aquasec.getKubernetesAssurancePolicy

Explore with Pulumi AI

Aquasec v0.8.29 published on Monday, Jul 22, 2024 by Pulumiverse

Using getKubernetesAssurancePolicy

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getKubernetesAssurancePolicy(args: GetKubernetesAssurancePolicyArgs, opts?: InvokeOptions): Promise<GetKubernetesAssurancePolicyResult>
function getKubernetesAssurancePolicyOutput(args: GetKubernetesAssurancePolicyOutputArgs, opts?: InvokeOptions): Output<GetKubernetesAssurancePolicyResult>

def get_kubernetes_assurance_policy(name: Optional[str] = None,
                                    opts: Optional[InvokeOptions] = None) -> GetKubernetesAssurancePolicyResult
def get_kubernetes_assurance_policy_output(name: Optional[pulumi.Input[str]] = None,
                                    opts: Optional[InvokeOptions] = None) -> Output[GetKubernetesAssurancePolicyResult]

func LookupKubernetesAssurancePolicy(ctx *Context, args *LookupKubernetesAssurancePolicyArgs, opts ...InvokeOption) (*LookupKubernetesAssurancePolicyResult, error)
func LookupKubernetesAssurancePolicyOutput(ctx *Context, args *LookupKubernetesAssurancePolicyOutputArgs, opts ...InvokeOption) LookupKubernetesAssurancePolicyResultOutput

> Note: This function is named LookupKubernetesAssurancePolicy in the Go SDK.

public static class GetKubernetesAssurancePolicy 
{
    public static Task<GetKubernetesAssurancePolicyResult> InvokeAsync(GetKubernetesAssurancePolicyArgs args, InvokeOptions? opts = null)
    public static Output<GetKubernetesAssurancePolicyResult> Invoke(GetKubernetesAssurancePolicyInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetKubernetesAssurancePolicyResult> getKubernetesAssurancePolicy(GetKubernetesAssurancePolicyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: aquasec:index/getKubernetesAssurancePolicy:getKubernetesAssurancePolicy
  arguments:
    # arguments dictionary

The following arguments are supported:

Name string

Name string

name String

name string

name str

name String

getKubernetesAssurancePolicy Result

The following output properties are available:

AllowedImages List<string>: List of explicitly allowed images.
ApplicationScopes List<string>
AuditOnFailure bool: Indicates if auditing for failures.
Author string: Name of user account that created the policy.
AutoScanConfigured bool
AutoScanEnabled bool
AutoScanTimes List<Pulumiverse.Aquasec.Outputs.GetKubernetesAssurancePolicyAutoScanTime>
BlacklistPermissions List<string>: List of function's forbidden permissions.
BlacklistPermissionsEnabled bool: Indicates if blacklist permissions is relevant.
BlacklistedLicenses List<string>: List of blacklisted licenses.
BlacklistedLicensesEnabled bool: Indicates if license blacklist is relevant.
BlockFailed bool: Indicates if failed images are blocked.
ControlExcludeNoFix bool
CustomChecks List<Pulumiverse.Aquasec.Outputs.GetKubernetesAssurancePolicyCustomCheck>: List of Custom user scripts for checks.
CustomChecksEnabled bool: Indicates if scanning should include custom checks.
CustomSeverityEnabled bool
CvesBlackListEnabled bool: Indicates if CVEs blacklist is relevant.
CvesBlackLists List<string>: List of CVEs blacklisted items.
CvesWhiteListEnabled bool: Indicates if CVEs whitelist is relevant.
CvesWhiteLists List<string>: List of CVEs whitelisted licenses
CvssSeverity string: Identifier of the CVSS severity.
CvssSeverityEnabled bool: Indicates if the CVSS severity is scanned.
CvssSeverityExcludeNoFix bool: Indicates that policy should ignore CVSS cases that do not have a known fix.
Description string
DisallowMalware bool: Indicates if malware should block the image.
DockerCisEnabled bool: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
Domain string: Name of the container image.
DomainName string
DtaEnabled bool
DtaSeverity string
Enabled bool
Enforce bool
EnforceAfterDays int
EnforceExcessivePermissions bool
ExceptionalMonitoredMalwarePaths List<string>: Directories to be excluded from monitoring.
FailCicd bool: Indicates if CI/CD failures will fail the image.
ForbiddenLabels List<Pulumiverse.Aquasec.Outputs.GetKubernetesAssurancePolicyForbiddenLabel>
ForbiddenLabelsEnabled bool
ForceMicroenforcer bool
FunctionIntegrityEnabled bool
Id string: The ID of this resource.
IgnoreRecentlyPublishedVln bool
IgnoreRecentlyPublishedVlnPeriod int
IgnoreRiskResourcesEnabled bool: Indicates if risk resources are ignored.
IgnoredRiskResources List<string>: List of ignored risk resources.
Images List<string>: List of images.
KubeCisEnabled bool: Performs a Kubernetes CIS benchmark check for the host.
KubernetesControlsNames List<string>: List of kubernetes control names
Labels List<string>: List of labels.
MalwareAction string
MaximumScore double: Value of allowed maximum score.
MaximumScoreEnabled bool: Indicates if exceeding the maximum score is scanned.
MaximumScoreExcludeNoFix bool: Indicates that policy should ignore cases that do not have a known fix.
MonitoredMalwarePaths List<string>: Directories to be monitored.
Name string
OnlyNoneRootUsers bool: Indicates if raise a warning for images that should only be run as root.
PackagesBlackListEnabled bool: Indicates if packages blacklist is relevant.
PackagesBlackLists List<Pulumiverse.Aquasec.Outputs.GetKubernetesAssurancePolicyPackagesBlackList>: List of blacklisted images.
PackagesWhiteListEnabled bool: Indicates if packages whitelist is relevant.
PackagesWhiteLists List<Pulumiverse.Aquasec.Outputs.GetKubernetesAssurancePolicyPackagesWhiteList>: List of whitelisted images.
PartialResultsImageFail bool
ReadOnly bool
Registries List<string>: List of registries.
Registry string
RequiredLabels List<Pulumiverse.Aquasec.Outputs.GetKubernetesAssurancePolicyRequiredLabel>
RequiredLabelsEnabled bool
ScanNfsMounts bool
ScanSensitiveData bool: Indicates if scan should include sensitive data in the image.
ScapEnabled bool: Indicates if scanning should include SCAP.
ScapFiles List<string>: List of SCAP user scripts for checks.
Scopes List<Pulumiverse.Aquasec.Outputs.GetKubernetesAssurancePolicyScope>
TrustedBaseImages List<Pulumiverse.Aquasec.Outputs.GetKubernetesAssurancePolicyTrustedBaseImage>: List of trusted images.
TrustedBaseImagesEnabled bool: Indicates if list of trusted base images is relevant.
WhitelistedLicenses List<string>: List of whitelisted licenses.
WhitelistedLicensesEnabled bool: Indicates if license blacklist is relevant.

AllowedImages []string: List of explicitly allowed images.
ApplicationScopes []string
AuditOnFailure bool: Indicates if auditing for failures.
Author string: Name of user account that created the policy.
AutoScanConfigured bool
AutoScanEnabled bool
AutoScanTimes []GetKubernetesAssurancePolicyAutoScanTime
BlacklistPermissions []string: List of function's forbidden permissions.
BlacklistPermissionsEnabled bool: Indicates if blacklist permissions is relevant.
BlacklistedLicenses []string: List of blacklisted licenses.
BlacklistedLicensesEnabled bool: Indicates if license blacklist is relevant.
BlockFailed bool: Indicates if failed images are blocked.
ControlExcludeNoFix bool
CustomChecks []GetKubernetesAssurancePolicyCustomCheck: List of Custom user scripts for checks.
CustomChecksEnabled bool: Indicates if scanning should include custom checks.
CustomSeverityEnabled bool
CvesBlackListEnabled bool: Indicates if CVEs blacklist is relevant.
CvesBlackLists []string: List of CVEs blacklisted items.
CvesWhiteListEnabled bool: Indicates if CVEs whitelist is relevant.
CvesWhiteLists []string: List of CVEs whitelisted licenses
CvssSeverity string: Identifier of the CVSS severity.
CvssSeverityEnabled bool: Indicates if the CVSS severity is scanned.
CvssSeverityExcludeNoFix bool: Indicates that policy should ignore CVSS cases that do not have a known fix.
Description string
DisallowMalware bool: Indicates if malware should block the image.
DockerCisEnabled bool: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
Domain string: Name of the container image.
DomainName string
DtaEnabled bool
DtaSeverity string
Enabled bool
Enforce bool
EnforceAfterDays int
EnforceExcessivePermissions bool
ExceptionalMonitoredMalwarePaths []string: Directories to be excluded from monitoring.
FailCicd bool: Indicates if CI/CD failures will fail the image.
ForbiddenLabels []GetKubernetesAssurancePolicyForbiddenLabel
ForbiddenLabelsEnabled bool
ForceMicroenforcer bool
FunctionIntegrityEnabled bool
Id string: The ID of this resource.
IgnoreRecentlyPublishedVln bool
IgnoreRecentlyPublishedVlnPeriod int
IgnoreRiskResourcesEnabled bool: Indicates if risk resources are ignored.
IgnoredRiskResources []string: List of ignored risk resources.
Images []string: List of images.
KubeCisEnabled bool: Performs a Kubernetes CIS benchmark check for the host.
KubernetesControlsNames []string: List of kubernetes control names
Labels []string: List of labels.
MalwareAction string
MaximumScore float64: Value of allowed maximum score.
MaximumScoreEnabled bool: Indicates if exceeding the maximum score is scanned.
MaximumScoreExcludeNoFix bool: Indicates that policy should ignore cases that do not have a known fix.
MonitoredMalwarePaths []string: Directories to be monitored.
Name string
OnlyNoneRootUsers bool: Indicates if raise a warning for images that should only be run as root.
PackagesBlackListEnabled bool: Indicates if packages blacklist is relevant.
PackagesBlackLists []GetKubernetesAssurancePolicyPackagesBlackList: List of blacklisted images.
PackagesWhiteListEnabled bool: Indicates if packages whitelist is relevant.
PackagesWhiteLists []GetKubernetesAssurancePolicyPackagesWhiteList: List of whitelisted images.
PartialResultsImageFail bool
ReadOnly bool
Registries []string: List of registries.
Registry string
RequiredLabels []GetKubernetesAssurancePolicyRequiredLabel
RequiredLabelsEnabled bool
ScanNfsMounts bool
ScanSensitiveData bool: Indicates if scan should include sensitive data in the image.
ScapEnabled bool: Indicates if scanning should include SCAP.
ScapFiles []string: List of SCAP user scripts for checks.
Scopes []GetKubernetesAssurancePolicyScope
TrustedBaseImages []GetKubernetesAssurancePolicyTrustedBaseImage: List of trusted images.
TrustedBaseImagesEnabled bool: Indicates if list of trusted base images is relevant.
WhitelistedLicenses []string: List of whitelisted licenses.
WhitelistedLicensesEnabled bool: Indicates if license blacklist is relevant.

allowedImages List<String>: List of explicitly allowed images.
applicationScopes List<String>
auditOnFailure Boolean: Indicates if auditing for failures.
author String: Name of user account that created the policy.
autoScanConfigured Boolean
autoScanEnabled Boolean
autoScanTimes List<GetKubernetesAssurancePolicyAutoScanTime>
blacklistPermissions List<String>: List of function's forbidden permissions.
blacklistPermissionsEnabled Boolean: Indicates if blacklist permissions is relevant.
blacklistedLicenses List<String>: List of blacklisted licenses.
blacklistedLicensesEnabled Boolean: Indicates if license blacklist is relevant.
blockFailed Boolean: Indicates if failed images are blocked.
controlExcludeNoFix Boolean
customChecks List<GetKubernetesAssurancePolicyCustomCheck>: List of Custom user scripts for checks.
customChecksEnabled Boolean: Indicates if scanning should include custom checks.
customSeverityEnabled Boolean
cvesBlackListEnabled Boolean: Indicates if CVEs blacklist is relevant.
cvesBlackLists List<String>: List of CVEs blacklisted items.
cvesWhiteListEnabled Boolean: Indicates if CVEs whitelist is relevant.
cvesWhiteLists List<String>: List of CVEs whitelisted licenses
cvssSeverity String: Identifier of the CVSS severity.
cvssSeverityEnabled Boolean: Indicates if the CVSS severity is scanned.
cvssSeverityExcludeNoFix Boolean: Indicates that policy should ignore CVSS cases that do not have a known fix.
description String
disallowMalware Boolean: Indicates if malware should block the image.
dockerCisEnabled Boolean: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain String: Name of the container image.
domainName String
dtaEnabled Boolean
dtaSeverity String
enabled Boolean
enforce Boolean
enforceAfterDays Integer
enforceExcessivePermissions Boolean
exceptionalMonitoredMalwarePaths List<String>: Directories to be excluded from monitoring.
failCicd Boolean: Indicates if CI/CD failures will fail the image.
forbiddenLabels List<GetKubernetesAssurancePolicyForbiddenLabel>
forbiddenLabelsEnabled Boolean
forceMicroenforcer Boolean
functionIntegrityEnabled Boolean
id String: The ID of this resource.
ignoreRecentlyPublishedVln Boolean
ignoreRecentlyPublishedVlnPeriod Integer
ignoreRiskResourcesEnabled Boolean: Indicates if risk resources are ignored.
ignoredRiskResources List<String>: List of ignored risk resources.
images List<String>: List of images.
kubeCisEnabled Boolean: Performs a Kubernetes CIS benchmark check for the host.
kubernetesControlsNames List<String>: List of kubernetes control names
labels List<String>: List of labels.
malwareAction String
maximumScore Double: Value of allowed maximum score.
maximumScoreEnabled Boolean: Indicates if exceeding the maximum score is scanned.
maximumScoreExcludeNoFix Boolean: Indicates that policy should ignore cases that do not have a known fix.
monitoredMalwarePaths List<String>: Directories to be monitored.
name String
onlyNoneRootUsers Boolean: Indicates if raise a warning for images that should only be run as root.
packagesBlackListEnabled Boolean: Indicates if packages blacklist is relevant.
packagesBlackLists List<GetKubernetesAssurancePolicyPackagesBlackList>: List of blacklisted images.
packagesWhiteListEnabled Boolean: Indicates if packages whitelist is relevant.
packagesWhiteLists List<GetKubernetesAssurancePolicyPackagesWhiteList>: List of whitelisted images.
partialResultsImageFail Boolean
readOnly Boolean
registries List<String>: List of registries.
registry String
requiredLabels List<GetKubernetesAssurancePolicyRequiredLabel>
requiredLabelsEnabled Boolean
scanNfsMounts Boolean
scanSensitiveData Boolean: Indicates if scan should include sensitive data in the image.
scapEnabled Boolean: Indicates if scanning should include SCAP.
scapFiles List<String>: List of SCAP user scripts for checks.
scopes List<GetKubernetesAssurancePolicyScope>
trustedBaseImages List<GetKubernetesAssurancePolicyTrustedBaseImage>: List of trusted images.
trustedBaseImagesEnabled Boolean: Indicates if list of trusted base images is relevant.
whitelistedLicenses List<String>: List of whitelisted licenses.
whitelistedLicensesEnabled Boolean: Indicates if license blacklist is relevant.

allowedImages string[]: List of explicitly allowed images.
applicationScopes string[]
auditOnFailure boolean: Indicates if auditing for failures.
author string: Name of user account that created the policy.
autoScanConfigured boolean
autoScanEnabled boolean
autoScanTimes GetKubernetesAssurancePolicyAutoScanTime[]
blacklistPermissions string[]: List of function's forbidden permissions.
blacklistPermissionsEnabled boolean: Indicates if blacklist permissions is relevant.
blacklistedLicenses string[]: List of blacklisted licenses.
blacklistedLicensesEnabled boolean: Indicates if license blacklist is relevant.
blockFailed boolean: Indicates if failed images are blocked.
controlExcludeNoFix boolean
customChecks GetKubernetesAssurancePolicyCustomCheck[]: List of Custom user scripts for checks.
customChecksEnabled boolean: Indicates if scanning should include custom checks.
customSeverityEnabled boolean
cvesBlackListEnabled boolean: Indicates if CVEs blacklist is relevant.
cvesBlackLists string[]: List of CVEs blacklisted items.
cvesWhiteListEnabled boolean: Indicates if CVEs whitelist is relevant.
cvesWhiteLists string[]: List of CVEs whitelisted licenses
cvssSeverity string: Identifier of the CVSS severity.
cvssSeverityEnabled boolean: Indicates if the CVSS severity is scanned.
cvssSeverityExcludeNoFix boolean: Indicates that policy should ignore CVSS cases that do not have a known fix.
description string
disallowMalware boolean: Indicates if malware should block the image.
dockerCisEnabled boolean: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain string: Name of the container image.
domainName string
dtaEnabled boolean
dtaSeverity string
enabled boolean
enforce boolean
enforceAfterDays number
enforceExcessivePermissions boolean
exceptionalMonitoredMalwarePaths string[]: Directories to be excluded from monitoring.
failCicd boolean: Indicates if CI/CD failures will fail the image.
forbiddenLabels GetKubernetesAssurancePolicyForbiddenLabel[]
forbiddenLabelsEnabled boolean
forceMicroenforcer boolean
functionIntegrityEnabled boolean
id string: The ID of this resource.
ignoreRecentlyPublishedVln boolean
ignoreRecentlyPublishedVlnPeriod number
ignoreRiskResourcesEnabled boolean: Indicates if risk resources are ignored.
ignoredRiskResources string[]: List of ignored risk resources.
images string[]: List of images.
kubeCisEnabled boolean: Performs a Kubernetes CIS benchmark check for the host.
kubernetesControlsNames string[]: List of kubernetes control names
labels string[]: List of labels.
malwareAction string
maximumScore number: Value of allowed maximum score.
maximumScoreEnabled boolean: Indicates if exceeding the maximum score is scanned.
maximumScoreExcludeNoFix boolean: Indicates that policy should ignore cases that do not have a known fix.
monitoredMalwarePaths string[]: Directories to be monitored.
name string
onlyNoneRootUsers boolean: Indicates if raise a warning for images that should only be run as root.
packagesBlackListEnabled boolean: Indicates if packages blacklist is relevant.
packagesBlackLists GetKubernetesAssurancePolicyPackagesBlackList[]: List of blacklisted images.
packagesWhiteListEnabled boolean: Indicates if packages whitelist is relevant.
packagesWhiteLists GetKubernetesAssurancePolicyPackagesWhiteList[]: List of whitelisted images.
partialResultsImageFail boolean
readOnly boolean
registries string[]: List of registries.
registry string
requiredLabels GetKubernetesAssurancePolicyRequiredLabel[]
requiredLabelsEnabled boolean
scanNfsMounts boolean
scanSensitiveData boolean: Indicates if scan should include sensitive data in the image.
scapEnabled boolean: Indicates if scanning should include SCAP.
scapFiles string[]: List of SCAP user scripts for checks.
scopes GetKubernetesAssurancePolicyScope[]
trustedBaseImages GetKubernetesAssurancePolicyTrustedBaseImage[]: List of trusted images.
trustedBaseImagesEnabled boolean: Indicates if list of trusted base images is relevant.
whitelistedLicenses string[]: List of whitelisted licenses.
whitelistedLicensesEnabled boolean: Indicates if license blacklist is relevant.

allowed_images Sequence[str]: List of explicitly allowed images.
application_scopes Sequence[str]
audit_on_failure bool: Indicates if auditing for failures.
author str: Name of user account that created the policy.
auto_scan_configured bool
auto_scan_enabled bool
auto_scan_times Sequence[GetKubernetesAssurancePolicyAutoScanTime]
blacklist_permissions Sequence[str]: List of function's forbidden permissions.
blacklist_permissions_enabled bool: Indicates if blacklist permissions is relevant.
blacklisted_licenses Sequence[str]: List of blacklisted licenses.
blacklisted_licenses_enabled bool: Indicates if license blacklist is relevant.
block_failed bool: Indicates if failed images are blocked.
control_exclude_no_fix bool
custom_checks Sequence[GetKubernetesAssurancePolicyCustomCheck]: List of Custom user scripts for checks.
custom_checks_enabled bool: Indicates if scanning should include custom checks.
custom_severity_enabled bool
cves_black_list_enabled bool: Indicates if CVEs blacklist is relevant.
cves_black_lists Sequence[str]: List of CVEs blacklisted items.
cves_white_list_enabled bool: Indicates if CVEs whitelist is relevant.
cves_white_lists Sequence[str]: List of CVEs whitelisted licenses
cvss_severity str: Identifier of the CVSS severity.
cvss_severity_enabled bool: Indicates if the CVSS severity is scanned.
cvss_severity_exclude_no_fix bool: Indicates that policy should ignore CVSS cases that do not have a known fix.
description str
disallow_malware bool: Indicates if malware should block the image.
docker_cis_enabled bool: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain str: Name of the container image.
domain_name str
dta_enabled bool
dta_severity str
enabled bool
enforce bool
enforce_after_days int
enforce_excessive_permissions bool
exceptional_monitored_malware_paths Sequence[str]: Directories to be excluded from monitoring.
fail_cicd bool: Indicates if CI/CD failures will fail the image.
forbidden_labels Sequence[GetKubernetesAssurancePolicyForbiddenLabel]
forbidden_labels_enabled bool
force_microenforcer bool
function_integrity_enabled bool
id str: The ID of this resource.
ignore_recently_published_vln bool
ignore_recently_published_vln_period int
ignore_risk_resources_enabled bool: Indicates if risk resources are ignored.
ignored_risk_resources Sequence[str]: List of ignored risk resources.
images Sequence[str]: List of images.
kube_cis_enabled bool: Performs a Kubernetes CIS benchmark check for the host.
kubernetes_controls_names Sequence[str]: List of kubernetes control names
labels Sequence[str]: List of labels.
malware_action str
maximum_score float: Value of allowed maximum score.
maximum_score_enabled bool: Indicates if exceeding the maximum score is scanned.
maximum_score_exclude_no_fix bool: Indicates that policy should ignore cases that do not have a known fix.
monitored_malware_paths Sequence[str]: Directories to be monitored.
name str
only_none_root_users bool: Indicates if raise a warning for images that should only be run as root.
packages_black_list_enabled bool: Indicates if packages blacklist is relevant.
packages_black_lists Sequence[GetKubernetesAssurancePolicyPackagesBlackList]: List of blacklisted images.
packages_white_list_enabled bool: Indicates if packages whitelist is relevant.
packages_white_lists Sequence[GetKubernetesAssurancePolicyPackagesWhiteList]: List of whitelisted images.
partial_results_image_fail bool
read_only bool
registries Sequence[str]: List of registries.
registry str
required_labels Sequence[GetKubernetesAssurancePolicyRequiredLabel]
required_labels_enabled bool
scan_nfs_mounts bool
scan_sensitive_data bool: Indicates if scan should include sensitive data in the image.
scap_enabled bool: Indicates if scanning should include SCAP.
scap_files Sequence[str]: List of SCAP user scripts for checks.
scopes Sequence[GetKubernetesAssurancePolicyScope]
trusted_base_images Sequence[GetKubernetesAssurancePolicyTrustedBaseImage]: List of trusted images.
trusted_base_images_enabled bool: Indicates if list of trusted base images is relevant.
whitelisted_licenses Sequence[str]: List of whitelisted licenses.
whitelisted_licenses_enabled bool: Indicates if license blacklist is relevant.

allowedImages List<String>: List of explicitly allowed images.
applicationScopes List<String>
auditOnFailure Boolean: Indicates if auditing for failures.
author String: Name of user account that created the policy.
autoScanConfigured Boolean
autoScanEnabled Boolean
autoScanTimes List<Property Map>
blacklistPermissions List<String>: List of function's forbidden permissions.
blacklistPermissionsEnabled Boolean: Indicates if blacklist permissions is relevant.
blacklistedLicenses List<String>: List of blacklisted licenses.
blacklistedLicensesEnabled Boolean: Indicates if license blacklist is relevant.
blockFailed Boolean: Indicates if failed images are blocked.
controlExcludeNoFix Boolean
customChecks List<Property Map>: List of Custom user scripts for checks.
customChecksEnabled Boolean: Indicates if scanning should include custom checks.
customSeverityEnabled Boolean
cvesBlackListEnabled Boolean: Indicates if CVEs blacklist is relevant.
cvesBlackLists List<String>: List of CVEs blacklisted items.
cvesWhiteListEnabled Boolean: Indicates if CVEs whitelist is relevant.
cvesWhiteLists List<String>: List of CVEs whitelisted licenses
cvssSeverity String: Identifier of the CVSS severity.
cvssSeverityEnabled Boolean: Indicates if the CVSS severity is scanned.
cvssSeverityExcludeNoFix Boolean: Indicates that policy should ignore CVSS cases that do not have a known fix.
description String
disallowMalware Boolean: Indicates if malware should block the image.
dockerCisEnabled Boolean: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain String: Name of the container image.
domainName String
dtaEnabled Boolean
dtaSeverity String
enabled Boolean
enforce Boolean
enforceAfterDays Number
enforceExcessivePermissions Boolean
exceptionalMonitoredMalwarePaths List<String>: Directories to be excluded from monitoring.
failCicd Boolean: Indicates if CI/CD failures will fail the image.
forbiddenLabels List<Property Map>
forbiddenLabelsEnabled Boolean
forceMicroenforcer Boolean
functionIntegrityEnabled Boolean
id String: The ID of this resource.
ignoreRecentlyPublishedVln Boolean
ignoreRecentlyPublishedVlnPeriod Number
ignoreRiskResourcesEnabled Boolean: Indicates if risk resources are ignored.
ignoredRiskResources List<String>: List of ignored risk resources.
images List<String>: List of images.
kubeCisEnabled Boolean: Performs a Kubernetes CIS benchmark check for the host.
kubernetesControlsNames List<String>: List of kubernetes control names
labels List<String>: List of labels.
malwareAction String
maximumScore Number: Value of allowed maximum score.
maximumScoreEnabled Boolean: Indicates if exceeding the maximum score is scanned.
maximumScoreExcludeNoFix Boolean: Indicates that policy should ignore cases that do not have a known fix.
monitoredMalwarePaths List<String>: Directories to be monitored.
name String
onlyNoneRootUsers Boolean: Indicates if raise a warning for images that should only be run as root.
packagesBlackListEnabled Boolean: Indicates if packages blacklist is relevant.
packagesBlackLists List<Property Map>: List of blacklisted images.
packagesWhiteListEnabled Boolean: Indicates if packages whitelist is relevant.
packagesWhiteLists List<Property Map>: List of whitelisted images.
partialResultsImageFail Boolean
readOnly Boolean
registries List<String>: List of registries.
registry String
requiredLabels List<Property Map>
requiredLabelsEnabled Boolean
scanNfsMounts Boolean
scanSensitiveData Boolean: Indicates if scan should include sensitive data in the image.
scapEnabled Boolean: Indicates if scanning should include SCAP.
scapFiles List<String>: List of SCAP user scripts for checks.
scopes List<Property Map>
trustedBaseImages List<Property Map>: List of trusted images.
trustedBaseImagesEnabled Boolean: Indicates if list of trusted base images is relevant.
whitelistedLicenses List<String>: List of whitelisted licenses.
whitelistedLicensesEnabled Boolean: Indicates if license blacklist is relevant.