Docs Home
sysdig 1.56.0 published on Wednesday, Apr 30, 2025 by sysdiglabs
sysdig.SecureScanningPolicy
Explore with Pulumi AI
sysdig 1.56.0 published on Wednesday, Apr 30, 2025 by sysdiglabs
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as sysdig from "@pulumi/sysdig";
const scanningPolicyExample = new sysdig.SecureScanningPolicy("scanningPolicyExample", {
comment: "Scanning Policy Description",
rules: [
{
action: "WARN",
gate: "dockerfile",
params: [
{
name: "users",
value: "docker",
},
{
name: "type",
value: "blacklist",
},
],
trigger: "effective_user",
},
{
action: "WARN",
gate: "files",
params: [{
name: "filename",
value: "/etc/passwd",
}],
trigger: "attribute_match",
},
{
action: "WARN",
gate: "vulnerabilities",
params: [
{
name: "package_type",
value: "all",
},
{
name: "severity",
value: "medium",
},
],
trigger: "package",
},
],
});
import pulumi
import pulumi_sysdig as sysdig
scanning_policy_example = sysdig.SecureScanningPolicy("scanningPolicyExample",
comment="Scanning Policy Description",
rules=[
{
"action": "WARN",
"gate": "dockerfile",
"params": [
{
"name": "users",
"value": "docker",
},
{
"name": "type",
"value": "blacklist",
},
],
"trigger": "effective_user",
},
{
"action": "WARN",
"gate": "files",
"params": [{
"name": "filename",
"value": "/etc/passwd",
}],
"trigger": "attribute_match",
},
{
"action": "WARN",
"gate": "vulnerabilities",
"params": [
{
"name": "package_type",
"value": "all",
},
{
"name": "severity",
"value": "medium",
},
],
"trigger": "package",
},
])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/sysdig/sysdig"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sysdig.NewSecureScanningPolicy(ctx, "scanningPolicyExample", &sysdig.SecureScanningPolicyArgs{
Comment: pulumi.String("Scanning Policy Description"),
Rules: sysdig.SecureScanningPolicyRuleArray{
&sysdig.SecureScanningPolicyRuleArgs{
Action: pulumi.String("WARN"),
Gate: pulumi.String("dockerfile"),
Params: sysdig.SecureScanningPolicyRuleParamArray{
&sysdig.SecureScanningPolicyRuleParamArgs{
Name: pulumi.String("users"),
Value: pulumi.String("docker"),
},
&sysdig.SecureScanningPolicyRuleParamArgs{
Name: pulumi.String("type"),
Value: pulumi.String("blacklist"),
},
},
Trigger: pulumi.String("effective_user"),
},
&sysdig.SecureScanningPolicyRuleArgs{
Action: pulumi.String("WARN"),
Gate: pulumi.String("files"),
Params: sysdig.SecureScanningPolicyRuleParamArray{
&sysdig.SecureScanningPolicyRuleParamArgs{
Name: pulumi.String("filename"),
Value: pulumi.String("/etc/passwd"),
},
},
Trigger: pulumi.String("attribute_match"),
},
&sysdig.SecureScanningPolicyRuleArgs{
Action: pulumi.String("WARN"),
Gate: pulumi.String("vulnerabilities"),
Params: sysdig.SecureScanningPolicyRuleParamArray{
&sysdig.SecureScanningPolicyRuleParamArgs{
Name: pulumi.String("package_type"),
Value: pulumi.String("all"),
},
&sysdig.SecureScanningPolicyRuleParamArgs{
Name: pulumi.String("severity"),
Value: pulumi.String("medium"),
},
},
Trigger: pulumi.String("package"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sysdig = Pulumi.Sysdig;
return await Deployment.RunAsync(() =>
{
var scanningPolicyExample = new Sysdig.SecureScanningPolicy("scanningPolicyExample", new()
{
Comment = "Scanning Policy Description",
Rules = new[]
{
new Sysdig.Inputs.SecureScanningPolicyRuleArgs
{
Action = "WARN",
Gate = "dockerfile",
Params = new[]
{
new Sysdig.Inputs.SecureScanningPolicyRuleParamArgs
{
Name = "users",
Value = "docker",
},
new Sysdig.Inputs.SecureScanningPolicyRuleParamArgs
{
Name = "type",
Value = "blacklist",
},
},
Trigger = "effective_user",
},
new Sysdig.Inputs.SecureScanningPolicyRuleArgs
{
Action = "WARN",
Gate = "files",
Params = new[]
{
new Sysdig.Inputs.SecureScanningPolicyRuleParamArgs
{
Name = "filename",
Value = "/etc/passwd",
},
},
Trigger = "attribute_match",
},
new Sysdig.Inputs.SecureScanningPolicyRuleArgs
{
Action = "WARN",
Gate = "vulnerabilities",
Params = new[]
{
new Sysdig.Inputs.SecureScanningPolicyRuleParamArgs
{
Name = "package_type",
Value = "all",
},
new Sysdig.Inputs.SecureScanningPolicyRuleParamArgs
{
Name = "severity",
Value = "medium",
},
},
Trigger = "package",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sysdig.SecureScanningPolicy;
import com.pulumi.sysdig.SecureScanningPolicyArgs;
import com.pulumi.sysdig.inputs.SecureScanningPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var scanningPolicyExample = new SecureScanningPolicy("scanningPolicyExample", SecureScanningPolicyArgs.builder()
.comment("Scanning Policy Description")
.rules(
SecureScanningPolicyRuleArgs.builder()
.action("WARN")
.gate("dockerfile")
.params(
SecureScanningPolicyRuleParamArgs.builder()
.name("users")
.value("docker")
.build(),
SecureScanningPolicyRuleParamArgs.builder()
.name("type")
.value("blacklist")
.build())
.trigger("effective_user")
.build(),
SecureScanningPolicyRuleArgs.builder()
.action("WARN")
.gate("files")
.params(SecureScanningPolicyRuleParamArgs.builder()
.name("filename")
.value("/etc/passwd")
.build())
.trigger("attribute_match")
.build(),
SecureScanningPolicyRuleArgs.builder()
.action("WARN")
.gate("vulnerabilities")
.params(
SecureScanningPolicyRuleParamArgs.builder()
.name("package_type")
.value("all")
.build(),
SecureScanningPolicyRuleParamArgs.builder()
.name("severity")
.value("medium")
.build())
.trigger("package")
.build())
.build());
}
}
resources:
scanningPolicyExample:
type: sysdig:SecureScanningPolicy
properties:
comment: Scanning Policy Description
rules:
- action: WARN
gate: dockerfile
params:
- name: users
value: docker
- name: type
value: blacklist
trigger: effective_user
- action: WARN
gate: files
params:
- name: filename
value: /etc/passwd
trigger: attribute_match
- action: WARN
gate: vulnerabilities
params:
- name: package_type
value: all
- name: severity
value: medium
trigger: package
Create SecureScanningPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecureScanningPolicy(name: string, args: SecureScanningPolicyArgs, opts?: CustomResourceOptions);@overload
def SecureScanningPolicy(resource_name: str,
args: SecureScanningPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SecureScanningPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
comment: Optional[str] = None,
rules: Optional[Sequence[SecureScanningPolicyRuleArgs]] = None,
name: Optional[str] = None,
policy_bundle_id: Optional[str] = None,
timeouts: Optional[SecureScanningPolicyTimeoutsArgs] = None,
version: Optional[str] = None)func NewSecureScanningPolicy(ctx *Context, name string, args SecureScanningPolicyArgs, opts ...ResourceOption) (*SecureScanningPolicy, error)public SecureScanningPolicy(string name, SecureScanningPolicyArgs args, CustomResourceOptions? opts = null)
public SecureScanningPolicy(String name, SecureScanningPolicyArgs args)
public SecureScanningPolicy(String name, SecureScanningPolicyArgs args, CustomResourceOptions options)
type: sysdig:SecureScanningPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecureScanningPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecureScanningPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecureScanningPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecureScanningPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecureScanningPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var secureScanningPolicyResource = new Sysdig.SecureScanningPolicy("secureScanningPolicyResource", new()
{
Comment = "string",
Rules = new[]
{
new Sysdig.Inputs.SecureScanningPolicyRuleArgs
{
Action = "string",
Gate = "string",
Params = new[]
{
new Sysdig.Inputs.SecureScanningPolicyRuleParamArgs
{
Name = "string",
Value = "string",
},
},
Trigger = "string",
Id = "string",
},
},
Name = "string",
PolicyBundleId = "string",
Timeouts = new Sysdig.Inputs.SecureScanningPolicyTimeoutsArgs
{
Create = "string",
Delete = "string",
Read = "string",
Update = "string",
},
Version = "string",
});
example, err := sysdig.NewSecureScanningPolicy(ctx, "secureScanningPolicyResource", &sysdig.SecureScanningPolicyArgs{
Comment: pulumi.String("string"),
Rules: sysdig.SecureScanningPolicyRuleArray{
&sysdig.SecureScanningPolicyRuleArgs{
Action: pulumi.String("string"),
Gate: pulumi.String("string"),
Params: sysdig.SecureScanningPolicyRuleParamArray{
&sysdig.SecureScanningPolicyRuleParamArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
Trigger: pulumi.String("string"),
Id: pulumi.String("string"),
},
},
Name: pulumi.String("string"),
PolicyBundleId: pulumi.String("string"),
Timeouts: &sysdig.SecureScanningPolicyTimeoutsArgs{
Create: pulumi.String("string"),
Delete: pulumi.String("string"),
Read: pulumi.String("string"),
Update: pulumi.String("string"),
},
Version: pulumi.String("string"),
})
var secureScanningPolicyResource = new SecureScanningPolicy("secureScanningPolicyResource", SecureScanningPolicyArgs.builder()
.comment("string")
.rules(SecureScanningPolicyRuleArgs.builder()
.action("string")
.gate("string")
.params(SecureScanningPolicyRuleParamArgs.builder()
.name("string")
.value("string")
.build())
.trigger("string")
.id("string")
.build())
.name("string")
.policyBundleId("string")
.timeouts(SecureScanningPolicyTimeoutsArgs.builder()
.create("string")
.delete("string")
.read("string")
.update("string")
.build())
.version("string")
.build());
secure_scanning_policy_resource = sysdig.SecureScanningPolicy("secureScanningPolicyResource",
comment="string",
rules=[{
"action": "string",
"gate": "string",
"params": [{
"name": "string",
"value": "string",
}],
"trigger": "string",
"id": "string",
}],
name="string",
policy_bundle_id="string",
timeouts={
"create": "string",
"delete": "string",
"read": "string",
"update": "string",
},
version="string")
const secureScanningPolicyResource = new sysdig.SecureScanningPolicy("secureScanningPolicyResource", {
comment: "string",
rules: [{
action: "string",
gate: "string",
params: [{
name: "string",
value: "string",
}],
trigger: "string",
id: "string",
}],
name: "string",
policyBundleId: "string",
timeouts: {
create: "string",
"delete": "string",
read: "string",
update: "string",
},
version: "string",
});
type: sysdig:SecureScanningPolicy
properties:
comment: string
name: string
policyBundleId: string
rules:
- action: string
gate: string
id: string
params:
- name: string
value: string
trigger: string
timeouts:
create: string
delete: string
read: string
update: string
version: string
SecureScanningPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SecureScanningPolicy resource accepts the following input properties:
- Comment string
- The description of Secure scanning policy.
- Rules
List<Secure
Scanning Policy Rule> - Define all rules included in the Policy for scanning detection.
- Name string
- The name of the Secure policy. It must be unique.
- Policy
Bundle stringId - Timeouts
Secure
Scanning Policy Timeouts - Version string
- Comment string
- The description of Secure scanning policy.
- Rules
[]Secure
Scanning Policy Rule Args - Define all rules included in the Policy for scanning detection.
- Name string
- The name of the Secure policy. It must be unique.
- Policy
Bundle stringId - Timeouts
Secure
Scanning Policy Timeouts Args - Version string
- comment String
- The description of Secure scanning policy.
- rules
List<Secure
Scanning Policy Rule> - Define all rules included in the Policy for scanning detection.
- name String
- The name of the Secure policy. It must be unique.
- policy
Bundle StringId - timeouts
Secure
Scanning Policy Timeouts - version String
- comment string
- The description of Secure scanning policy.
- rules
Secure
Scanning Policy Rule[] - Define all rules included in the Policy for scanning detection.
- name string
- The name of the Secure policy. It must be unique.
- policy
Bundle stringId - timeouts
Secure
Scanning Policy Timeouts - version string
- comment str
- The description of Secure scanning policy.
- rules
Sequence[Secure
Scanning Policy Rule Args] - Define all rules included in the Policy for scanning detection.
- name str
- The name of the Secure policy. It must be unique.
- policy_
bundle_ strid - timeouts
Secure
Scanning Policy Timeouts Args - version str
- comment String
- The description of Secure scanning policy.
- rules List<Property Map>
- Define all rules included in the Policy for scanning detection.
- name String
- The name of the Secure policy. It must be unique.
- policy
Bundle StringId - timeouts Property Map
- version String
Outputs
All input properties are implicitly available as output properties. Additionally, the SecureScanningPolicy resource produces the following output properties:
Look up Existing SecureScanningPolicy Resource
Get an existing SecureScanningPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecureScanningPolicyState, opts?: CustomResourceOptions): SecureScanningPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
comment: Optional[str] = None,
isdefault: Optional[bool] = None,
name: Optional[str] = None,
policy_bundle_id: Optional[str] = None,
rules: Optional[Sequence[SecureScanningPolicyRuleArgs]] = None,
timeouts: Optional[SecureScanningPolicyTimeoutsArgs] = None,
version: Optional[str] = None) -> SecureScanningPolicyfunc GetSecureScanningPolicy(ctx *Context, name string, id IDInput, state *SecureScanningPolicyState, opts ...ResourceOption) (*SecureScanningPolicy, error)public static SecureScanningPolicy Get(string name, Input<string> id, SecureScanningPolicyState? state, CustomResourceOptions? opts = null)public static SecureScanningPolicy get(String name, Output<String> id, SecureScanningPolicyState state, CustomResourceOptions options)resources: _: type: sysdig:SecureScanningPolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Comment string
- The description of Secure scanning policy.
- Isdefault bool
- Name string
- The name of the Secure policy. It must be unique.
- Policy
Bundle stringId - Rules
List<Secure
Scanning Policy Rule> - Define all rules included in the Policy for scanning detection.
- Timeouts
Secure
Scanning Policy Timeouts - Version string
- Comment string
- The description of Secure scanning policy.
- Isdefault bool
- Name string
- The name of the Secure policy. It must be unique.
- Policy
Bundle stringId - Rules
[]Secure
Scanning Policy Rule Args - Define all rules included in the Policy for scanning detection.
- Timeouts
Secure
Scanning Policy Timeouts Args - Version string
- comment String
- The description of Secure scanning policy.
- isdefault Boolean
- name String
- The name of the Secure policy. It must be unique.
- policy
Bundle StringId - rules
List<Secure
Scanning Policy Rule> - Define all rules included in the Policy for scanning detection.
- timeouts
Secure
Scanning Policy Timeouts - version String
- comment string
- The description of Secure scanning policy.
- isdefault boolean
- name string
- The name of the Secure policy. It must be unique.
- policy
Bundle stringId - rules
Secure
Scanning Policy Rule[] - Define all rules included in the Policy for scanning detection.
- timeouts
Secure
Scanning Policy Timeouts - version string
- comment str
- The description of Secure scanning policy.
- isdefault bool
- name str
- The name of the Secure policy. It must be unique.
- policy_
bundle_ strid - rules
Sequence[Secure
Scanning Policy Rule Args] - Define all rules included in the Policy for scanning detection.
- timeouts
Secure
Scanning Policy Timeouts Args - version str
- comment String
- The description of Secure scanning policy.
- isdefault Boolean
- name String
- The name of the Secure policy. It must be unique.
- policy
Bundle StringId - rules List<Property Map>
- Define all rules included in the Policy for scanning detection.
- timeouts Property Map
- version String
Supporting Types
SecureScanningPolicyRule, SecureScanningPolicyRuleArgs
- Action string
- define the action to take if one gate triggers what would affect the policy results. Must be
WARNorSTOP. - Gate string
- Must be one of
always,dockerfile,files,licenses,metadata,npms,packages,passwd_file,retrieved_files,vulnerabilities,secret_scans,ruby_gems. You can see the description of each gate in this link. - Params
List<Secure
Scanning Policy Rule Param> - Each gate and trigger options have different parameter configurations. Review the previous link to see all options.
- Trigger string
- Each gate have different trigger options and parameters. Check possible triggers per gate in the previous link.
- Id string
- Action string
- define the action to take if one gate triggers what would affect the policy results. Must be
WARNorSTOP. - Gate string
- Must be one of
always,dockerfile,files,licenses,metadata,npms,packages,passwd_file,retrieved_files,vulnerabilities,secret_scans,ruby_gems. You can see the description of each gate in this link. - Params
[]Secure
Scanning Policy Rule Param - Each gate and trigger options have different parameter configurations. Review the previous link to see all options.
- Trigger string
- Each gate have different trigger options and parameters. Check possible triggers per gate in the previous link.
- Id string
- action String
- define the action to take if one gate triggers what would affect the policy results. Must be
WARNorSTOP. - gate String
- Must be one of
always,dockerfile,files,licenses,metadata,npms,packages,passwd_file,retrieved_files,vulnerabilities,secret_scans,ruby_gems. You can see the description of each gate in this link. - params
List<Secure
Scanning Policy Rule Param> - Each gate and trigger options have different parameter configurations. Review the previous link to see all options.
- trigger String
- Each gate have different trigger options and parameters. Check possible triggers per gate in the previous link.
- id String
- action string
- define the action to take if one gate triggers what would affect the policy results. Must be
WARNorSTOP. - gate string
- Must be one of
always,dockerfile,files,licenses,metadata,npms,packages,passwd_file,retrieved_files,vulnerabilities,secret_scans,ruby_gems. You can see the description of each gate in this link. - params
Secure
Scanning Policy Rule Param[] - Each gate and trigger options have different parameter configurations. Review the previous link to see all options.
- trigger string
- Each gate have different trigger options and parameters. Check possible triggers per gate in the previous link.
- id string
- action str
- define the action to take if one gate triggers what would affect the policy results. Must be
WARNorSTOP. - gate str
- Must be one of
always,dockerfile,files,licenses,metadata,npms,packages,passwd_file,retrieved_files,vulnerabilities,secret_scans,ruby_gems. You can see the description of each gate in this link. - params
Sequence[Secure
Scanning Policy Rule Param] - Each gate and trigger options have different parameter configurations. Review the previous link to see all options.
- trigger str
- Each gate have different trigger options and parameters. Check possible triggers per gate in the previous link.
- id str
- action String
- define the action to take if one gate triggers what would affect the policy results. Must be
WARNorSTOP. - gate String
- Must be one of
always,dockerfile,files,licenses,metadata,npms,packages,passwd_file,retrieved_files,vulnerabilities,secret_scans,ruby_gems. You can see the description of each gate in this link. - params List<Property Map>
- Each gate and trigger options have different parameter configurations. Review the previous link to see all options.
- trigger String
- Each gate have different trigger options and parameters. Check possible triggers per gate in the previous link.
- id String
SecureScanningPolicyRuleParam, SecureScanningPolicyRuleParamArgs
SecureScanningPolicyTimeouts, SecureScanningPolicyTimeoutsArgs
Import
Secure scanning policies can be imported using the ID, e.g.
$ pulumi import sysdig:index/secureScanningPolicy:SecureScanningPolicy example policy_123456
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- sysdig sysdiglabs/terraform-provider-sysdig
- License
- Notes
- This Pulumi package is based on the
sysdigTerraform Provider.
sysdig 1.56.0 published on Wednesday, Apr 30, 2025 by sysdiglabs