Aquasec v0.8.29 published on Monday, Jul 22, 2024 by Pulumiverse
aquasec.getHostAssurancePolicy
Explore with Pulumi AI
Using getHostAssurancePolicy
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getHostAssurancePolicy(args: GetHostAssurancePolicyArgs, opts?: InvokeOptions): Promise<GetHostAssurancePolicyResult>
function getHostAssurancePolicyOutput(args: GetHostAssurancePolicyOutputArgs, opts?: InvokeOptions): Output<GetHostAssurancePolicyResult>
def get_host_assurance_policy(name: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetHostAssurancePolicyResult
def get_host_assurance_policy_output(name: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetHostAssurancePolicyResult]
func LookupHostAssurancePolicy(ctx *Context, args *LookupHostAssurancePolicyArgs, opts ...InvokeOption) (*LookupHostAssurancePolicyResult, error)
func LookupHostAssurancePolicyOutput(ctx *Context, args *LookupHostAssurancePolicyOutputArgs, opts ...InvokeOption) LookupHostAssurancePolicyResultOutput
> Note: This function is named LookupHostAssurancePolicy
in the Go SDK.
public static class GetHostAssurancePolicy
{
public static Task<GetHostAssurancePolicyResult> InvokeAsync(GetHostAssurancePolicyArgs args, InvokeOptions? opts = null)
public static Output<GetHostAssurancePolicyResult> Invoke(GetHostAssurancePolicyInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetHostAssurancePolicyResult> getHostAssurancePolicy(GetHostAssurancePolicyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: aquasec:index/getHostAssurancePolicy:getHostAssurancePolicy
arguments:
# arguments dictionary
The following arguments are supported:
- Name string
- Name string
- name String
- name string
- name str
- name String
getHostAssurancePolicy Result
The following output properties are available:
- Allowed
Images List<string> - List of explicitly allowed images.
- Application
Scopes List<string> - Audit
On boolFailure - Indicates if auditing for failures.
- string
- Name of user account that created the policy.
- Auto
Scan boolConfigured - Auto
Scan boolEnabled - Auto
Scan List<Pulumiverse.Times Aquasec. Outputs. Get Host Assurance Policy Auto Scan Time> - Blacklist
Permissions List<string> - List of function's forbidden permissions.
- Blacklist
Permissions boolEnabled - Indicates if blacklist permissions is relevant.
- Blacklisted
Licenses List<string> - List of blacklisted licenses.
- Blacklisted
Licenses boolEnabled - Indicates if license blacklist is relevant.
- Block
Failed bool - Indicates if failed images are blocked.
- Control
Exclude boolNo Fix - Custom
Checks List<Pulumiverse.Aquasec. Outputs. Get Host Assurance Policy Custom Check> - List of Custom user scripts for checks.
- Custom
Checks boolEnabled - Indicates if scanning should include custom checks.
- Custom
Severity boolEnabled - Cves
Black boolList Enabled - Indicates if CVEs blacklist is relevant.
- Cves
Black List<string>Lists - List of CVEs blacklisted items.
- Cves
White boolList Enabled - Indicates if CVEs whitelist is relevant.
- Cves
White List<string>Lists - List of cves whitelisted licenses
- Cvss
Severity string - Identifier of the cvss severity.
- Cvss
Severity boolEnabled - Indicates if the cvss severity is scanned.
- Cvss
Severity boolExclude No Fix - Indicates that policy should ignore cvss cases that do not have a known fix.
- Description string
- Disallow
Malware bool - Indicates if malware should block the image.
- Docker
Cis boolEnabled - Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
- Domain string
- Name of the container image.
- Domain
Name string - Dta
Enabled bool - Dta
Severity string - Enabled bool
- Enforce bool
- Enforce
After intDays - Enforce
Excessive boolPermissions - Exceptional
Monitored List<string>Malware Paths - Fail
Cicd bool - Indicates if cicd failures will fail the image.
- Forbidden
Labels List<Pulumiverse.Aquasec. Outputs. Get Host Assurance Policy Forbidden Label> - Forbidden
Labels boolEnabled - Force
Microenforcer bool - Function
Integrity boolEnabled - Id string
- The ID of this resource.
- Ignore
Recently boolPublished Vln - Ignore
Recently intPublished Vln Period - Ignore
Risk boolResources Enabled - Indicates if risk resources are ignored.
- Ignored
Risk List<string>Resources - List of ignored risk resources.
- Images List<string>
- List of images.
- Kube
Cis boolEnabled - Performs a Kubernetes CIS benchmark check for the host.
- Labels List<string>
- List of labels.
- Malware
Action string - Maximum
Score double - Value of allowed maximum score.
- Maximum
Score boolEnabled - Indicates if exceeding the maximum score is scanned.
- Maximum
Score boolExclude No Fix - Indicates that policy should ignore cases that do not have a known fix.
- Monitored
Malware List<string>Paths - Name string
- Only
None boolRoot Users - Indicates if raise a warning for images that should only be run as root.
- Packages
Black boolList Enabled - Indicates if packages blacklist is relevant.
- Packages
Black List<Pulumiverse.Lists Aquasec. Outputs. Get Host Assurance Policy Packages Black List> - List of blacklisted images.
- Packages
White boolList Enabled - Indicates if packages whitelist is relevant.
- Packages
White List<Pulumiverse.Lists Aquasec. Outputs. Get Host Assurance Policy Packages White List> - List of whitelisted images.
- Partial
Results boolImage Fail - Read
Only bool - Registries List<string>
- List of registries.
- Registry string
- Required
Labels List<Pulumiverse.Aquasec. Outputs. Get Host Assurance Policy Required Label> - Required
Labels boolEnabled - Scan
Nfs boolMounts - Scan
Sensitive boolData - Indicates if scan should include sensitive data in the image.
- Scap
Enabled bool - Indicates if scanning should include scap.
- Scap
Files List<string> - List of SCAP user scripts for checks.
- Scopes
List<Pulumiverse.
Aquasec. Outputs. Get Host Assurance Policy Scope> - Trusted
Base List<Pulumiverse.Images Aquasec. Outputs. Get Host Assurance Policy Trusted Base Image> - List of trusted images.
- Trusted
Base boolImages Enabled - Indicates if list of trusted base images is relevant.
- Whitelisted
Licenses List<string> - List of whitelisted licenses.
- Whitelisted
Licenses boolEnabled - Indicates if license blacklist is relevant.
- Allowed
Images []string - List of explicitly allowed images.
- Application
Scopes []string - Audit
On boolFailure - Indicates if auditing for failures.
- string
- Name of user account that created the policy.
- Auto
Scan boolConfigured - Auto
Scan boolEnabled - Auto
Scan []GetTimes Host Assurance Policy Auto Scan Time - Blacklist
Permissions []string - List of function's forbidden permissions.
- Blacklist
Permissions boolEnabled - Indicates if blacklist permissions is relevant.
- Blacklisted
Licenses []string - List of blacklisted licenses.
- Blacklisted
Licenses boolEnabled - Indicates if license blacklist is relevant.
- Block
Failed bool - Indicates if failed images are blocked.
- Control
Exclude boolNo Fix - Custom
Checks []GetHost Assurance Policy Custom Check - List of Custom user scripts for checks.
- Custom
Checks boolEnabled - Indicates if scanning should include custom checks.
- Custom
Severity boolEnabled - Cves
Black boolList Enabled - Indicates if CVEs blacklist is relevant.
- Cves
Black []stringLists - List of CVEs blacklisted items.
- Cves
White boolList Enabled - Indicates if CVEs whitelist is relevant.
- Cves
White []stringLists - List of cves whitelisted licenses
- Cvss
Severity string - Identifier of the cvss severity.
- Cvss
Severity boolEnabled - Indicates if the cvss severity is scanned.
- Cvss
Severity boolExclude No Fix - Indicates that policy should ignore cvss cases that do not have a known fix.
- Description string
- Disallow
Malware bool - Indicates if malware should block the image.
- Docker
Cis boolEnabled - Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
- Domain string
- Name of the container image.
- Domain
Name string - Dta
Enabled bool - Dta
Severity string - Enabled bool
- Enforce bool
- Enforce
After intDays - Enforce
Excessive boolPermissions - Exceptional
Monitored []stringMalware Paths - Fail
Cicd bool - Indicates if cicd failures will fail the image.
- Forbidden
Labels []GetHost Assurance Policy Forbidden Label - Forbidden
Labels boolEnabled - Force
Microenforcer bool - Function
Integrity boolEnabled - Id string
- The ID of this resource.
- Ignore
Recently boolPublished Vln - Ignore
Recently intPublished Vln Period - Ignore
Risk boolResources Enabled - Indicates if risk resources are ignored.
- Ignored
Risk []stringResources - List of ignored risk resources.
- Images []string
- List of images.
- Kube
Cis boolEnabled - Performs a Kubernetes CIS benchmark check for the host.
- Labels []string
- List of labels.
- Malware
Action string - Maximum
Score float64 - Value of allowed maximum score.
- Maximum
Score boolEnabled - Indicates if exceeding the maximum score is scanned.
- Maximum
Score boolExclude No Fix - Indicates that policy should ignore cases that do not have a known fix.
- Monitored
Malware []stringPaths - Name string
- Only
None boolRoot Users - Indicates if raise a warning for images that should only be run as root.
- Packages
Black boolList Enabled - Indicates if packages blacklist is relevant.
- Packages
Black []GetLists Host Assurance Policy Packages Black List - List of blacklisted images.
- Packages
White boolList Enabled - Indicates if packages whitelist is relevant.
- Packages
White []GetLists Host Assurance Policy Packages White List - List of whitelisted images.
- Partial
Results boolImage Fail - Read
Only bool - Registries []string
- List of registries.
- Registry string
- Required
Labels []GetHost Assurance Policy Required Label - Required
Labels boolEnabled - Scan
Nfs boolMounts - Scan
Sensitive boolData - Indicates if scan should include sensitive data in the image.
- Scap
Enabled bool - Indicates if scanning should include scap.
- Scap
Files []string - List of SCAP user scripts for checks.
- Scopes
[]Get
Host Assurance Policy Scope - Trusted
Base []GetImages Host Assurance Policy Trusted Base Image - List of trusted images.
- Trusted
Base boolImages Enabled - Indicates if list of trusted base images is relevant.
- Whitelisted
Licenses []string - List of whitelisted licenses.
- Whitelisted
Licenses boolEnabled - Indicates if license blacklist is relevant.
- allowed
Images List<String> - List of explicitly allowed images.
- application
Scopes List<String> - audit
On BooleanFailure - Indicates if auditing for failures.
- String
- Name of user account that created the policy.
- auto
Scan BooleanConfigured - auto
Scan BooleanEnabled - auto
Scan List<GetTimes Host Assurance Policy Auto Scan Time> - blacklist
Permissions List<String> - List of function's forbidden permissions.
- blacklist
Permissions BooleanEnabled - Indicates if blacklist permissions is relevant.
- blacklisted
Licenses List<String> - List of blacklisted licenses.
- blacklisted
Licenses BooleanEnabled - Indicates if license blacklist is relevant.
- block
Failed Boolean - Indicates if failed images are blocked.
- control
Exclude BooleanNo Fix - custom
Checks List<GetHost Assurance Policy Custom Check> - List of Custom user scripts for checks.
- custom
Checks BooleanEnabled - Indicates if scanning should include custom checks.
- custom
Severity BooleanEnabled - cves
Black BooleanList Enabled - Indicates if CVEs blacklist is relevant.
- cves
Black List<String>Lists - List of CVEs blacklisted items.
- cves
White BooleanList Enabled - Indicates if CVEs whitelist is relevant.
- cves
White List<String>Lists - List of cves whitelisted licenses
- cvss
Severity String - Identifier of the cvss severity.
- cvss
Severity BooleanEnabled - Indicates if the cvss severity is scanned.
- cvss
Severity BooleanExclude No Fix - Indicates that policy should ignore cvss cases that do not have a known fix.
- description String
- disallow
Malware Boolean - Indicates if malware should block the image.
- docker
Cis BooleanEnabled - Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
- domain String
- Name of the container image.
- domain
Name String - dta
Enabled Boolean - dta
Severity String - enabled Boolean
- enforce Boolean
- enforce
After IntegerDays - enforce
Excessive BooleanPermissions - exceptional
Monitored List<String>Malware Paths - fail
Cicd Boolean - Indicates if cicd failures will fail the image.
- forbidden
Labels List<GetHost Assurance Policy Forbidden Label> - forbidden
Labels BooleanEnabled - force
Microenforcer Boolean - function
Integrity BooleanEnabled - id String
- The ID of this resource.
- ignore
Recently BooleanPublished Vln - ignore
Recently IntegerPublished Vln Period - ignore
Risk BooleanResources Enabled - Indicates if risk resources are ignored.
- ignored
Risk List<String>Resources - List of ignored risk resources.
- images List<String>
- List of images.
- kube
Cis BooleanEnabled - Performs a Kubernetes CIS benchmark check for the host.
- labels List<String>
- List of labels.
- malware
Action String - maximum
Score Double - Value of allowed maximum score.
- maximum
Score BooleanEnabled - Indicates if exceeding the maximum score is scanned.
- maximum
Score BooleanExclude No Fix - Indicates that policy should ignore cases that do not have a known fix.
- monitored
Malware List<String>Paths - name String
- only
None BooleanRoot Users - Indicates if raise a warning for images that should only be run as root.
- packages
Black BooleanList Enabled - Indicates if packages blacklist is relevant.
- packages
Black List<GetLists Host Assurance Policy Packages Black List> - List of blacklisted images.
- packages
White BooleanList Enabled - Indicates if packages whitelist is relevant.
- packages
White List<GetLists Host Assurance Policy Packages White List> - List of whitelisted images.
- partial
Results BooleanImage Fail - read
Only Boolean - registries List<String>
- List of registries.
- registry String
- required
Labels List<GetHost Assurance Policy Required Label> - required
Labels BooleanEnabled - scan
Nfs BooleanMounts - scan
Sensitive BooleanData - Indicates if scan should include sensitive data in the image.
- scap
Enabled Boolean - Indicates if scanning should include scap.
- scap
Files List<String> - List of SCAP user scripts for checks.
- scopes
List<Get
Host Assurance Policy Scope> - trusted
Base List<GetImages Host Assurance Policy Trusted Base Image> - List of trusted images.
- trusted
Base BooleanImages Enabled - Indicates if list of trusted base images is relevant.
- whitelisted
Licenses List<String> - List of whitelisted licenses.
- whitelisted
Licenses BooleanEnabled - Indicates if license blacklist is relevant.
- allowed
Images string[] - List of explicitly allowed images.
- application
Scopes string[] - audit
On booleanFailure - Indicates if auditing for failures.
- string
- Name of user account that created the policy.
- auto
Scan booleanConfigured - auto
Scan booleanEnabled - auto
Scan GetTimes Host Assurance Policy Auto Scan Time[] - blacklist
Permissions string[] - List of function's forbidden permissions.
- blacklist
Permissions booleanEnabled - Indicates if blacklist permissions is relevant.
- blacklisted
Licenses string[] - List of blacklisted licenses.
- blacklisted
Licenses booleanEnabled - Indicates if license blacklist is relevant.
- block
Failed boolean - Indicates if failed images are blocked.
- control
Exclude booleanNo Fix - custom
Checks GetHost Assurance Policy Custom Check[] - List of Custom user scripts for checks.
- custom
Checks booleanEnabled - Indicates if scanning should include custom checks.
- custom
Severity booleanEnabled - cves
Black booleanList Enabled - Indicates if CVEs blacklist is relevant.
- cves
Black string[]Lists - List of CVEs blacklisted items.
- cves
White booleanList Enabled - Indicates if CVEs whitelist is relevant.
- cves
White string[]Lists - List of cves whitelisted licenses
- cvss
Severity string - Identifier of the cvss severity.
- cvss
Severity booleanEnabled - Indicates if the cvss severity is scanned.
- cvss
Severity booleanExclude No Fix - Indicates that policy should ignore cvss cases that do not have a known fix.
- description string
- disallow
Malware boolean - Indicates if malware should block the image.
- docker
Cis booleanEnabled - Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
- domain string
- Name of the container image.
- domain
Name string - dta
Enabled boolean - dta
Severity string - enabled boolean
- enforce boolean
- enforce
After numberDays - enforce
Excessive booleanPermissions - exceptional
Monitored string[]Malware Paths - fail
Cicd boolean - Indicates if cicd failures will fail the image.
- forbidden
Labels GetHost Assurance Policy Forbidden Label[] - forbidden
Labels booleanEnabled - force
Microenforcer boolean - function
Integrity booleanEnabled - id string
- The ID of this resource.
- ignore
Recently booleanPublished Vln - ignore
Recently numberPublished Vln Period - ignore
Risk booleanResources Enabled - Indicates if risk resources are ignored.
- ignored
Risk string[]Resources - List of ignored risk resources.
- images string[]
- List of images.
- kube
Cis booleanEnabled - Performs a Kubernetes CIS benchmark check for the host.
- labels string[]
- List of labels.
- malware
Action string - maximum
Score number - Value of allowed maximum score.
- maximum
Score booleanEnabled - Indicates if exceeding the maximum score is scanned.
- maximum
Score booleanExclude No Fix - Indicates that policy should ignore cases that do not have a known fix.
- monitored
Malware string[]Paths - name string
- only
None booleanRoot Users - Indicates if raise a warning for images that should only be run as root.
- packages
Black booleanList Enabled - Indicates if packages blacklist is relevant.
- packages
Black GetLists Host Assurance Policy Packages Black List[] - List of blacklisted images.
- packages
White booleanList Enabled - Indicates if packages whitelist is relevant.
- packages
White GetLists Host Assurance Policy Packages White List[] - List of whitelisted images.
- partial
Results booleanImage Fail - read
Only boolean - registries string[]
- List of registries.
- registry string
- required
Labels GetHost Assurance Policy Required Label[] - required
Labels booleanEnabled - scan
Nfs booleanMounts - scan
Sensitive booleanData - Indicates if scan should include sensitive data in the image.
- scap
Enabled boolean - Indicates if scanning should include scap.
- scap
Files string[] - List of SCAP user scripts for checks.
- scopes
Get
Host Assurance Policy Scope[] - trusted
Base GetImages Host Assurance Policy Trusted Base Image[] - List of trusted images.
- trusted
Base booleanImages Enabled - Indicates if list of trusted base images is relevant.
- whitelisted
Licenses string[] - List of whitelisted licenses.
- whitelisted
Licenses booleanEnabled - Indicates if license blacklist is relevant.
- allowed_
images Sequence[str] - List of explicitly allowed images.
- application_
scopes Sequence[str] - audit_
on_ boolfailure - Indicates if auditing for failures.
- str
- Name of user account that created the policy.
- auto_
scan_ boolconfigured - auto_
scan_ boolenabled - auto_
scan_ Sequence[Gettimes Host Assurance Policy Auto Scan Time] - blacklist_
permissions Sequence[str] - List of function's forbidden permissions.
- blacklist_
permissions_ boolenabled - Indicates if blacklist permissions is relevant.
- blacklisted_
licenses Sequence[str] - List of blacklisted licenses.
- blacklisted_
licenses_ boolenabled - Indicates if license blacklist is relevant.
- block_
failed bool - Indicates if failed images are blocked.
- control_
exclude_ boolno_ fix - custom_
checks Sequence[GetHost Assurance Policy Custom Check] - List of Custom user scripts for checks.
- custom_
checks_ boolenabled - Indicates if scanning should include custom checks.
- custom_
severity_ boolenabled - cves_
black_ boollist_ enabled - Indicates if CVEs blacklist is relevant.
- cves_
black_ Sequence[str]lists - List of CVEs blacklisted items.
- cves_
white_ boollist_ enabled - Indicates if CVEs whitelist is relevant.
- cves_
white_ Sequence[str]lists - List of cves whitelisted licenses
- cvss_
severity str - Identifier of the cvss severity.
- cvss_
severity_ boolenabled - Indicates if the cvss severity is scanned.
- cvss_
severity_ boolexclude_ no_ fix - Indicates that policy should ignore cvss cases that do not have a known fix.
- description str
- disallow_
malware bool - Indicates if malware should block the image.
- docker_
cis_ boolenabled - Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
- domain str
- Name of the container image.
- domain_
name str - dta_
enabled bool - dta_
severity str - enabled bool
- enforce bool
- enforce_
after_ intdays - enforce_
excessive_ boolpermissions - exceptional_
monitored_ Sequence[str]malware_ paths - fail_
cicd bool - Indicates if cicd failures will fail the image.
- forbidden_
labels Sequence[GetHost Assurance Policy Forbidden Label] - forbidden_
labels_ boolenabled - force_
microenforcer bool - function_
integrity_ boolenabled - id str
- The ID of this resource.
- ignore_
recently_ boolpublished_ vln - ignore_
recently_ intpublished_ vln_ period - ignore_
risk_ boolresources_ enabled - Indicates if risk resources are ignored.
- ignored_
risk_ Sequence[str]resources - List of ignored risk resources.
- images Sequence[str]
- List of images.
- kube_
cis_ boolenabled - Performs a Kubernetes CIS benchmark check for the host.
- labels Sequence[str]
- List of labels.
- malware_
action str - maximum_
score float - Value of allowed maximum score.
- maximum_
score_ boolenabled - Indicates if exceeding the maximum score is scanned.
- maximum_
score_ boolexclude_ no_ fix - Indicates that policy should ignore cases that do not have a known fix.
- monitored_
malware_ Sequence[str]paths - name str
- only_
none_ boolroot_ users - Indicates if raise a warning for images that should only be run as root.
- packages_
black_ boollist_ enabled - Indicates if packages blacklist is relevant.
- packages_
black_ Sequence[Getlists Host Assurance Policy Packages Black List] - List of blacklisted images.
- packages_
white_ boollist_ enabled - Indicates if packages whitelist is relevant.
- packages_
white_ Sequence[Getlists Host Assurance Policy Packages White List] - List of whitelisted images.
- partial_
results_ boolimage_ fail - read_
only bool - registries Sequence[str]
- List of registries.
- registry str
- required_
labels Sequence[GetHost Assurance Policy Required Label] - required_
labels_ boolenabled - scan_
nfs_ boolmounts - scan_
sensitive_ booldata - Indicates if scan should include sensitive data in the image.
- scap_
enabled bool - Indicates if scanning should include scap.
- scap_
files Sequence[str] - List of SCAP user scripts for checks.
- scopes
Sequence[Get
Host Assurance Policy Scope] - trusted_
base_ Sequence[Getimages Host Assurance Policy Trusted Base Image] - List of trusted images.
- trusted_
base_ boolimages_ enabled - Indicates if list of trusted base images is relevant.
- whitelisted_
licenses Sequence[str] - List of whitelisted licenses.
- whitelisted_
licenses_ boolenabled - Indicates if license blacklist is relevant.
- allowed
Images List<String> - List of explicitly allowed images.
- application
Scopes List<String> - audit
On BooleanFailure - Indicates if auditing for failures.
- String
- Name of user account that created the policy.
- auto
Scan BooleanConfigured - auto
Scan BooleanEnabled - auto
Scan List<Property Map>Times - blacklist
Permissions List<String> - List of function's forbidden permissions.
- blacklist
Permissions BooleanEnabled - Indicates if blacklist permissions is relevant.
- blacklisted
Licenses List<String> - List of blacklisted licenses.
- blacklisted
Licenses BooleanEnabled - Indicates if license blacklist is relevant.
- block
Failed Boolean - Indicates if failed images are blocked.
- control
Exclude BooleanNo Fix - custom
Checks List<Property Map> - List of Custom user scripts for checks.
- custom
Checks BooleanEnabled - Indicates if scanning should include custom checks.
- custom
Severity BooleanEnabled - cves
Black BooleanList Enabled - Indicates if CVEs blacklist is relevant.
- cves
Black List<String>Lists - List of CVEs blacklisted items.
- cves
White BooleanList Enabled - Indicates if CVEs whitelist is relevant.
- cves
White List<String>Lists - List of cves whitelisted licenses
- cvss
Severity String - Identifier of the cvss severity.
- cvss
Severity BooleanEnabled - Indicates if the cvss severity is scanned.
- cvss
Severity BooleanExclude No Fix - Indicates that policy should ignore cvss cases that do not have a known fix.
- description String
- disallow
Malware Boolean - Indicates if malware should block the image.
- docker
Cis BooleanEnabled - Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
- domain String
- Name of the container image.
- domain
Name String - dta
Enabled Boolean - dta
Severity String - enabled Boolean
- enforce Boolean
- enforce
After NumberDays - enforce
Excessive BooleanPermissions - exceptional
Monitored List<String>Malware Paths - fail
Cicd Boolean - Indicates if cicd failures will fail the image.
- forbidden
Labels List<Property Map> - forbidden
Labels BooleanEnabled - force
Microenforcer Boolean - function
Integrity BooleanEnabled - id String
- The ID of this resource.
- ignore
Recently BooleanPublished Vln - ignore
Recently NumberPublished Vln Period - ignore
Risk BooleanResources Enabled - Indicates if risk resources are ignored.
- ignored
Risk List<String>Resources - List of ignored risk resources.
- images List<String>
- List of images.
- kube
Cis BooleanEnabled - Performs a Kubernetes CIS benchmark check for the host.
- labels List<String>
- List of labels.
- malware
Action String - maximum
Score Number - Value of allowed maximum score.
- maximum
Score BooleanEnabled - Indicates if exceeding the maximum score is scanned.
- maximum
Score BooleanExclude No Fix - Indicates that policy should ignore cases that do not have a known fix.
- monitored
Malware List<String>Paths - name String
- only
None BooleanRoot Users - Indicates if raise a warning for images that should only be run as root.
- packages
Black BooleanList Enabled - Indicates if packages blacklist is relevant.
- packages
Black List<Property Map>Lists - List of blacklisted images.
- packages
White BooleanList Enabled - Indicates if packages whitelist is relevant.
- packages
White List<Property Map>Lists - List of whitelisted images.
- partial
Results BooleanImage Fail - read
Only Boolean - registries List<String>
- List of registries.
- registry String
- required
Labels List<Property Map> - required
Labels BooleanEnabled - scan
Nfs BooleanMounts - scan
Sensitive BooleanData - Indicates if scan should include sensitive data in the image.
- scap
Enabled Boolean - Indicates if scanning should include scap.
- scap
Files List<String> - List of SCAP user scripts for checks.
- scopes List<Property Map>
- trusted
Base List<Property Map>Images - List of trusted images.
- trusted
Base BooleanImages Enabled - Indicates if list of trusted base images is relevant.
- whitelisted
Licenses List<String> - List of whitelisted licenses.
- whitelisted
Licenses BooleanEnabled - Indicates if license blacklist is relevant.
Supporting Types
GetHostAssurancePolicyAutoScanTime
- Iteration int
- Iteration
Type string - Time string
- Week
Days List<string>
- Iteration int
- Iteration
Type string - Time string
- Week
Days []string
- iteration Integer
- iteration
Type String - time String
- week
Days List<String>
- iteration number
- iteration
Type string - time string
- week
Days string[]
- iteration int
- iteration_
type str - time str
- week_
days Sequence[str]
- iteration Number
- iteration
Type String - time String
- week
Days List<String>
GetHostAssurancePolicyCustomCheck
- string
- Name of user account that created the policy.
- Description string
- Engine string
- Last
Modified int - Name string
- Path string
- Read
Only bool - Script
Id string - Severity string
- Snippet string
- string
- Name of user account that created the policy.
- Description string
- Engine string
- Last
Modified int - Name string
- Path string
- Read
Only bool - Script
Id string - Severity string
- Snippet string
- String
- Name of user account that created the policy.
- description String
- engine String
- last
Modified Integer - name String
- path String
- read
Only Boolean - script
Id String - severity String
- snippet String
- string
- Name of user account that created the policy.
- description string
- engine string
- last
Modified number - name string
- path string
- read
Only boolean - script
Id string - severity string
- snippet string
- str
- Name of user account that created the policy.
- description str
- engine str
- last_
modified int - name str
- path str
- read_
only bool - script_
id str - severity str
- snippet str
- String
- Name of user account that created the policy.
- description String
- engine String
- last
Modified Number - name String
- path String
- read
Only Boolean - script
Id String - severity String
- snippet String
GetHostAssurancePolicyForbiddenLabel
GetHostAssurancePolicyPackagesBlackList
GetHostAssurancePolicyPackagesWhiteList
GetHostAssurancePolicyRequiredLabel
GetHostAssurancePolicyScope
GetHostAssurancePolicyScopeVariable
GetHostAssurancePolicyTrustedBaseImage
Package Details
- Repository
- aquasec pulumiverse/pulumi-aquasec
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aquasec
Terraform Provider.