiddenLabelsEnabled bool
    ForceMicroenforcer bool
    FunctionIntegrityEnabled bool
    IgnoreBaseImageVln bool
    IgnoreRecentlyPublishedVln bool
    IgnoreRecentlyPublishedVlnPeriod int
    IgnoreRiskResourcesEnabled bool
    Indicates if risk resources are ignored.
    IgnoredRiskResources []string
    List of ignored risk resources.
    IgnoredSensitiveResources []string
    Images []string
    List of images.
    KubeCisEnabled bool
    Performs a Kubernetes CIS benchmark check for the host.
    KubernetesControls []string
    KubernetesControlsAvdIds []string
    KubernetesControlsNames []string
    Labels []string
    List of labels.
    Lastupdate string
    LinuxCisEnabled bool
    MalwareAction string
    MaximumScore float64
    Value of allowed maximum score.
    MaximumScoreEnabled bool
    Indicates if exceeding the maximum score is scanned.
    MaximumScoreExcludeNoFix bool
    Indicates that policy should ignore cases that do not have a known fix.
    MonitoredMalwarePaths []string
    Name string
    OnlyNoneRootUsers bool
    Indicates if raise a warning for images that should only be run as root.
    OpenshiftHardeningEnabled bool
    PackagesBlackListEnabled bool
    Indicates if packages blacklist is relevant.
    PackagesBlackLists []HostAssurancePolicyPackagesBlackListArgs
    List of blacklisted images.
    PackagesWhiteListEnabled bool
    Indicates if packages whitelist is relevant.
    PackagesWhiteLists []HostAssurancePolicyPackagesWhiteListArgs
    List of whitelisted images.
    PartialResultsImageFail bool
    Permission string
    PolicySettings HostAssurancePolicyPolicySettingsArgs
    ReadOnly bool
    Registries []string
    List of registries.
    Registry string
    RequiredLabels []HostAssurancePolicyRequiredLabelArgs
    RequiredLabelsEnabled bool
    ScanMalwareInArchives bool
    ScanNfsMounts bool
    ScanProcessMemory bool
    ScanSensitiveData bool
    Indicates if scan should include sensitive data in the image.
    ScanWindowsRegistry bool
    ScapEnabled bool
    Indicates if scanning should include scap.
    ScapFiles []string
    List of SCAP user scripts for checks.
    Scopes []HostAssurancePolicyScopeArgs
    TrustedBaseImages []HostAssurancePolicyTrustedBaseImageArgs
    List of trusted images.
    TrustedBaseImagesEnabled bool
    Indicates if list of trusted base images is relevant.
    VulnerabilityExploitability bool
    VulnerabilityScoreRanges []int
    WhitelistedLicenses []string
    List of whitelisted licenses.
    WhitelistedLicensesEnabled bool
    Indicates if license blacklist is relevant.
    WindowsCisEnabled bool
    Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).
    aggregatedVulnerability Map<String,String>
    Aggregated vulnerability information.
    allowedImages List<String>
    List of explicitly allowed images.
    applicationScopes List<String>
    assuranceType String
    What type of assurance policy is described.
    auditOnFailure Boolean
    Indicates if auditing for failures.
    author String
    Name of user account that created the policy.
    autoScanConfigured Boolean
    autoScanEnabled Boolean
    autoScanTimes List<HostAssurancePolicyAutoScanTime>
    blacklistPermissions List<String>
    List of function's forbidden permissions.
    blacklistPermissionsEnabled Boolean
    Indicates if blacklist permissions is relevant.
    blacklistedLicenses List<String>
    List of blacklisted licenses.
    blacklistedLicensesEnabled Boolean
    Indicates if license blacklist is relevant.
    blockFailed Boolean
    Indicates if failed images are blocked.
    controlExcludeNoFix Boolean
    customChecks List<HostAssurancePolicyCustomCheck>
    List of Custom user scripts for checks.
    customChecksEnabled Boolean
    Indicates if scanning should include custom checks.
    customSeverity String
    customSeverityEnabled Boolean
    cvesBlackListEnabled Boolean
    Indicates if CVEs blacklist is relevant.
    cvesBlackLists List<String>
    List of CVEs blacklisted items.
    cvesWhiteListEnabled Boolean
    Indicates if CVEs whitelist is relevant.
    cvesWhiteLists List<String>
    List of cves whitelisted licenses
    cvssSeverity String
    Identifier of the cvss severity.
    cvssSeverityEnabled Boolean
    Indicates if the cvss severity is scanned.
    cvssSeverityExcludeNoFix Boolean
    Indicates that policy should ignore cvss cases that do not have a known fix.
    description String
    disallowExploitTypes List<String>
    disallowMalware Boolean
    Indicates if malware should block the image.
    dockerCisEnabled Boolean
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    domain String
    Name of the container image.
    domainName String
    dtaEnabled Boolean
    dtaSeverity String
    enabled Boolean
    enforce Boolean
    enforceAfterDays Integer
    enforceExcessivePermissions Boolean
    exceptionalMonitoredMalwarePaths List<String>
    excludeApplicationScopes List<String>
    failCicd Boolean
    Indicates if cicd failures will fail the image.
    forbiddenLabels List<HostAssurancePolicyForbiddenLabel>
    forbiddenLabelsEnabled Boolean
    forceMicroenforcer Boolean
    functionIntegrityEnabled Boolean
    ignoreBaseImageVln Boolean
    ignoreRecentlyPublishedVln Boolean
    ignoreRecentlyPublishedVlnPeriod Integer
    ignoreRiskResourcesEnabled Boolean
    Indicates if risk resources are ignored.
    ignoredRiskResources List<String>
    List of ignored risk resources.
    ignoredSensitiveResources List<String>
    images List<String>
    List of images.
    kubeCisEnabled Boolean
    Performs a Kubernetes CIS benchmark check for the host.
    kubernetesControls List<String>
    kubernetesControlsAvdIds List<String>
    kubernetesControlsNames List<String>
    labels List<String>
    List of labels.
    lastupdate String
    linuxCisEnabled Boolean
    malwareAction String
    maximumScore Double
    Value of allowed maximum score.
    maximumScoreEnabled Boolean
    Indicates if exceeding the maximum score is scanned.
    maximumScoreExcludeNoFix Boolean
    Indicates that policy should ignore cases that do not have a known fix.
    monitoredMalwarePaths List<String>
    name String
    onlyNoneRootUsers Boolean
    Indicates if raise a warning for images that should only be run as root.
    openshiftHardeningEnabled Boolean
    packagesBlackListEnabled Boolean
    Indicates if packages blacklist is relevant.
    packagesBlackLists List<HostAssurancePolicyPackagesBlackList>
    List of blacklisted images.
    packagesWhiteListEnabled Boolean
    Indicates if packages whitelist is relevant.
    packagesWhiteLists List<HostAssurancePolicyPackagesWhiteList>
    List of whitelisted images.
    partialResultsImageFail Boolean
    permission String
    policySettings HostAssurancePolicyPolicySettings
    readOnly Boolean
    registries List<String>
    List of registries.
    registry String
    requiredLabels List<HostAssurancePolicyRequiredLabel>
    requiredLabelsEnabled Boolean
    scanMalwareInArchives Boolean
    scanNfsMounts Boolean
    scanProcessMemory Boolean
    scanSensitiveData Boolean
    Indicates if scan should include sensitive data in the image.
    scanWindowsRegistry Boolean
    scapEnabled Boolean
    Indicates if scanning should include scap.
    scapFiles List<String>
    List of SCAP user scripts for checks.
    scopes List<HostAssurancePolicyScope>
    trustedBaseImages List<HostAssurancePolicyTrustedBaseImage>
    List of trusted images.
    trustedBaseImagesEnabled Boolean
    Indicates if list of trusted base images is relevant.
    vulnerabilityExploitability Boolean
    vulnerabilityScoreRanges List<Integer>
    whitelistedLicenses List<String>
    List of whitelisted licenses.
    whitelistedLicensesEnabled Boolean
    Indicates if license blacklist is relevant.
    windowsCisEnabled Boolean
    Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).
    aggregatedVulnerability {[key: string]: string}
    Aggregated vulnerability information.
    allowedImages string[]
    List of explicitly allowed images.
    applicationScopes string[]
    assuranceType string
    What type of assurance policy is described.
    auditOnFailure boolean
    Indicates if auditing for failures.
    author string
    Name of user account that created the policy.
    autoScanConfigured boolean
    autoScanEnabled boolean
    autoScanTimes HostAssurancePolicyAutoScanTime[]
    blacklistPermissions string[]
    List of function's forbidden permissions.
    blacklistPermissionsEnabled boolean
    Indicates if blacklist permissions is relevant.
    blacklistedLicenses string[]
    List of blacklisted licenses.
    blacklistedLicensesEnabled boolean
    Indicates if license blacklist is relevant.
    blockFailed boolean
    Indicates if failed images are blocked.
    controlExcludeNoFix boolean
    customChecks HostAssurancePolicyCustomCheck[]
    List of Custom user scripts for checks.
    customChecksEnabled boolean
    Indicates if scanning should include custom checks.
    customSeverity string
    customSeverityEnabled boolean
    cvesBlackListEnabled boolean
    Indicates if CVEs blacklist is relevant.
    cvesBlackLists string[]
    List of CVEs blacklisted items.
    cvesWhiteListEnabled boolean
    Indicates if CVEs whitelist is relevant.
    cvesWhiteLists string[]
    List of cves whitelisted licenses
    cvssSeverity string
    Identifier of the cvss severity.
    cvssSeverityEnabled boolean
    Indicates if the cvss severity is scanned.
    cvssSeverityExcludeNoFix boolean
    Indicates that policy should ignore cvss cases that do not have a known fix.
    description string
    disallowExploitTypes string[]
    disallowMalware boolean
    Indicates if malware should block the image.
    dockerCisEnabled boolean
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    domain string
    Name of the container image.
    domainName string
    dtaEnabled boolean
    dtaSeverity string
    enabled boolean
    enforce boolean
    enforceAfterDays number
    enforceExcessivePermissions boolean
    exceptionalMonitoredMalwarePaths string[]
    excludeApplicationScopes string[]
    failCicd boolean
    Indicates if cicd failures will fail the image.
    forbiddenLabels HostAssurancePolicyForbiddenLabel[]
    forbiddenLabelsEnabled boolean
    forceMicroenforcer boolean
    functionIntegrityEnabled boolean
    ignoreBaseImageVln boolean
    ignoreRecentlyPublishedVln boolean
    ignoreRecentlyPublishedVlnPeriod number
    ignoreRiskResourcesEnabled boolean
    Indicates if risk resources are ignored.
    ignoredRiskResources string[]
    List of ignored risk resources.
    ignoredSensitiveResources string[]
    images string[]
    List of images.
    kubeCisEnabled boolean
    Performs a Kubernetes CIS benchmark check for the host.
    kubernetesControls string[]
    kubernetesControlsAvdIds string[]
    kubernetesControlsNames string[]
    labels string[]
    List of labels.
    lastupdate string
    linuxCisEnabled boolean
    malwareAction string
    maximumScore number
    Value of allowed maximum score.
    maximumScoreEnabled boolean
    Indicates if exceeding the maximum score is scanned.
    maximumScoreExcludeNoFix boolean
    Indicates that policy should ignore cases that do not have a known fix.
    monitoredMalwarePaths string[]
    name string
    onlyNoneRootUsers boolean
    Indicates if raise a warning for images that should only be run as root.
    openshiftHardeningEnabled boolean
    packagesBlackListEnabled boolean
    Indicates if packages blacklist is relevant.
    packagesBlackLists HostAssurancePolicyPackagesBlackList[]
    List of blacklisted images.
    packagesWhiteListEnabled boolean
    Indicates if packages whitelist is relevant.
    packagesWhiteLists HostAssurancePolicyPackagesWhiteList[]
    List of whitelisted images.
    partialResultsImageFail boolean
    permission string
    policySettings HostAssurancePolicyPolicySettings
    readOnly boolean
    registries string[]
    List of registries.
    registry string
    requiredLabels HostAssurancePolicyRequiredLabel[]
    requiredLabelsEnabled boolean
    scanMalwareInArchives boolean
    scanNfsMounts boolean
    scanProcessMemory boolean
    scanSensitiveData boolean
    Indicates if scan should include sensitive data in the image.
    scanWindowsRegistry boolean
    scapEnabled boolean
    Indicates if scanning should include scap.
    scapFiles string[]
    List of SCAP user scripts for checks.
    scopes HostAssurancePolicyScope[]
    trustedBaseImages HostAssurancePolicyTrustedBaseImage[]
    List of trusted images.
    trustedBaseImagesEnabled boolean
    Indicates if list of trusted base images is relevant.
    vulnerabilityExploitability boolean
    vulnerabilityScoreRanges number[]
    whitelistedLicenses string[]
    List of whitelisted licenses.
    whitelistedLicensesEnabled boolean
    Indicates if license blacklist is relevant.
    windowsCisEnabled boolean
    Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).
    aggregated_vulnerability Mapping[str, str]
    Aggregated vulnerability information.
    allowed_images Sequence[str]
    List of explicitly allowed images.
    application_scopes Sequence[str]
    assurance_type str
    What type of assurance policy is described.
    audit_on_failure bool
    Indicates if auditing for failures.
    author str
    Name of user account that created the policy.
    auto_scan_configured bool
    auto_scan_enabled bool
    auto_scan_times Sequence[HostAssurancePolicyAutoScanTimeArgs]
    blacklist_permissions Sequence[str]
    List of function's forbidden permissions.
    blacklist_permissions_enabled bool
    Indicates if blacklist permissions is relevant.
    blacklisted_licenses Sequence[str]
    List of blacklisted licenses.
    blacklisted_licenses_enabled bool
    Indicates if license blacklist is relevant.
    block_failed bool
    Indicates if failed images are blocked.
    control_exclude_no_fix bool
    custom_checks Sequence[HostAssurancePolicyCustomCheckArgs]
    List of Custom user scripts for checks.
    custom_checks_enabled bool
    Indicates if scanning should include custom checks.
    custom_severity str
    custom_severity_enabled bool
    cves_black_list_enabled bool
    Indicates if CVEs blacklist is relevant.
    cves_black_lists Sequence[str]
    List of CVEs blacklisted items.
    cves_white_list_enabled bool
    Indicates if CVEs whitelist is relevant.
    cves_white_lists Sequence[str]
    List of cves whitelisted licenses
    cvss_severity str
    Identifier of the cvss severity.
    cvss_severity_enabled bool
    Indicates if the cvss severity is scanned.
    cvss_severity_exclude_no_fix bool
    Indicates that policy should ignore cvss cases that do not have a known fix.
    description str
    disallow_exploit_types Sequence[str]
    disallow_malware bool
    Indicates if malware should block the image.
    docker_cis_enabled bool
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    domain str
    Name of the container image.
    domain_name str
    dta_enabled bool
    dta_severity str
    enabled bool
    enforce bool
    enforce_after_days int
    enforce_excessive_permissions bool
    exceptional_monitored_malware_paths Sequence[str]
    exclude_application_scopes Sequence[str]
    fail_cicd bool
    Indicates if cicd failures will fail the image.
    forbidden_labels Sequence[HostAssurancePolicyForbiddenLabelArgs]
    forbidden_labels_enabled bool
    force_microenforcer bool
    function_integrity_enabled bool
    ignore_base_image_vln bool
    ignore_recently_published_vln bool
    ignore_recently_published_vln_period int
    ignore_risk_resources_enabled bool
    Indicates if risk resources are ignored.
    ignored_risk_resources Sequence[str]
    List of ignored risk resources.
    ignored_sensitive_resources Sequence[str]
    images Sequence[str]
    List of images.
    kube_cis_enabled bool
    Performs a Kubernetes CIS benchmark check for the host.
    kubernetes_controls Sequence[str]
    kubernetes_controls_avd_ids Sequence[str]
    kubernetes_controls_names Sequence[str]
    labels Sequence[str]
    List of labels.
    lastupdate str
    linux_cis_enabled bool
    malware_action str
    maximum_score float
    Value of allowed maximum score.
    maximum_score_enabled bool
    Indicates if exceeding the maximum score is scanned.
    maximum_score_exclude_no_fix bool
    Indicates that policy should ignore cases that do not have a known fix.
    monitored_malware_paths Sequence[str]
    name str
    only_none_root_users bool
    Indicates if raise a warning for images that should only be run as root.
    openshift_hardening_enabled bool
    packages_black_list_enabled bool
    Indicates if packages blacklist is relevant.
    packages_black_lists Sequence[HostAssurancePolicyPackagesBlackListArgs]
    List of blacklisted images.
    packages_white_list_enabled bool
    Indicates if packages whitelist is relevant.
    packages_white_lists Sequence[HostAssurancePolicyPackagesWhiteListArgs]
    List of whitelisted images.
    partial_results_image_fail bool
    permission str
    policy_settings HostAssurancePolicyPolicySettingsArgs
    read_only bool
    registries Sequence[str]
    List of registries.
    registry str
    required_labels Sequence[HostAssurancePolicyRequiredLabelArgs]
    required_labels_enabled bool
    scan_malware_in_archives bool
    scan_nfs_mounts bool
    scan_process_memory bool
    scan_sensitive_data bool
    Indicates if scan should include sensitive data in the image.
    scan_windows_registry bool
    scap_enabled bool
    Indicates if scanning should include scap.
    scap_files Sequence[str]
    List of SCAP user scripts for checks.
    scopes Sequence[HostAssurancePolicyScopeArgs]
    trusted_base_images Sequence[HostAssurancePolicyTrustedBaseImageArgs]
    List of trusted images.
    trusted_base_images_enabled bool
    Indicates if list of trusted base images is relevant.
    vulnerability_exploitability bool
    vulnerability_score_ranges Sequence[int]
    whitelisted_licenses Sequence[str]
    List of whitelisted licenses.
    whitelisted_licenses_enabled bool
    Indicates if license blacklist is relevant.
    windows_cis_enabled bool
    Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).
    aggregatedVulnerability Map<String>
    Aggregated vulnerability information.
    allowedImages List<String>
    List of explicitly allowed images.
    applicationScopes List<String>
    assuranceType String
    What type of assurance policy is described.
    auditOnFailure Boolean
    Indicates if auditing for failures.
    author String
    Name of user account that created the policy.
    autoScanConfigured Boolean
    autoScanEnabled Boolean
    autoScanTimes List<Property Map>
    blacklistPermissions List<String>
    List of function's forbidden permissions.
    blacklistPermissionsEnabled Boolean
    Indicates if blacklist permissions is relevant.
    blacklistedLicenses List<String>
    List of blacklisted licenses.
    blacklistedLicensesEnabled Boolean
    Indicates if license blacklist is relevant.
    blockFailed Boolean
    Indicates if failed images are blocked.
    controlExcludeNoFix Boolean
    customChecks List<Property Map>
    List of Custom user scripts for checks.
    customChecksEnabled Boolean
    Indicates if scanning should include custom checks.
    customSeverity String
    customSeverityEnabled Boolean
    cvesBlackListEnabled Boolean
    Indicates if CVEs blacklist is relevant.
    cvesBlackLists List<String>
    List of CVEs blacklisted items.
    cvesWhiteListEnabled Boolean
    Indicates if CVEs whitelist is relevant.
    cvesWhiteLists List<String>
    List of cves whitelisted licenses
    cvssSeverity String
    Identifier of the cvss severity.
    cvssSeverityEnabled Boolean
    Indicates if the cvss severity is scanned.
    cvssSeverityExcludeNoFix Boolean
    Indicates that policy should ignore cvss cases that do not have a known fix.
    description String
    disallowExploitTypes List<String>
    disallowMalware Boolean
    Indicates if malware should block the image.
    dockerCisEnabled Boolean
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    domain String
    Name of the container image.
    domainName String
    dtaEnabled Boolean
    dtaSeverity String
    enabled Boolean
    enforce Boolean
    enforceAfterDays Number
    enforceExcessivePermissions Boolean
    exceptionalMonitoredMalwarePaths List<String>
    excludeApplicationScopes List<String>
    failCicd Boolean
    Indicates if cicd failures will fail the image.
    forbiddenLabels List<Property Map>
    forbiddenLabelsEnabled Boolean
    forceMicroenforcer Boolean
    functionIntegrityEnabled Boolean
    ignoreBaseImageVln Boolean
    ignoreRecentlyPublishedVln Boolean
    ignoreRecentlyPublishedVlnPeriod Number
    ignoreRiskResourcesEnabled Boolean
    Indicates if risk resources are ignored.
    ignoredRiskResources List<String>
    List of ignored risk resources.
    ignoredSensitiveResources List<String>
    images List<String>
    List of images.
    kubeCisEnabled Boolean
    Performs a Kubernetes CIS benchmark check for the host.
    kubernetesControls List<String>
    kubernetesControlsAvdIds List<String>
    kubernetesControlsNames List<String>
    labels List<String>
    List of labels.
    lastupdate String
    linuxCisEnabled Boolean
    malwareAction String
    maximumScore Number
    Value of allowed maximum score.
    maximumScoreEnabled Boolean
    Indicates if exceeding the maximum score is scanned.
    maximumScoreExcludeNoFix Boolean
    Indicates that policy should ignore cases that do not have a known fix.
    monitoredMalwarePaths List<String>
    name String
    onlyNoneRootUsers Boolean
    Indicates if raise a warning for images that should only be run as root.
    openshiftHardeningEnabled Boolean
    packagesBlackListEnabled Boolean
    Indicates if packages blacklist is relevant.
    packagesBlackLists List<Property Map>
    List of blacklisted images.
    packagesWhiteListEnabled Boolean
    Indicates if packages whitelist is relevant.
    packagesWhiteLists List<Property Map>
    List of whitelisted images.
    partialResultsImageFail Boolean
    permission String
    policySettings Property Map
    readOnly Boolean
    registries List<String>
    List of registries.
    registry String
    requiredLabels List<Property Map>
    requiredLabelsEnabled Boolean
    scanMalwareInArchives Boolean
    scanNfsMounts Boolean
    scanProcessMemory Boolean
    scanSensitiveData Boolean
    Indicates if scan should include sensitive data in the image.
    scanWindowsRegistry Boolean
    scapEnabled Boolean
    Indicates if scanning should include scap.
    scapFiles List<String>
    List of SCAP user scripts for checks.
    scopes List<Property Map>
    trustedBaseImages List<Property Map>
    List of trusted images.
    trustedBaseImagesEnabled Boolean
    Indicates if list of trusted base images is relevant.
    vulnerabilityExploitability Boolean
    vulnerabilityScoreRanges List<Number>
    whitelistedLicenses List<String>
    List of whitelisted licenses.
    whitelistedLicensesEnabled Boolean
    Indicates if license blacklist is relevant.
    windowsCisEnabled Boolean
    Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).

    Supporting Types

    HostAssurancePolicyAutoScanTime, HostAssurancePolicyAutoScanTimeArgs

    Iteration int
    IterationType string
    Time string
    WeekDays List<string>
    Iteration int
    IterationType string
    Time string
    WeekDays []string
    iteration Integer
    iterationType String
    time String
    weekDays List<String>
    iteration number
    iterationType string
    time string
    weekDays string[]
    iteration int
    iteration_type str
    time str
    week_days Sequence[str]
    iteration Number
    iterationType String
    time String
    weekDays List<String>

    HostAssurancePolicyCustomCheck, HostAssurancePolicyCustomCheckArgs

    Author string
    Name of user account that created the policy.
    Description string
    Engine string
    LastModified int
    Name string
    Path string
    ReadOnly bool
    ScriptId string
    Severity string
    Snippet string
    Author string
    Name of user account that created the policy.
    Description string
    Engine string
    LastModified int
    Name string
    Path string
    ReadOnly bool
    ScriptId string
    Severity string
    Snippet string
    author String
    Name of user account that created the policy.
    description String
    engine String
    lastModified Integer
    name String
    path String
    readOnly Boolean
    scriptId String
    severity String
    snippet String
    author string
    Name of user account that created the policy.
    description string
    engine string
    lastModified number
    name string
    path string
    readOnly boolean
    scriptId string
    severity string
    snippet string
    author str
    Name of user account that created the policy.
    description str
    engine str
    last_modified int
    name str
    path str
    read_only bool
    script_id str
    severity str
    snippet str
    author String
    Name of user account that created the policy.
    description String
    engine String
    lastModified Number
    name String
    path String
    readOnly Boolean
    scriptId String
    severity String
    snippet String

    HostAssurancePolicyForbiddenLabel, HostAssurancePolicyForbiddenLabelArgs

    Key string
    Value string
    Key string
    Value string
    key String
    value String
    key string
    value string
    key str
    value str
    key String
    value String

    HostAssurancePolicyPackagesBlackList, HostAssurancePolicyPackagesBlackListArgs

    Arch string
    Display string
    Epoch string
    Format string
    License string
    Name string
    Release string
    Version string
    VersionRange string
    Arch string
    Display string
    Epoch string
    Format string
    License string
    Name string
    Release string
    Version string
    VersionRange string
    arch String
    display String
    epoch String
    format String
    license String
    name String
    release String
    version String
    versionRange String
    arch string
    display string
    epoch string
    format string
    license string
    name string
    release string
    version string
    versionRange string
    arch String
    display String
    epoch String
    format String
    license String
    name String
    release String
    version String
    versionRange String

    HostAssurancePolicyPackagesWhiteList, HostAssurancePolicyPackagesWhiteListArgs

    Arch string
    Display string
    Epoch string
    Format string
    License string
    Name string
    Release string
    Version string
    VersionRange string
    Arch string
    Display string
    Epoch string
    Format string
    License string
    Name string
    Release string
    Version string
    VersionRange string
    arch String
    display String
    epoch String
    format String
    license String
    name String
    release String
    version String
    versionRange String
    arch string
    display string
    epoch string
    format string
    license string
    name string
    release string
    version string
    versionRange string
    arch String
    display String
    epoch String
    format String
    license String
    name String
    release String
    version String
    versionRange String

    HostAssurancePolicyPolicySettings, HostAssurancePolicyPolicySettingsArgs

    enforce Boolean
    isAuditChecked Boolean
    warn Boolean
    warningMessage String
    enforce boolean
    isAuditChecked boolean
    warn boolean
    warningMessage string
    enforce Boolean
    isAuditChecked Boolean
    warn Boolean
    warningMessage String

    HostAssurancePolicyRequiredLabel, HostAssurancePolicyRequiredLabelArgs

    Key string
    Value string
    Key string
    Value string
    key String
    value String
    key string
    value string
    key str
    value str
    key String
    value String

    HostAssurancePolicyScope, HostAssurancePolicyScopeArgs

    HostAssurancePolicyScopeVariable, HostAssurancePolicyScopeVariableArgs

    Attribute string
    Name string
    Value string
    Attribute string
    Name string
    Value string
    attribute String
    name String
    value String
    attribute string
    name string
    value string
    attribute str
    name str
    value str
    attribute String
    name String
    value String

    HostAssurancePolicyTrustedBaseImage, HostAssurancePolicyTrustedBaseImageArgs

    Imagename string
    Registry string
    Imagename string
    Registry string
    imagename String
    registry String
    imagename string
    registry string
    imagename String
    registry String

    Package Details

    Repository
    aquasec pulumiverse/pulumi-aquasec
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aquasec Terraform Provider.
    aquasec logo
    Aquasec v0.8.27 published on Monday, Jan 29, 2024 by Pulumiverse