dome9 1.40.3, Apr 14 25

dome9 1.40.3 published on Monday, Apr 14, 2025 by dome9

dome9.VulnerabilityPolicy

Explore with Pulumi AI

dome9 1.40.3 published on Monday, Apr 14, 2025 by dome9

This resource is used to create and modify the Workload Vulnerability policy in CloudGuard. A Workload Vulnerability policy is the combination of a Ruleset applied to a specific cloud environment with a specific action. When defining a Workload Vulnerability on a Kubernetes environment, you can define the admission control actions on unscanned and incompliant images action to ‘detect’ or ‘protect’

Example Usage

Basic usage:

import * as pulumi from "@pulumi/pulumi";
import * as dome9 from "@pulumi/dome9";

const testVlmPolicy = new dome9.VulnerabilityPolicy("testVlmPolicy", {
    admissionControlAction: "Detection",
    admissionControlUnscannedAction: "Detection",
    notificationIds: ["NOTIFICATION IDS"],
    rulesetId: 0,
    targetId: "Environment ID",
    targetType: "Kubernetes",
});

import pulumi
import pulumi_dome9 as dome9

test_vlm_policy = dome9.VulnerabilityPolicy("testVlmPolicy",
    admission_control_action="Detection",
    admission_control_unscanned_action="Detection",
    notification_ids=["NOTIFICATION IDS"],
    ruleset_id=0,
    target_id="Environment ID",
    target_type="Kubernetes")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/dome9/dome9"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := dome9.NewVulnerabilityPolicy(ctx, "testVlmPolicy", &dome9.VulnerabilityPolicyArgs{
			AdmissionControlAction:          pulumi.String("Detection"),
			AdmissionControlUnscannedAction: pulumi.String("Detection"),
			NotificationIds: pulumi.StringArray{
				pulumi.String("NOTIFICATION IDS"),
			},
			RulesetId:  pulumi.Float64(0),
			TargetId:   pulumi.String("Environment ID"),
			TargetType: pulumi.String("Kubernetes"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Dome9 = Pulumi.Dome9;

return await Deployment.RunAsync(() => 
{
    var testVlmPolicy = new Dome9.VulnerabilityPolicy("testVlmPolicy", new()
    {
        AdmissionControlAction = "Detection",
        AdmissionControlUnscannedAction = "Detection",
        NotificationIds = new[]
        {
            "NOTIFICATION IDS",
        },
        RulesetId = 0,
        TargetId = "Environment ID",
        TargetType = "Kubernetes",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.dome9.VulnerabilityPolicy;
import com.pulumi.dome9.VulnerabilityPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var testVlmPolicy = new VulnerabilityPolicy("testVlmPolicy", VulnerabilityPolicyArgs.builder()
            .admissionControlAction("Detection")
            .admissionControlUnscannedAction("Detection")
            .notificationIds("NOTIFICATION IDS")
            .rulesetId(0)
            .targetId("Environment ID")
            .targetType("Kubernetes")
            .build());

    }
}

resources:
  testVlmPolicy:
    type: dome9:VulnerabilityPolicy
    properties:
      admissionControlAction: Detection
      admissionControlUnscannedAction: Detection
      notificationIds:
        - NOTIFICATION IDS
      rulesetId: 0
      targetId: Environment ID
      targetType: Kubernetes

Create VulnerabilityPolicy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new VulnerabilityPolicy(name: string, args: VulnerabilityPolicyArgs, opts?: CustomResourceOptions);

@overload
def VulnerabilityPolicy(resource_name: str,
                        args: VulnerabilityPolicyArgs,
                        opts: Optional[ResourceOptions] = None)

@overload
def VulnerabilityPolicy(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        notification_ids: Optional[Sequence[str]] = None,
                        ruleset_id: Optional[float] = None,
                        target_id: Optional[str] = None,
                        target_type: Optional[str] = None,
                        admission_control_action: Optional[str] = None,
                        admission_control_unscanned_action: Optional[str] = None,
                        vulnerability_policy_id: Optional[str] = None)

func NewVulnerabilityPolicy(ctx *Context, name string, args VulnerabilityPolicyArgs, opts ...ResourceOption) (*VulnerabilityPolicy, error)

public VulnerabilityPolicy(string name, VulnerabilityPolicyArgs args, CustomResourceOptions? opts = null)

public VulnerabilityPolicy(String name, VulnerabilityPolicyArgs args)
public VulnerabilityPolicy(String name, VulnerabilityPolicyArgs args, CustomResourceOptions options)

type: dome9:VulnerabilityPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args VulnerabilityPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args VulnerabilityPolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args VulnerabilityPolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args VulnerabilityPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args VulnerabilityPolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var vulnerabilityPolicyResource = new Dome9.VulnerabilityPolicy("vulnerabilityPolicyResource", new()
{
    NotificationIds = new[]
    {
        "string",
    },
    RulesetId = 0,
    TargetId = "string",
    TargetType = "string",
    AdmissionControlAction = "string",
    AdmissionControlUnscannedAction = "string",
    VulnerabilityPolicyId = "string",
});

example, err := dome9.NewVulnerabilityPolicy(ctx, "vulnerabilityPolicyResource", &dome9.VulnerabilityPolicyArgs{
	NotificationIds: pulumi.StringArray{
		pulumi.String("string"),
	},
	RulesetId:                       pulumi.Float64(0),
	TargetId:                        pulumi.String("string"),
	TargetType:                      pulumi.String("string"),
	AdmissionControlAction:          pulumi.String("string"),
	AdmissionControlUnscannedAction: pulumi.String("string"),
	VulnerabilityPolicyId:           pulumi.String("string"),
})

var vulnerabilityPolicyResource = new VulnerabilityPolicy("vulnerabilityPolicyResource", VulnerabilityPolicyArgs.builder()
    .notificationIds("string")
    .rulesetId(0)
    .targetId("string")
    .targetType("string")
    .admissionControlAction("string")
    .admissionControlUnscannedAction("string")
    .vulnerabilityPolicyId("string")
    .build());

vulnerability_policy_resource = dome9.VulnerabilityPolicy("vulnerabilityPolicyResource",
    notification_ids=["string"],
    ruleset_id=0,
    target_id="string",
    target_type="string",
    admission_control_action="string",
    admission_control_unscanned_action="string",
    vulnerability_policy_id="string")

const vulnerabilityPolicyResource = new dome9.VulnerabilityPolicy("vulnerabilityPolicyResource", {
    notificationIds: ["string"],
    rulesetId: 0,
    targetId: "string",
    targetType: "string",
    admissionControlAction: "string",
    admissionControlUnscannedAction: "string",
    vulnerabilityPolicyId: "string",
});

type: dome9:VulnerabilityPolicy
properties:
    admissionControlAction: string
    admissionControlUnscannedAction: string
    notificationIds:
        - string
    rulesetId: 0
    targetId: string
    targetType: string
    vulnerabilityPolicyId: string

VulnerabilityPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The VulnerabilityPolicy resource accepts the following input properties:

NotificationIds List<string>: The notification policy id's for the policy [list].
RulesetId double: The bundle id for the bundle that will be used in the policy.
TargetId string: The kubernetes environment id / organizational unit id.
TargetType string: Vendor type (Aws, Azure, ContainerRegistry, Gcp, Kubernetes, ShiftLeft, OrganizationalUnit).
AdmissionControlAction string: Admission Policy action ("Prevention", "Detection").
AdmissionControlUnscannedAction string: Admission Policy action ("Prevention", "Detection").
VulnerabilityPolicyId string: Id of the vulnerability policy.

NotificationIds []string: The notification policy id's for the policy [list].
RulesetId float64: The bundle id for the bundle that will be used in the policy.
TargetId string: The kubernetes environment id / organizational unit id.
TargetType string: Vendor type (Aws, Azure, ContainerRegistry, Gcp, Kubernetes, ShiftLeft, OrganizationalUnit).
AdmissionControlAction string: Admission Policy action ("Prevention", "Detection").
AdmissionControlUnscannedAction string: Admission Policy action ("Prevention", "Detection").
VulnerabilityPolicyId string: Id of the vulnerability policy.

notificationIds List<String>: The notification policy id's for the policy [list].
rulesetId Double: The bundle id for the bundle that will be used in the policy.
targetId String: The kubernetes environment id / organizational unit id.
targetType String: Vendor type (Aws, Azure, ContainerRegistry, Gcp, Kubernetes, ShiftLeft, OrganizationalUnit).
admissionControlAction String: Admission Policy action ("Prevention", "Detection").
admissionControlUnscannedAction String: Admission Policy action ("Prevention", "Detection").
vulnerabilityPolicyId String: Id of the vulnerability policy.

notificationIds string[]: The notification policy id's for the policy [list].
rulesetId number: The bundle id for the bundle that will be used in the policy.
targetId string: The kubernetes environment id / organizational unit id.
targetType string: Vendor type (Aws, Azure, ContainerRegistry, Gcp, Kubernetes, ShiftLeft, OrganizationalUnit).
admissionControlAction string: Admission Policy action ("Prevention", "Detection").
admissionControlUnscannedAction string: Admission Policy action ("Prevention", "Detection").
vulnerabilityPolicyId string: Id of the vulnerability policy.

notification_ids Sequence[str]: The notification policy id's for the policy [list].
ruleset_id float: The bundle id for the bundle that will be used in the policy.
target_id str: The kubernetes environment id / organizational unit id.
target_type str: Vendor type (Aws, Azure, ContainerRegistry, Gcp, Kubernetes, ShiftLeft, OrganizationalUnit).
admission_control_action str: Admission Policy action ("Prevention", "Detection").
admission_control_unscanned_action str: Admission Policy action ("Prevention", "Detection").
vulnerability_policy_id str: Id of the vulnerability policy.

notificationIds List<String>: The notification policy id's for the policy [list].
rulesetId Number: The bundle id for the bundle that will be used in the policy.
targetId String: The kubernetes environment id / organizational unit id.
targetType String: Vendor type (Aws, Azure, ContainerRegistry, Gcp, Kubernetes, ShiftLeft, OrganizationalUnit).
admissionControlAction String: Admission Policy action ("Prevention", "Detection").
admissionControlUnscannedAction String: Admission Policy action ("Prevention", "Detection").
vulnerabilityPolicyId String: Id of the vulnerability policy.

Outputs

All input properties are implicitly available as output properties. Additionally, the VulnerabilityPolicy resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing VulnerabilityPolicy Resource

Get an existing VulnerabilityPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: VulnerabilityPolicyState, opts?: CustomResourceOptions): VulnerabilityPolicy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        admission_control_action: Optional[str] = None,
        admission_control_unscanned_action: Optional[str] = None,
        notification_ids: Optional[Sequence[str]] = None,
        ruleset_id: Optional[float] = None,
        target_id: Optional[str] = None,
        target_type: Optional[str] = None,
        vulnerability_policy_id: Optional[str] = None) -> VulnerabilityPolicy

func GetVulnerabilityPolicy(ctx *Context, name string, id IDInput, state *VulnerabilityPolicyState, opts ...ResourceOption) (*VulnerabilityPolicy, error)

public static VulnerabilityPolicy Get(string name, Input<string> id, VulnerabilityPolicyState? state, CustomResourceOptions? opts = null)

public static VulnerabilityPolicy get(String name, Output<String> id, VulnerabilityPolicyState state, CustomResourceOptions options)

resources:  _:    type: dome9:VulnerabilityPolicy    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AdmissionControlAction string: Admission Policy action ("Prevention", "Detection").
AdmissionControlUnscannedAction string: Admission Policy action ("Prevention", "Detection").
NotificationIds List<string>: The notification policy id's for the policy [list].
RulesetId double: The bundle id for the bundle that will be used in the policy.
TargetId string: The kubernetes environment id / organizational unit id.
TargetType string: Vendor type (Aws, Azure, ContainerRegistry, Gcp, Kubernetes, ShiftLeft, OrganizationalUnit).
VulnerabilityPolicyId string: Id of the vulnerability policy.

AdmissionControlAction string: Admission Policy action ("Prevention", "Detection").
AdmissionControlUnscannedAction string: Admission Policy action ("Prevention", "Detection").
NotificationIds []string: The notification policy id's for the policy [list].
RulesetId float64: The bundle id for the bundle that will be used in the policy.
TargetId string: The kubernetes environment id / organizational unit id.
TargetType string: Vendor type (Aws, Azure, ContainerRegistry, Gcp, Kubernetes, ShiftLeft, OrganizationalUnit).
VulnerabilityPolicyId string: Id of the vulnerability policy.

admissionControlAction String: Admission Policy action ("Prevention", "Detection").
admissionControlUnscannedAction String: Admission Policy action ("Prevention", "Detection").
notificationIds List<String>: The notification policy id's for the policy [list].
rulesetId Double: The bundle id for the bundle that will be used in the policy.
targetId String: The kubernetes environment id / organizational unit id.
targetType String: Vendor type (Aws, Azure, ContainerRegistry, Gcp, Kubernetes, ShiftLeft, OrganizationalUnit).
vulnerabilityPolicyId String: Id of the vulnerability policy.

admissionControlAction string: Admission Policy action ("Prevention", "Detection").
admissionControlUnscannedAction string: Admission Policy action ("Prevention", "Detection").
notificationIds string[]: The notification policy id's for the policy [list].
rulesetId number: The bundle id for the bundle that will be used in the policy.
targetId string: The kubernetes environment id / organizational unit id.
targetType string: Vendor type (Aws, Azure, ContainerRegistry, Gcp, Kubernetes, ShiftLeft, OrganizationalUnit).
vulnerabilityPolicyId string: Id of the vulnerability policy.

admission_control_action str: Admission Policy action ("Prevention", "Detection").
admission_control_unscanned_action str: Admission Policy action ("Prevention", "Detection").
notification_ids Sequence[str]: The notification policy id's for the policy [list].
ruleset_id float: The bundle id for the bundle that will be used in the policy.
target_id str: The kubernetes environment id / organizational unit id.
target_type str: Vendor type (Aws, Azure, ContainerRegistry, Gcp, Kubernetes, ShiftLeft, OrganizationalUnit).
vulnerability_policy_id str: Id of the vulnerability policy.

admissionControlAction String: Admission Policy action ("Prevention", "Detection").
admissionControlUnscannedAction String: Admission Policy action ("Prevention", "Detection").
notificationIds List<String>: The notification policy id's for the policy [list].
rulesetId Number: The bundle id for the bundle that will be used in the policy.
targetId String: The kubernetes environment id / organizational unit id.
targetType String: Vendor type (Aws, Azure, ContainerRegistry, Gcp, Kubernetes, ShiftLeft, OrganizationalUnit).
vulnerabilityPolicyId String: Id of the vulnerability policy.

Import

The policy can be imported; use <POLICY ID> as the import ID.

For example:

$ pulumi import dome9:index/vulnerabilityPolicy:VulnerabilityPolicy test 00000000-0000-0000-0000-000000000000

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: dome9 dome9/terraform-provider-dome9
License
Notes: This Pulumi package is based on the dome9 Terraform Provider.

dome9 1.40.3 published on Monday, Apr 14, 2025 by dome9

dome9/terraform-provider-dome9

dome9.VulnerabilityPolicy

On this page

On this page

Example Usage

Create VulnerabilityPolicy Resource

Constructor syntax

Parameters

Constructor example

VulnerabilityPolicy Resource Properties

Inputs

Outputs

Look up Existing VulnerabilityPolicy Resource

Import

Package Details

On this page

On this page