Docs Home
lacework 2.0.6 published on Monday, Apr 14, 2025 by lacework
lacework.VulnerabilityExceptionContainer
Explore with Pulumi AI
Use this resource to manage Lacework vulnerability exceptions to control and customize your alert profile for containers, such as for a particular vulnerability in a container registry. Customize your exceptions by defining the resource scope, vulnerability criteria, and context for each exception.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as lacework from "@pulumi/lacework";
const example = new lacework.VulnerabilityExceptionContainer("example", {
description: "This is a container vulnerability exception",
enabled: true,
expiry: "2023-06-06T15:55:15Z",
reason: "Accepted Risk",
resourceScope: {
imageIds: ["sha256:3b83d9104a4c4ccf76433756f14a2ad109e2aae15444b63339"],
imageTags: [
"4.0",
"1.0",
"3.1",
"5.0",
],
namespaces: ["debian"],
registries: ["index.docker.io"],
repositories: ["lacework/lacework-cli"],
},
vulnerabilityCriteria: {
cves: [
"cve-2021-11111",
"cve-2021-22222",
],
fixableVuln: "true",
packages: [
{
name: "myPackage",
version: "1.0.0",
},
{
name: "myOtherPackage",
version: "1.0.0",
},
],
severities: [
"Critical",
"High",
],
},
});
import pulumi
import pulumi_lacework as lacework
example = lacework.VulnerabilityExceptionContainer("example",
description="This is a container vulnerability exception",
enabled=True,
expiry="2023-06-06T15:55:15Z",
reason="Accepted Risk",
resource_scope={
"image_ids": ["sha256:3b83d9104a4c4ccf76433756f14a2ad109e2aae15444b63339"],
"image_tags": [
"4.0",
"1.0",
"3.1",
"5.0",
],
"namespaces": ["debian"],
"registries": ["index.docker.io"],
"repositories": ["lacework/lacework-cli"],
},
vulnerability_criteria={
"cves": [
"cve-2021-11111",
"cve-2021-22222",
],
"fixable_vuln": "true",
"packages": [
{
"name": "myPackage",
"version": "1.0.0",
},
{
"name": "myOtherPackage",
"version": "1.0.0",
},
],
"severities": [
"Critical",
"High",
],
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/lacework/v2/lacework"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lacework.NewVulnerabilityExceptionContainer(ctx, "example", &lacework.VulnerabilityExceptionContainerArgs{
Description: pulumi.String("This is a container vulnerability exception"),
Enabled: pulumi.Bool(true),
Expiry: pulumi.String("2023-06-06T15:55:15Z"),
Reason: pulumi.String("Accepted Risk"),
ResourceScope: &lacework.VulnerabilityExceptionContainerResourceScopeArgs{
ImageIds: pulumi.StringArray{
pulumi.String("sha256:3b83d9104a4c4ccf76433756f14a2ad109e2aae15444b63339"),
},
ImageTags: pulumi.StringArray{
pulumi.String("4.0"),
pulumi.String("1.0"),
pulumi.String("3.1"),
pulumi.String("5.0"),
},
Namespaces: pulumi.StringArray{
pulumi.String("debian"),
},
Registries: pulumi.StringArray{
pulumi.String("index.docker.io"),
},
Repositories: pulumi.StringArray{
pulumi.String("lacework/lacework-cli"),
},
},
VulnerabilityCriteria: &lacework.VulnerabilityExceptionContainerVulnerabilityCriteriaArgs{
Cves: pulumi.StringArray{
pulumi.String("cve-2021-11111"),
pulumi.String("cve-2021-22222"),
},
FixableVuln: pulumi.String("true"),
Packages: lacework.VulnerabilityExceptionContainerVulnerabilityCriteriaPackageArray{
&lacework.VulnerabilityExceptionContainerVulnerabilityCriteriaPackageArgs{
Name: pulumi.String("myPackage"),
Version: pulumi.String("1.0.0"),
},
&lacework.VulnerabilityExceptionContainerVulnerabilityCriteriaPackageArgs{
Name: pulumi.String("myOtherPackage"),
Version: pulumi.String("1.0.0"),
},
},
Severities: pulumi.StringArray{
pulumi.String("Critical"),
pulumi.String("High"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Lacework = Pulumi.Lacework;
return await Deployment.RunAsync(() =>
{
var example = new Lacework.VulnerabilityExceptionContainer("example", new()
{
Description = "This is a container vulnerability exception",
Enabled = true,
Expiry = "2023-06-06T15:55:15Z",
Reason = "Accepted Risk",
ResourceScope = new Lacework.Inputs.VulnerabilityExceptionContainerResourceScopeArgs
{
ImageIds = new[]
{
"sha256:3b83d9104a4c4ccf76433756f14a2ad109e2aae15444b63339",
},
ImageTags = new[]
{
"4.0",
"1.0",
"3.1",
"5.0",
},
Namespaces = new[]
{
"debian",
},
Registries = new[]
{
"index.docker.io",
},
Repositories = new[]
{
"lacework/lacework-cli",
},
},
VulnerabilityCriteria = new Lacework.Inputs.VulnerabilityExceptionContainerVulnerabilityCriteriaArgs
{
Cves = new[]
{
"cve-2021-11111",
"cve-2021-22222",
},
FixableVuln = "true",
Packages = new[]
{
new Lacework.Inputs.VulnerabilityExceptionContainerVulnerabilityCriteriaPackageArgs
{
Name = "myPackage",
Version = "1.0.0",
},
new Lacework.Inputs.VulnerabilityExceptionContainerVulnerabilityCriteriaPackageArgs
{
Name = "myOtherPackage",
Version = "1.0.0",
},
},
Severities = new[]
{
"Critical",
"High",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.lacework.VulnerabilityExceptionContainer;
import com.pulumi.lacework.VulnerabilityExceptionContainerArgs;
import com.pulumi.lacework.inputs.VulnerabilityExceptionContainerResourceScopeArgs;
import com.pulumi.lacework.inputs.VulnerabilityExceptionContainerVulnerabilityCriteriaArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new VulnerabilityExceptionContainer("example", VulnerabilityExceptionContainerArgs.builder()
.description("This is a container vulnerability exception")
.enabled(true)
.expiry("2023-06-06T15:55:15Z")
.reason("Accepted Risk")
.resourceScope(VulnerabilityExceptionContainerResourceScopeArgs.builder()
.imageIds("sha256:3b83d9104a4c4ccf76433756f14a2ad109e2aae15444b63339")
.imageTags(
"4.0",
"1.0",
"3.1",
"5.0")
.namespaces("debian")
.registries("index.docker.io")
.repositories("lacework/lacework-cli")
.build())
.vulnerabilityCriteria(VulnerabilityExceptionContainerVulnerabilityCriteriaArgs.builder()
.cves(
"cve-2021-11111",
"cve-2021-22222")
.fixableVuln("true")
.packages(
VulnerabilityExceptionContainerVulnerabilityCriteriaPackageArgs.builder()
.name("myPackage")
.version("1.0.0")
.build(),
VulnerabilityExceptionContainerVulnerabilityCriteriaPackageArgs.builder()
.name("myOtherPackage")
.version("1.0.0")
.build())
.severities(
"Critical",
"High")
.build())
.build());
}
}
resources:
example:
type: lacework:VulnerabilityExceptionContainer
properties:
description: This is a container vulnerability exception
enabled: true
expiry: 2023-06-06T15:55:15Z
reason: Accepted Risk
resourceScope:
imageIds:
- sha256:3b83d9104a4c4ccf76433756f14a2ad109e2aae15444b63339
imageTags:
- '4.0'
- '1.0'
- '3.1'
- '5.0'
namespaces:
- debian
registries:
- index.docker.io
repositories:
- lacework/lacework-cli
vulnerabilityCriteria:
cves:
- cve-2021-11111
- cve-2021-22222
fixableVuln: 'true'
packages:
- name: myPackage
version: 1.0.0
- name: myOtherPackage
version: 1.0.0
severities:
- Critical
- High
Create VulnerabilityExceptionContainer Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new VulnerabilityExceptionContainer(name: string, args: VulnerabilityExceptionContainerArgs, opts?: CustomResourceOptions);@overload
def VulnerabilityExceptionContainer(resource_name: str,
args: VulnerabilityExceptionContainerArgs,
opts: Optional[ResourceOptions] = None)
@overload
def VulnerabilityExceptionContainer(resource_name: str,
opts: Optional[ResourceOptions] = None,
vulnerability_criteria: Optional[VulnerabilityExceptionContainerVulnerabilityCriteriaArgs] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
expiry: Optional[str] = None,
name: Optional[str] = None,
reason: Optional[str] = None,
resource_scope: Optional[VulnerabilityExceptionContainerResourceScopeArgs] = None,
vulnerability_exception_container_id: Optional[str] = None)func NewVulnerabilityExceptionContainer(ctx *Context, name string, args VulnerabilityExceptionContainerArgs, opts ...ResourceOption) (*VulnerabilityExceptionContainer, error)public VulnerabilityExceptionContainer(string name, VulnerabilityExceptionContainerArgs args, CustomResourceOptions? opts = null)
public VulnerabilityExceptionContainer(String name, VulnerabilityExceptionContainerArgs args)
public VulnerabilityExceptionContainer(String name, VulnerabilityExceptionContainerArgs args, CustomResourceOptions options)
type: lacework:VulnerabilityExceptionContainer
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args VulnerabilityExceptionContainerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args VulnerabilityExceptionContainerArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args VulnerabilityExceptionContainerArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args VulnerabilityExceptionContainerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args VulnerabilityExceptionContainerArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var vulnerabilityExceptionContainerResource = new Lacework.VulnerabilityExceptionContainer("vulnerabilityExceptionContainerResource", new()
{
VulnerabilityCriteria = new Lacework.Inputs.VulnerabilityExceptionContainerVulnerabilityCriteriaArgs
{
Cves = new[]
{
"string",
},
FixableVuln = "string",
Packages = new[]
{
new Lacework.Inputs.VulnerabilityExceptionContainerVulnerabilityCriteriaPackageArgs
{
Name = "string",
Version = "string",
},
},
Severities = new[]
{
"string",
},
},
Description = "string",
Enabled = false,
Expiry = "string",
Name = "string",
Reason = "string",
ResourceScope = new Lacework.Inputs.VulnerabilityExceptionContainerResourceScopeArgs
{
ImageIds = new[]
{
"string",
},
ImageTags = new[]
{
"string",
},
Namespaces = new[]
{
"string",
},
Registries = new[]
{
"string",
},
Repositories = new[]
{
"string",
},
},
VulnerabilityExceptionContainerId = "string",
});
example, err := lacework.NewVulnerabilityExceptionContainer(ctx, "vulnerabilityExceptionContainerResource", &lacework.VulnerabilityExceptionContainerArgs{
VulnerabilityCriteria: &lacework.VulnerabilityExceptionContainerVulnerabilityCriteriaArgs{
Cves: pulumi.StringArray{
pulumi.String("string"),
},
FixableVuln: pulumi.String("string"),
Packages: lacework.VulnerabilityExceptionContainerVulnerabilityCriteriaPackageArray{
&lacework.VulnerabilityExceptionContainerVulnerabilityCriteriaPackageArgs{
Name: pulumi.String("string"),
Version: pulumi.String("string"),
},
},
Severities: pulumi.StringArray{
pulumi.String("string"),
},
},
Description: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Expiry: pulumi.String("string"),
Name: pulumi.String("string"),
Reason: pulumi.String("string"),
ResourceScope: &lacework.VulnerabilityExceptionContainerResourceScopeArgs{
ImageIds: pulumi.StringArray{
pulumi.String("string"),
},
ImageTags: pulumi.StringArray{
pulumi.String("string"),
},
Namespaces: pulumi.StringArray{
pulumi.String("string"),
},
Registries: pulumi.StringArray{
pulumi.String("string"),
},
Repositories: pulumi.StringArray{
pulumi.String("string"),
},
},
VulnerabilityExceptionContainerId: pulumi.String("string"),
})
var vulnerabilityExceptionContainerResource = new VulnerabilityExceptionContainer("vulnerabilityExceptionContainerResource", VulnerabilityExceptionContainerArgs.builder()
.vulnerabilityCriteria(VulnerabilityExceptionContainerVulnerabilityCriteriaArgs.builder()
.cves("string")
.fixableVuln("string")
.packages(VulnerabilityExceptionContainerVulnerabilityCriteriaPackageArgs.builder()
.name("string")
.version("string")
.build())
.severities("string")
.build())
.description("string")
.enabled(false)
.expiry("string")
.name("string")
.reason("string")
.resourceScope(VulnerabilityExceptionContainerResourceScopeArgs.builder()
.imageIds("string")
.imageTags("string")
.namespaces("string")
.registries("string")
.repositories("string")
.build())
.vulnerabilityExceptionContainerId("string")
.build());
vulnerability_exception_container_resource = lacework.VulnerabilityExceptionContainer("vulnerabilityExceptionContainerResource",
vulnerability_criteria={
"cves": ["string"],
"fixable_vuln": "string",
"packages": [{
"name": "string",
"version": "string",
}],
"severities": ["string"],
},
description="string",
enabled=False,
expiry="string",
name="string",
reason="string",
resource_scope={
"image_ids": ["string"],
"image_tags": ["string"],
"namespaces": ["string"],
"registries": ["string"],
"repositories": ["string"],
},
vulnerability_exception_container_id="string")
const vulnerabilityExceptionContainerResource = new lacework.VulnerabilityExceptionContainer("vulnerabilityExceptionContainerResource", {
vulnerabilityCriteria: {
cves: ["string"],
fixableVuln: "string",
packages: [{
name: "string",
version: "string",
}],
severities: ["string"],
},
description: "string",
enabled: false,
expiry: "string",
name: "string",
reason: "string",
resourceScope: {
imageIds: ["string"],
imageTags: ["string"],
namespaces: ["string"],
registries: ["string"],
repositories: ["string"],
},
vulnerabilityExceptionContainerId: "string",
});
type: lacework:VulnerabilityExceptionContainer
properties:
description: string
enabled: false
expiry: string
name: string
reason: string
resourceScope:
imageIds:
- string
imageTags:
- string
namespaces:
- string
registries:
- string
repositories:
- string
vulnerabilityCriteria:
cves:
- string
fixableVuln: string
packages:
- name: string
version: string
severities:
- string
vulnerabilityExceptionContainerId: string
VulnerabilityExceptionContainer Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The VulnerabilityExceptionContainer resource accepts the following input properties:
- Vulnerability
Criteria VulnerabilityException Container Vulnerability Criteria - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- Description string
- The description of the vulnerability exception.
- Enabled bool
- The state of the vulnerability exception. Defaults to
true. - Expiry string
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - Name string
- The vulnerability exception name.
- Reason string
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - Resource
Scope VulnerabilityException Container Resource Scope - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- Vulnerability
Exception stringContainer Id
- Vulnerability
Criteria VulnerabilityException Container Vulnerability Criteria Args - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- Description string
- The description of the vulnerability exception.
- Enabled bool
- The state of the vulnerability exception. Defaults to
true. - Expiry string
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - Name string
- The vulnerability exception name.
- Reason string
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - Resource
Scope VulnerabilityException Container Resource Scope Args - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- Vulnerability
Exception stringContainer Id
- vulnerability
Criteria VulnerabilityException Container Vulnerability Criteria - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- description String
- The description of the vulnerability exception.
- enabled Boolean
- The state of the vulnerability exception. Defaults to
true. - expiry String
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - name String
- The vulnerability exception name.
- reason String
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - resource
Scope VulnerabilityException Container Resource Scope - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- vulnerability
Exception StringContainer Id
- vulnerability
Criteria VulnerabilityException Container Vulnerability Criteria - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- description string
- The description of the vulnerability exception.
- enabled boolean
- The state of the vulnerability exception. Defaults to
true. - expiry string
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - name string
- The vulnerability exception name.
- reason string
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - resource
Scope VulnerabilityException Container Resource Scope - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- vulnerability
Exception stringContainer Id
- vulnerability_
criteria VulnerabilityException Container Vulnerability Criteria Args - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- description str
- The description of the vulnerability exception.
- enabled bool
- The state of the vulnerability exception. Defaults to
true. - expiry str
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - name str
- The vulnerability exception name.
- reason str
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - resource_
scope VulnerabilityException Container Resource Scope Args - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- vulnerability_
exception_ strcontainer_ id
- vulnerability
Criteria Property Map - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- description String
- The description of the vulnerability exception.
- enabled Boolean
- The state of the vulnerability exception. Defaults to
true. - expiry String
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - name String
- The vulnerability exception name.
- reason String
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - resource
Scope Property Map - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- vulnerability
Exception StringContainer Id
Outputs
All input properties are implicitly available as output properties. Additionally, the VulnerabilityExceptionContainer resource produces the following output properties:
- Created
By string - Created
Time string - Guid string
- Id string
- The provider-assigned unique ID for this managed resource.
- Type string
- Updated
By string - Updated
Time string
- Created
By string - Created
Time string - Guid string
- Id string
- The provider-assigned unique ID for this managed resource.
- Type string
- Updated
By string - Updated
Time string
- created
By String - created
Time String - guid String
- id String
- The provider-assigned unique ID for this managed resource.
- type String
- updated
By String - updated
Time String
- created
By string - created
Time string - guid string
- id string
- The provider-assigned unique ID for this managed resource.
- type string
- updated
By string - updated
Time string
- created_
by str - created_
time str - guid str
- id str
- The provider-assigned unique ID for this managed resource.
- type str
- updated_
by str - updated_
time str
- created
By String - created
Time String - guid String
- id String
- The provider-assigned unique ID for this managed resource.
- type String
- updated
By String - updated
Time String
Look up Existing VulnerabilityExceptionContainer Resource
Get an existing VulnerabilityExceptionContainer resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: VulnerabilityExceptionContainerState, opts?: CustomResourceOptions): VulnerabilityExceptionContainer@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
created_by: Optional[str] = None,
created_time: Optional[str] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
expiry: Optional[str] = None,
guid: Optional[str] = None,
name: Optional[str] = None,
reason: Optional[str] = None,
resource_scope: Optional[VulnerabilityExceptionContainerResourceScopeArgs] = None,
type: Optional[str] = None,
updated_by: Optional[str] = None,
updated_time: Optional[str] = None,
vulnerability_criteria: Optional[VulnerabilityExceptionContainerVulnerabilityCriteriaArgs] = None,
vulnerability_exception_container_id: Optional[str] = None) -> VulnerabilityExceptionContainerfunc GetVulnerabilityExceptionContainer(ctx *Context, name string, id IDInput, state *VulnerabilityExceptionContainerState, opts ...ResourceOption) (*VulnerabilityExceptionContainer, error)public static VulnerabilityExceptionContainer Get(string name, Input<string> id, VulnerabilityExceptionContainerState? state, CustomResourceOptions? opts = null)public static VulnerabilityExceptionContainer get(String name, Output<String> id, VulnerabilityExceptionContainerState state, CustomResourceOptions options)resources: _: type: lacework:VulnerabilityExceptionContainer get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Created
By string - Created
Time string - Description string
- The description of the vulnerability exception.
- Enabled bool
- The state of the vulnerability exception. Defaults to
true. - Expiry string
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - Guid string
- Name string
- The vulnerability exception name.
- Reason string
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - Resource
Scope VulnerabilityException Container Resource Scope - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- Type string
- Updated
By string - Updated
Time string - Vulnerability
Criteria VulnerabilityException Container Vulnerability Criteria - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- Vulnerability
Exception stringContainer Id
- Created
By string - Created
Time string - Description string
- The description of the vulnerability exception.
- Enabled bool
- The state of the vulnerability exception. Defaults to
true. - Expiry string
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - Guid string
- Name string
- The vulnerability exception name.
- Reason string
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - Resource
Scope VulnerabilityException Container Resource Scope Args - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- Type string
- Updated
By string - Updated
Time string - Vulnerability
Criteria VulnerabilityException Container Vulnerability Criteria Args - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- Vulnerability
Exception stringContainer Id
- created
By String - created
Time String - description String
- The description of the vulnerability exception.
- enabled Boolean
- The state of the vulnerability exception. Defaults to
true. - expiry String
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - guid String
- name String
- The vulnerability exception name.
- reason String
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - resource
Scope VulnerabilityException Container Resource Scope - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- type String
- updated
By String - updated
Time String - vulnerability
Criteria VulnerabilityException Container Vulnerability Criteria - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- vulnerability
Exception StringContainer Id
- created
By string - created
Time string - description string
- The description of the vulnerability exception.
- enabled boolean
- The state of the vulnerability exception. Defaults to
true. - expiry string
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - guid string
- name string
- The vulnerability exception name.
- reason string
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - resource
Scope VulnerabilityException Container Resource Scope - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- type string
- updated
By string - updated
Time string - vulnerability
Criteria VulnerabilityException Container Vulnerability Criteria - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- vulnerability
Exception stringContainer Id
- created_
by str - created_
time str - description str
- The description of the vulnerability exception.
- enabled bool
- The state of the vulnerability exception. Defaults to
true. - expiry str
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - guid str
- name str
- The vulnerability exception name.
- reason str
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - resource_
scope VulnerabilityException Container Resource Scope Args - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- type str
- updated_
by str - updated_
time str - vulnerability_
criteria VulnerabilityException Container Vulnerability Criteria Args - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- vulnerability_
exception_ strcontainer_ id
- created
By String - created
Time String - description String
- The description of the vulnerability exception.
- enabled Boolean
- The state of the vulnerability exception. Defaults to
true. - expiry String
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - guid String
- name String
- The vulnerability exception name.
- reason String
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - resource
Scope Property Map - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- type String
- updated
By String - updated
Time String - vulnerability
Criteria Property Map - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- vulnerability
Exception StringContainer Id
Supporting Types
VulnerabilityExceptionContainerResourceScope, VulnerabilityExceptionContainerResourceScopeArgs
- Image
Ids List<string> - The list of sha256 hashes that was generated for one or more container images.
- List<string>
- The list of container image tags.
- Namespaces List<string>
- The list of namespace for the package distribution (for example, an operating system or language package).
- Registries List<string>
- The list of container registries.
- Repositories List<string>
- The list of container repositories.
- Image
Ids []string - The list of sha256 hashes that was generated for one or more container images.
- []string
- The list of container image tags.
- Namespaces []string
- The list of namespace for the package distribution (for example, an operating system or language package).
- Registries []string
- The list of container registries.
- Repositories []string
- The list of container repositories.
- image
Ids List<String> - The list of sha256 hashes that was generated for one or more container images.
- List<String>
- The list of container image tags.
- namespaces List<String>
- The list of namespace for the package distribution (for example, an operating system or language package).
- registries List<String>
- The list of container registries.
- repositories List<String>
- The list of container repositories.
- image
Ids string[] - The list of sha256 hashes that was generated for one or more container images.
- string[]
- The list of container image tags.
- namespaces string[]
- The list of namespace for the package distribution (for example, an operating system or language package).
- registries string[]
- The list of container registries.
- repositories string[]
- The list of container repositories.
- image_
ids Sequence[str] - The list of sha256 hashes that was generated for one or more container images.
- Sequence[str]
- The list of container image tags.
- namespaces Sequence[str]
- The list of namespace for the package distribution (for example, an operating system or language package).
- registries Sequence[str]
- The list of container registries.
- repositories Sequence[str]
- The list of container repositories.
- image
Ids List<String> - The list of sha256 hashes that was generated for one or more container images.
- List<String>
- The list of container image tags.
- namespaces List<String>
- The list of namespace for the package distribution (for example, an operating system or language package).
- registries List<String>
- The list of container registries.
- repositories List<String>
- The list of container repositories.
VulnerabilityExceptionContainerVulnerabilityCriteria, VulnerabilityExceptionContainerVulnerabilityCriteriaArgs
- Cves List<string>
- The list of vulnerability (CVE) IDs.
- Fixable
Vuln string - Whether to filter on fixable or non-fixable vulnerability. This argument is of type
string. Valid values are:"true","false". - Packages
List<Vulnerability
Exception Container Vulnerability Criteria Package> - The list of package names (for example, an operating system or language package) to constraint.
- Severities List<string>
- The list of severities to which the exception will be constraint. Valid severities
include:
Critical,High,Medium,LowandInfo.
- Cves []string
- The list of vulnerability (CVE) IDs.
- Fixable
Vuln string - Whether to filter on fixable or non-fixable vulnerability. This argument is of type
string. Valid values are:"true","false". - Packages
[]Vulnerability
Exception Container Vulnerability Criteria Package - The list of package names (for example, an operating system or language package) to constraint.
- Severities []string
- The list of severities to which the exception will be constraint. Valid severities
include:
Critical,High,Medium,LowandInfo.
- cves List<String>
- The list of vulnerability (CVE) IDs.
- fixable
Vuln String - Whether to filter on fixable or non-fixable vulnerability. This argument is of type
string. Valid values are:"true","false". - packages
List<Vulnerability
Exception Container Vulnerability Criteria Package> - The list of package names (for example, an operating system or language package) to constraint.
- severities List<String>
- The list of severities to which the exception will be constraint. Valid severities
include:
Critical,High,Medium,LowandInfo.
- cves string[]
- The list of vulnerability (CVE) IDs.
- fixable
Vuln string - Whether to filter on fixable or non-fixable vulnerability. This argument is of type
string. Valid values are:"true","false". - packages
Vulnerability
Exception Container Vulnerability Criteria Package[] - The list of package names (for example, an operating system or language package) to constraint.
- severities string[]
- The list of severities to which the exception will be constraint. Valid severities
include:
Critical,High,Medium,LowandInfo.
- cves Sequence[str]
- The list of vulnerability (CVE) IDs.
- fixable_
vuln str - Whether to filter on fixable or non-fixable vulnerability. This argument is of type
string. Valid values are:"true","false". - packages
Sequence[Vulnerability
Exception Container Vulnerability Criteria Package] - The list of package names (for example, an operating system or language package) to constraint.
- severities Sequence[str]
- The list of severities to which the exception will be constraint. Valid severities
include:
Critical,High,Medium,LowandInfo.
- cves List<String>
- The list of vulnerability (CVE) IDs.
- fixable
Vuln String - Whether to filter on fixable or non-fixable vulnerability. This argument is of type
string. Valid values are:"true","false". - packages List<Property Map>
- The list of package names (for example, an operating system or language package) to constraint.
- severities List<String>
- The list of severities to which the exception will be constraint. Valid severities
include:
Critical,High,Medium,LowandInfo.
VulnerabilityExceptionContainerVulnerabilityCriteriaPackage, VulnerabilityExceptionContainerVulnerabilityCriteriaPackageArgs
Import
A Lacework vulnerability wxception for containers can be imported using a GUID, e.g.
$ pulumi import lacework:index/vulnerabilityExceptionContainer:VulnerabilityExceptionContainer example EXAMPLE_1234BAE1E42182964D23973F44CFEA3C4AB63B99E9A1EC5
-> Note: To retrieve the GUID from existing vulnerability exception in your account, use
the Lacework CLI command lacework vulnerability-exception list. To install this tool follow
this documentation.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- lacework lacework/terraform-provider-lacework
- License
- Notes
- This Pulumi package is based on the
laceworkTerraform Provider.