Aquasec v0.8.29, Jul 22 24

Aquasec v0.8.29 published on Monday, Jul 22, 2024 by Pulumiverse

aquasec.ImageAssurancePolicy

Explore with Pulumi AI

Aquasec v0.8.29 published on Monday, Jul 22, 2024 by Pulumiverse

Create ImageAssurancePolicy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ImageAssurancePolicy(name: string, args: ImageAssurancePolicyArgs, opts?: CustomResourceOptions);

@overload
def ImageAssurancePolicy(resource_name: str,
                         args: ImageAssurancePolicyArgs,
                         opts: Optional[ResourceOptions] = None)

@overload
def ImageAssurancePolicy(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         application_scopes: Optional[Sequence[str]] = None,
                         aggregated_vulnerability: Optional[Mapping[str, str]] = None,
                         allowed_images: Optional[Sequence[str]] = None,
                         assurance_type: Optional[str] = None,
                         audit_on_failure: Optional[bool] = None,
                         author: Optional[str] = None,
                         auto_scan_configured: Optional[bool] = None,
                         auto_scan_enabled: Optional[bool] = None,
                         auto_scan_times: Optional[Sequence[ImageAssurancePolicyAutoScanTimeArgs]] = None,
                         blacklist_permissions: Optional[Sequence[str]] = None,
                         blacklist_permissions_enabled: Optional[bool] = None,
                         blacklisted_licenses: Optional[Sequence[str]] = None,
                         blacklisted_licenses_enabled: Optional[bool] = None,
                         block_failed: Optional[bool] = None,
                         control_exclude_no_fix: Optional[bool] = None,
                         custom_checks: Optional[Sequence[ImageAssurancePolicyCustomCheckArgs]] = None,
                         custom_checks_enabled: Optional[bool] = None,
                         custom_severity: Optional[str] = None,
                         custom_severity_enabled: Optional[bool] = None,
                         cves_black_list_enabled: Optional[bool] = None,
                         cves_black_lists: Optional[Sequence[str]] = None,
                         cves_white_list_enabled: Optional[bool] = None,
                         cves_white_lists: Optional[Sequence[str]] = None,
                         cvss_severity: Optional[str] = None,
                         cvss_severity_enabled: Optional[bool] = None,
                         cvss_severity_exclude_no_fix: Optional[bool] = None,
                         description: Optional[str] = None,
                         disallow_exploit_types: Optional[Sequence[str]] = None,
                         disallow_malware: Optional[bool] = None,
                         docker_cis_enabled: Optional[bool] = None,
                         domain: Optional[str] = None,
                         domain_name: Optional[str] = None,
                         dta_enabled: Optional[bool] = None,
                         dta_severity: Optional[str] = None,
                         enabled: Optional[bool] = None,
                         enforce: Optional[bool] = None,
                         enforce_after_days: Optional[int] = None,
                         enforce_excessive_permissions: Optional[bool] = None,
                         exceptional_monitored_malware_paths: Optional[Sequence[str]] = None,
                         exclude_application_scopes: Optional[Sequence[str]] = None,
                         fail_cicd: Optional[bool] = None,
                         forbidden_labels: Optional[Sequence[ImageAssurancePolicyForbiddenLabelArgs]] = None,
                         forbidden_labels_enabled: Optional[bool] = None,
                         force_microenforcer: Optional[bool] = None,
                         function_integrity_enabled: Optional[bool] = None,
                         ignore_base_image_vln: Optional[bool] = None,
                         ignore_recently_published_vln: Optional[bool] = None,
                         ignore_recently_published_vln_period: Optional[int] = None,
                         ignore_risk_resources_enabled: Optional[bool] = None,
                         ignored_risk_resources: Optional[Sequence[str]] = None,
                         ignored_sensitive_resources: Optional[Sequence[str]] = None,
                         images: Optional[Sequence[str]] = None,
                         kube_cis_enabled: Optional[bool] = None,
                         kubernetes_controls: Optional[ImageAssurancePolicyKubernetesControlsArgs] = None,
                         kubernetes_controls_avd_ids: Optional[Sequence[str]] = None,
                         kubernetes_controls_names: Optional[Sequence[str]] = None,
                         labels: Optional[Sequence[str]] = None,
                         lastupdate: Optional[str] = None,
                         linux_cis_enabled: Optional[bool] = None,
                         malware_action: Optional[str] = None,
                         maximum_score: Optional[float] = None,
                         maximum_score_enabled: Optional[bool] = None,
                         maximum_score_exclude_no_fix: Optional[bool] = None,
                         monitored_malware_paths: Optional[Sequence[str]] = None,
                         name: Optional[str] = None,
                         only_none_root_users: Optional[bool] = None,
                         openshift_hardening_enabled: Optional[bool] = None,
                         packages_black_list_enabled: Optional[bool] = None,
                         packages_black_lists: Optional[Sequence[ImageAssurancePolicyPackagesBlackListArgs]] = None,
                         packages_white_list_enabled: Optional[bool] = None,
                         packages_white_lists: Optional[Sequence[ImageAssurancePolicyPackagesWhiteListArgs]] = None,
                         partial_results_image_fail: Optional[bool] = None,
                         permission: Optional[str] = None,
                         policy_settings: Optional[ImageAssurancePolicyPolicySettingsArgs] = None,
                         read_only: Optional[bool] = None,
                         registries: Optional[Sequence[str]] = None,
                         registry: Optional[str] = None,
                         required_labels: Optional[Sequence[ImageAssurancePolicyRequiredLabelArgs]] = None,
                         required_labels_enabled: Optional[bool] = None,
                         scan_malware_in_archives: Optional[bool] = None,
                         scan_nfs_mounts: Optional[bool] = None,
                         scan_process_memory: Optional[bool] = None,
                         scan_sensitive_data: Optional[bool] = None,
                         scan_windows_registry: Optional[bool] = None,
                         scap_enabled: Optional[bool] = None,
                         scap_files: Optional[Sequence[str]] = None,
                         scopes: Optional[Sequence[ImageAssurancePolicyScopeArgs]] = None,
                         trusted_base_images: Optional[Sequence[ImageAssurancePolicyTrustedBaseImageArgs]] = None,
                         trusted_base_images_enabled: Optional[bool] = None,
                         vulnerability_exploitability: Optional[bool] = None,
                         vulnerability_score_ranges: Optional[Sequence[int]] = None,
                         whitelisted_licenses: Optional[Sequence[str]] = None,
                         whitelisted_licenses_enabled: Optional[bool] = None)

func NewImageAssurancePolicy(ctx *Context, name string, args ImageAssurancePolicyArgs, opts ...ResourceOption) (*ImageAssurancePolicy, error)

public ImageAssurancePolicy(string name, ImageAssurancePolicyArgs args, CustomResourceOptions? opts = null)

public ImageAssurancePolicy(String name, ImageAssurancePolicyArgs args)
public ImageAssurancePolicy(String name, ImageAssurancePolicyArgs args, CustomResourceOptions options)

type: aquasec:ImageAssurancePolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ImageAssurancePolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ImageAssurancePolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ImageAssurancePolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ImageAssurancePolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ImageAssurancePolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var imageAssurancePolicyResource = new Aquasec.ImageAssurancePolicy("imageAssurancePolicyResource", new()
{
    ApplicationScopes = new[]
    {
        "string",
    },
    AggregatedVulnerability = 
    {
        { "string", "string" },
    },
    AllowedImages = new[]
    {
        "string",
    },
    AssuranceType = "string",
    AuditOnFailure = false,
    Author = "string",
    AutoScanConfigured = false,
    AutoScanEnabled = false,
    AutoScanTimes = new[]
    {
        new Aquasec.Inputs.ImageAssurancePolicyAutoScanTimeArgs
        {
            Iteration = 0,
            IterationType = "string",
            Time = "string",
            WeekDays = new[]
            {
                "string",
            },
        },
    },
    BlacklistPermissions = new[]
    {
        "string",
    },
    BlacklistPermissionsEnabled = false,
    BlacklistedLicenses = new[]
    {
        "string",
    },
    BlacklistedLicensesEnabled = false,
    BlockFailed = false,
    ControlExcludeNoFix = false,
    CustomChecks = new[]
    {
        new Aquasec.Inputs.ImageAssurancePolicyCustomCheckArgs
        {
            Author = "string",
            Description = "string",
            Engine = "string",
            LastModified = 0,
            Name = "string",
            Path = "string",
            ReadOnly = false,
            ScriptId = "string",
            Severity = "string",
            Snippet = "string",
        },
    },
    CustomChecksEnabled = false,
    CustomSeverity = "string",
    CustomSeverityEnabled = false,
    CvesBlackListEnabled = false,
    CvesBlackLists = new[]
    {
        "string",
    },
    CvesWhiteListEnabled = false,
    CvesWhiteLists = new[]
    {
        "string",
    },
    CvssSeverity = "string",
    CvssSeverityEnabled = false,
    CvssSeverityExcludeNoFix = false,
    Description = "string",
    DisallowExploitTypes = new[]
    {
        "string",
    },
    DisallowMalware = false,
    DockerCisEnabled = false,
    Domain = "string",
    DomainName = "string",
    DtaEnabled = false,
    DtaSeverity = "string",
    Enabled = false,
    Enforce = false,
    EnforceAfterDays = 0,
    EnforceExcessivePermissions = false,
    ExceptionalMonitoredMalwarePaths = new[]
    {
        "string",
    },
    ExcludeApplicationScopes = new[]
    {
        "string",
    },
    FailCicd = false,
    ForbiddenLabels = new[]
    {
        new Aquasec.Inputs.ImageAssurancePolicyForbiddenLabelArgs
        {
            Key = "string",
            Value = "string",
        },
    },
    ForbiddenLabelsEnabled = false,
    ForceMicroenforcer = false,
    FunctionIntegrityEnabled = false,
    IgnoreBaseImageVln = false,
    IgnoreRecentlyPublishedVln = false,
    IgnoreRecentlyPublishedVlnPeriod = 0,
    IgnoreRiskResourcesEnabled = false,
    IgnoredRiskResources = new[]
    {
        "string",
    },
    IgnoredSensitiveResources = new[]
    {
        "string",
    },
    Images = new[]
    {
        "string",
    },
    KubeCisEnabled = false,
    KubernetesControls = new Aquasec.Inputs.ImageAssurancePolicyKubernetesControlsArgs
    {
        AvdId = "string",
        Description = "string",
        Enabled = false,
        Kind = "string",
        Name = "string",
        Ootb = false,
        ScriptId = 0,
        Severity = "string",
    },
    KubernetesControlsAvdIds = new[]
    {
        "string",
    },
    KubernetesControlsNames = new[]
    {
        "string",
    },
    Labels = new[]
    {
        "string",
    },
    Lastupdate = "string",
    LinuxCisEnabled = false,
    MalwareAction = "string",
    MaximumScore = 0,
    MaximumScoreEnabled = false,
    MaximumScoreExcludeNoFix = false,
    MonitoredMalwarePaths = new[]
    {
        "string",
    },
    Name = "string",
    OnlyNoneRootUsers = false,
    OpenshiftHardeningEnabled = false,
    PackagesBlackListEnabled = false,
    PackagesBlackLists = new[]
    {
        new Aquasec.Inputs.ImageAssurancePolicyPackagesBlackListArgs
        {
            Arch = "string",
            Display = "string",
            Epoch = "string",
            Format = "string",
            License = "string",
            Name = "string",
            Release = "string",
            Version = "string",
            VersionRange = "string",
        },
    },
    PackagesWhiteListEnabled = false,
    PackagesWhiteLists = new[]
    {
        new Aquasec.Inputs.ImageAssurancePolicyPackagesWhiteListArgs
        {
            Arch = "string",
            Display = "string",
            Epoch = "string",
            Format = "string",
            License = "string",
            Name = "string",
            Release = "string",
            Version = "string",
            VersionRange = "string",
        },
    },
    PartialResultsImageFail = false,
    Permission = "string",
    PolicySettings = new Aquasec.Inputs.ImageAssurancePolicyPolicySettingsArgs
    {
        Enforce = false,
        IsAuditChecked = false,
        Warn = false,
        WarningMessage = "string",
    },
    ReadOnly = false,
    Registries = new[]
    {
        "string",
    },
    Registry = "string",
    RequiredLabels = new[]
    {
        new Aquasec.Inputs.ImageAssurancePolicyRequiredLabelArgs
        {
            Key = "string",
            Value = "string",
        },
    },
    RequiredLabelsEnabled = false,
    ScanMalwareInArchives = false,
    ScanNfsMounts = false,
    ScanProcessMemory = false,
    ScanSensitiveData = false,
    ScanWindowsRegistry = false,
    ScapEnabled = false,
    ScapFiles = new[]
    {
        "string",
    },
    Scopes = new[]
    {
        new Aquasec.Inputs.ImageAssurancePolicyScopeArgs
        {
            Expression = "string",
            Variables = new[]
            {
                new Aquasec.Inputs.ImageAssurancePolicyScopeVariableArgs
                {
                    Attribute = "string",
                    Name = "string",
                    Value = "string",
                },
            },
        },
    },
    TrustedBaseImages = new[]
    {
        new Aquasec.Inputs.ImageAssurancePolicyTrustedBaseImageArgs
        {
            Imagename = "string",
            Registry = "string",
        },
    },
    TrustedBaseImagesEnabled = false,
    VulnerabilityExploitability = false,
    VulnerabilityScoreRanges = new[]
    {
        0,
    },
    WhitelistedLicenses = new[]
    {
        "string",
    },
    WhitelistedLicensesEnabled = false,
});

example, err := aquasec.NewImageAssurancePolicy(ctx, "imageAssurancePolicyResource", &aquasec.ImageAssurancePolicyArgs{
	ApplicationScopes: pulumi.StringArray{
		pulumi.String("string"),
	},
	AggregatedVulnerability: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	AllowedImages: pulumi.StringArray{
		pulumi.String("string"),
	},
	AssuranceType:      pulumi.String("string"),
	AuditOnFailure:     pulumi.Bool(false),
	Author:             pulumi.String("string"),
	AutoScanConfigured: pulumi.Bool(false),
	AutoScanEnabled:    pulumi.Bool(false),
	AutoScanTimes: aquasec.ImageAssurancePolicyAutoScanTimeArray{
		&aquasec.ImageAssurancePolicyAutoScanTimeArgs{
			Iteration:     pulumi.Int(0),
			IterationType: pulumi.String("string"),
			Time:          pulumi.String("string"),
			WeekDays: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	BlacklistPermissions: pulumi.StringArray{
		pulumi.String("string"),
	},
	BlacklistPermissionsEnabled: pulumi.Bool(false),
	BlacklistedLicenses: pulumi.StringArray{
		pulumi.String("string"),
	},
	BlacklistedLicensesEnabled: pulumi.Bool(false),
	BlockFailed:                pulumi.Bool(false),
	ControlExcludeNoFix:        pulumi.Bool(false),
	CustomChecks: aquasec.ImageAssurancePolicyCustomCheckArray{
		&aquasec.ImageAssurancePolicyCustomCheckArgs{
			Author:       pulumi.String("string"),
			Description:  pulumi.String("string"),
			Engine:       pulumi.String("string"),
			LastModified: pulumi.Int(0),
			Name:         pulumi.String("string"),
			Path:         pulumi.String("string"),
			ReadOnly:     pulumi.Bool(false),
			ScriptId:     pulumi.String("string"),
			Severity:     pulumi.String("string"),
			Snippet:      pulumi.String("string"),
		},
	},
	CustomChecksEnabled:   pulumi.Bool(false),
	CustomSeverity:        pulumi.String("string"),
	CustomSeverityEnabled: pulumi.Bool(false),
	CvesBlackListEnabled:  pulumi.Bool(false),
	CvesBlackLists: pulumi.StringArray{
		pulumi.String("string"),
	},
	CvesWhiteListEnabled: pulumi.Bool(false),
	CvesWhiteLists: pulumi.StringArray{
		pulumi.String("string"),
	},
	CvssSeverity:             pulumi.String("string"),
	CvssSeverityEnabled:      pulumi.Bool(false),
	CvssSeverityExcludeNoFix: pulumi.Bool(false),
	Description:              pulumi.String("string"),
	DisallowExploitTypes: pulumi.StringArray{
		pulumi.String("string"),
	},
	DisallowMalware:             pulumi.Bool(false),
	DockerCisEnabled:            pulumi.Bool(false),
	Domain:                      pulumi.String("string"),
	DomainName:                  pulumi.String("string"),
	DtaEnabled:                  pulumi.Bool(false),
	DtaSeverity:                 pulumi.String("string"),
	Enabled:                     pulumi.Bool(false),
	Enforce:                     pulumi.Bool(false),
	EnforceAfterDays:            pulumi.Int(0),
	EnforceExcessivePermissions: pulumi.Bool(false),
	ExceptionalMonitoredMalwarePaths: pulumi.StringArray{
		pulumi.String("string"),
	},
	ExcludeApplicationScopes: pulumi.StringArray{
		pulumi.String("string"),
	},
	FailCicd: pulumi.Bool(false),
	ForbiddenLabels: aquasec.ImageAssurancePolicyForbiddenLabelArray{
		&aquasec.ImageAssurancePolicyForbiddenLabelArgs{
			Key:   pulumi.String("string"),
			Value: pulumi.String("string"),
		},
	},
	ForbiddenLabelsEnabled:           pulumi.Bool(false),
	ForceMicroenforcer:               pulumi.Bool(false),
	FunctionIntegrityEnabled:         pulumi.Bool(false),
	IgnoreBaseImageVln:               pulumi.Bool(false),
	IgnoreRecentlyPublishedVln:       pulumi.Bool(false),
	IgnoreRecentlyPublishedVlnPeriod: pulumi.Int(0),
	IgnoreRiskResourcesEnabled:       pulumi.Bool(false),
	IgnoredRiskResources: pulumi.StringArray{
		pulumi.String("string"),
	},
	IgnoredSensitiveResources: pulumi.StringArray{
		pulumi.String("string"),
	},
	Images: pulumi.StringArray{
		pulumi.String("string"),
	},
	KubeCisEnabled: pulumi.Bool(false),
	KubernetesControls: &aquasec.ImageAssurancePolicyKubernetesControlsArgs{
		AvdId:       pulumi.String("string"),
		Description: pulumi.String("string"),
		Enabled:     pulumi.Bool(false),
		Kind:        pulumi.String("string"),
		Name:        pulumi.String("string"),
		Ootb:        pulumi.Bool(false),
		ScriptId:    pulumi.Int(0),
		Severity:    pulumi.String("string"),
	},
	KubernetesControlsAvdIds: pulumi.StringArray{
		pulumi.String("string"),
	},
	KubernetesControlsNames: pulumi.StringArray{
		pulumi.String("string"),
	},
	Labels: pulumi.StringArray{
		pulumi.String("string"),
	},
	Lastupdate:               pulumi.String("string"),
	LinuxCisEnabled:          pulumi.Bool(false),
	MalwareAction:            pulumi.String("string"),
	MaximumScore:             pulumi.Float64(0),
	MaximumScoreEnabled:      pulumi.Bool(false),
	MaximumScoreExcludeNoFix: pulumi.Bool(false),
	MonitoredMalwarePaths: pulumi.StringArray{
		pulumi.String("string"),
	},
	Name:                      pulumi.String("string"),
	OnlyNoneRootUsers:         pulumi.Bool(false),
	OpenshiftHardeningEnabled: pulumi.Bool(false),
	PackagesBlackListEnabled:  pulumi.Bool(false),
	PackagesBlackLists: aquasec.ImageAssurancePolicyPackagesBlackListArray{
		&aquasec.ImageAssurancePolicyPackagesBlackListArgs{
			Arch:         pulumi.String("string"),
			Display:      pulumi.String("string"),
			Epoch:        pulumi.String("string"),
			Format:       pulumi.String("string"),
			License:      pulumi.String("string"),
			Name:         pulumi.String("string"),
			Release:      pulumi.String("string"),
			Version:      pulumi.String("string"),
			VersionRange: pulumi.String("string"),
		},
	},
	PackagesWhiteListEnabled: pulumi.Bool(false),
	PackagesWhiteLists: aquasec.ImageAssurancePolicyPackagesWhiteListArray{
		&aquasec.ImageAssurancePolicyPackagesWhiteListArgs{
			Arch:         pulumi.String("string"),
			Display:      pulumi.String("string"),
			Epoch:        pulumi.String("string"),
			Format:       pulumi.String("string"),
			License:      pulumi.String("string"),
			Name:         pulumi.String("string"),
			Release:      pulumi.String("string"),
			Version:      pulumi.String("string"),
			VersionRange: pulumi.String("string"),
		},
	},
	PartialResultsImageFail: pulumi.Bool(false),
	Permission:              pulumi.String("string"),
	PolicySettings: &aquasec.ImageAssurancePolicyPolicySettingsArgs{
		Enforce:        pulumi.Bool(false),
		IsAuditChecked: pulumi.Bool(false),
		Warn:           pulumi.Bool(false),
		WarningMessage: pulumi.String("string"),
	},
	ReadOnly: pulumi.Bool(false),
	Registries: pulumi.StringArray{
		pulumi.String("string"),
	},
	Registry: pulumi.String("string"),
	RequiredLabels: aquasec.ImageAssurancePolicyRequiredLabelArray{
		&aquasec.ImageAssurancePolicyRequiredLabelArgs{
			Key:   pulumi.String("string"),
			Value: pulumi.String("string"),
		},
	},
	RequiredLabelsEnabled: pulumi.Bool(false),
	ScanMalwareInArchives: pulumi.Bool(false),
	ScanNfsMounts:         pulumi.Bool(false),
	ScanProcessMemory:     pulumi.Bool(false),
	ScanSensitiveData:     pulumi.Bool(false),
	ScanWindowsRegistry:   pulumi.Bool(false),
	ScapEnabled:           pulumi.Bool(false),
	ScapFiles: pulumi.StringArray{
		pulumi.String("string"),
	},
	Scopes: aquasec.ImageAssurancePolicyScopeArray{
		&aquasec.ImageAssurancePolicyScopeArgs{
			Expression: pulumi.String("string"),
			Variables: aquasec.ImageAssurancePolicyScopeVariableArray{
				&aquasec.ImageAssurancePolicyScopeVariableArgs{
					Attribute: pulumi.String("string"),
					Name:      pulumi.String("string"),
					Value:     pulumi.String("string"),
				},
			},
		},
	},
	TrustedBaseImages: aquasec.ImageAssurancePolicyTrustedBaseImageArray{
		&aquasec.ImageAssurancePolicyTrustedBaseImageArgs{
			Imagename: pulumi.String("string"),
			Registry:  pulumi.String("string"),
		},
	},
	TrustedBaseImagesEnabled:    pulumi.Bool(false),
	VulnerabilityExploitability: pulumi.Bool(false),
	VulnerabilityScoreRanges: pulumi.IntArray{
		pulumi.Int(0),
	},
	WhitelistedLicenses: pulumi.StringArray{
		pulumi.String("string"),
	},
	WhitelistedLicensesEnabled: pulumi.Bool(false),
})

var imageAssurancePolicyResource = new ImageAssurancePolicy("imageAssurancePolicyResource", ImageAssurancePolicyArgs.builder()
    .applicationScopes("string")
    .aggregatedVulnerability(Map.of("string", "string"))
    .allowedImages("string")
    .assuranceType("string")
    .auditOnFailure(false)
    .author("string")
    .autoScanConfigured(false)
    .autoScanEnabled(false)
    .autoScanTimes(ImageAssurancePolicyAutoScanTimeArgs.builder()
        .iteration(0)
        .iterationType("string")
        .time("string")
        .weekDays("string")
        .build())
    .blacklistPermissions("string")
    .blacklistPermissionsEnabled(false)
    .blacklistedLicenses("string")
    .blacklistedLicensesEnabled(false)
    .blockFailed(false)
    .controlExcludeNoFix(false)
    .customChecks(ImageAssurancePolicyCustomCheckArgs.builder()
        .author("string")
        .description("string")
        .engine("string")
        .lastModified(0)
        .name("string")
        .path("string")
        .readOnly(false)
        .scriptId("string")
        .severity("string")
        .snippet("string")
        .build())
    .customChecksEnabled(false)
    .customSeverity("string")
    .customSeverityEnabled(false)
    .cvesBlackListEnabled(false)
    .cvesBlackLists("string")
    .cvesWhiteListEnabled(false)
    .cvesWhiteLists("string")
    .cvssSeverity("string")
    .cvssSeverityEnabled(false)
    .cvssSeverityExcludeNoFix(false)
    .description("string")
    .disallowExploitTypes("string")
    .disallowMalware(false)
    .dockerCisEnabled(false)
    .domain("string")
    .domainName("string")
    .dtaEnabled(false)
    .dtaSeverity("string")
    .enabled(false)
    .enforce(false)
    .enforceAfterDays(0)
    .enforceExcessivePermissions(false)
    .exceptionalMonitoredMalwarePaths("string")
    .excludeApplicationScopes("string")
    .failCicd(false)
    .forbiddenLabels(ImageAssurancePolicyForbiddenLabelArgs.builder()
        .key("string")
        .value("string")
        .build())
    .forbiddenLabelsEnabled(false)
    .forceMicroenforcer(false)
    .functionIntegrityEnabled(false)
    .ignoreBaseImageVln(false)
    .ignoreRecentlyPublishedVln(false)
    .ignoreRecentlyPublishedVlnPeriod(0)
    .ignoreRiskResourcesEnabled(false)
    .ignoredRiskResources("string")
    .ignoredSensitiveResources("string")
    .images("string")
    .kubeCisEnabled(false)
    .kubernetesControls(ImageAssurancePolicyKubernetesControlsArgs.builder()
        .avdId("string")
        .description("string")
        .enabled(false)
        .kind("string")
        .name("string")
        .ootb(false)
        .scriptId(0)
        .severity("string")
        .build())
    .kubernetesControlsAvdIds("string")
    .kubernetesControlsNames("string")
    .labels("string")
    .lastupdate("string")
    .linuxCisEnabled(false)
    .malwareAction("string")
    .maximumScore(0)
    .maximumScoreEnabled(false)
    .maximumScoreExcludeNoFix(false)
    .monitoredMalwarePaths("string")
    .name("string")
    .onlyNoneRootUsers(false)
    .openshiftHardeningEnabled(false)
    .packagesBlackListEnabled(false)
    .packagesBlackLists(ImageAssurancePolicyPackagesBlackListArgs.builder()
        .arch("string")
        .display("string")
        .epoch("string")
        .format("string")
        .license("string")
        .name("string")
        .release("string")
        .version("string")
        .versionRange("string")
        .build())
    .packagesWhiteListEnabled(false)
    .packagesWhiteLists(ImageAssurancePolicyPackagesWhiteListArgs.builder()
        .arch("string")
        .display("string")
        .epoch("string")
        .format("string")
        .license("string")
        .name("string")
        .release("string")
        .version("string")
        .versionRange("string")
        .build())
    .partialResultsImageFail(false)
    .permission("string")
    .policySettings(ImageAssurancePolicyPolicySettingsArgs.builder()
        .enforce(false)
        .isAuditChecked(false)
        .warn(false)
        .warningMessage("string")
        .build())
    .readOnly(false)
    .registries("string")
    .registry("string")
    .requiredLabels(ImageAssurancePolicyRequiredLabelArgs.builder()
        .key("string")
        .value("string")
        .build())
    .requiredLabelsEnabled(false)
    .scanMalwareInArchives(false)
    .scanNfsMounts(false)
    .scanProcessMemory(false)
    .scanSensitiveData(false)
    .scanWindowsRegistry(false)
    .scapEnabled(false)
    .scapFiles("string")
    .scopes(ImageAssurancePolicyScopeArgs.builder()
        .expression("string")
        .variables(ImageAssurancePolicyScopeVariableArgs.builder()
            .attribute("string")
            .name("string")
            .value("string")
            .build())
        .build())
    .trustedBaseImages(ImageAssurancePolicyTrustedBaseImageArgs.builder()
        .imagename("string")
        .registry("string")
        .build())
    .trustedBaseImagesEnabled(false)
    .vulnerabilityExploitability(false)
    .vulnerabilityScoreRanges(0)
    .whitelistedLicenses("string")
    .whitelistedLicensesEnabled(false)
    .build());

image_assurance_policy_resource = aquasec.ImageAssurancePolicy("imageAssurancePolicyResource",
    application_scopes=["string"],
    aggregated_vulnerability={
        "string": "string",
    },
    allowed_images=["string"],
    assurance_type="string",
    audit_on_failure=False,
    author="string",
    auto_scan_configured=False,
    auto_scan_enabled=False,
    auto_scan_times=[{
        "iteration": 0,
        "iteration_type": "string",
        "time": "string",
        "week_days": ["string"],
    }],
    blacklist_permissions=["string"],
    blacklist_permissions_enabled=False,
    blacklisted_licenses=["string"],
    blacklisted_licenses_enabled=False,
    block_failed=False,
    control_exclude_no_fix=False,
    custom_checks=[{
        "author": "string",
        "description": "string",
        "engine": "string",
        "last_modified": 0,
        "name": "string",
        "path": "string",
        "read_only": False,
        "script_id": "string",
        "severity": "string",
        "snippet": "string",
    }],
    custom_checks_enabled=False,
    custom_severity="string",
    custom_severity_enabled=False,
    cves_black_list_enabled=False,
    cves_black_lists=["string"],
    cves_white_list_enabled=False,
    cves_white_lists=["string"],
    cvss_severity="string",
    cvss_severity_enabled=False,
    cvss_severity_exclude_no_fix=False,
    description="string",
    disallow_exploit_types=["string"],
    disallow_malware=False,
    docker_cis_enabled=False,
    domain="string",
    domain_name="string",
    dta_enabled=False,
    dta_severity="string",
    enabled=False,
    enforce=False,
    enforce_after_days=0,
    enforce_excessive_permissions=False,
    exceptional_monitored_malware_paths=["string"],
    exclude_application_scopes=["string"],
    fail_cicd=False,
    forbidden_labels=[{
        "key": "string",
        "value": "string",
    }],
    forbidden_labels_enabled=False,
    force_microenforcer=False,
    function_integrity_enabled=False,
    ignore_base_image_vln=False,
    ignore_recently_published_vln=False,
    ignore_recently_published_vln_period=0,
    ignore_risk_resources_enabled=False,
    ignored_risk_resources=["string"],
    ignored_sensitive_resources=["string"],
    images=["string"],
    kube_cis_enabled=False,
    kubernetes_controls={
        "avd_id": "string",
        "description": "string",
        "enabled": False,
        "kind": "string",
        "name": "string",
        "ootb": False,
        "script_id": 0,
        "severity": "string",
    },
    kubernetes_controls_avd_ids=["string"],
    kubernetes_controls_names=["string"],
    labels=["string"],
    lastupdate="string",
    linux_cis_enabled=False,
    malware_action="string",
    maximum_score=0,
    maximum_score_enabled=False,
    maximum_score_exclude_no_fix=False,
    monitored_malware_paths=["string"],
    name="string",
    only_none_root_users=False,
    openshift_hardening_enabled=False,
    packages_black_list_enabled=False,
    packages_black_lists=[{
        "arch": "string",
        "display": "string",
        "epoch": "string",
        "format": "string",
        "license": "string",
        "name": "string",
        "release": "string",
        "version": "string",
        "version_range": "string",
    }],
    packages_white_list_enabled=False,
    packages_white_lists=[{
        "arch": "string",
        "display": "string",
        "epoch": "string",
        "format": "string",
        "license": "string",
        "name": "string",
        "release": "string",
        "version": "string",
        "version_range": "string",
    }],
    partial_results_image_fail=False,
    permission="string",
    policy_settings={
        "enforce": False,
        "is_audit_checked": False,
        "warn": False,
        "warning_message": "string",
    },
    read_only=False,
    registries=["string"],
    registry="string",
    required_labels=[{
        "key": "string",
        "value": "string",
    }],
    required_labels_enabled=False,
    scan_malware_in_archives=False,
    scan_nfs_mounts=False,
    scan_process_memory=False,
    scan_sensitive_data=False,
    scan_windows_registry=False,
    scap_enabled=False,
    scap_files=["string"],
    scopes=[{
        "expression": "string",
        "variables": [{
            "attribute": "string",
            "name": "string",
            "value": "string",
        }],
    }],
    trusted_base_images=[{
        "imagename": "string",
        "registry": "string",
    }],
    trusted_base_images_enabled=False,
    vulnerability_exploitability=False,
    vulnerability_score_ranges=[0],
    whitelisted_licenses=["string"],
    whitelisted_licenses_enabled=False)

const imageAssurancePolicyResource = new aquasec.ImageAssurancePolicy("imageAssurancePolicyResource", {
    applicationScopes: ["string"],
    aggregatedVulnerability: {
        string: "string",
    },
    allowedImages: ["string"],
    assuranceType: "string",
    auditOnFailure: false,
    author: "string",
    autoScanConfigured: false,
    autoScanEnabled: false,
    autoScanTimes: [{
        iteration: 0,
        iterationType: "string",
        time: "string",
        weekDays: ["string"],
    }],
    blacklistPermissions: ["string"],
    blacklistPermissionsEnabled: false,
    blacklistedLicenses: ["string"],
    blacklistedLicensesEnabled: false,
    blockFailed: false,
    controlExcludeNoFix: false,
    customChecks: [{
        author: "string",
        description: "string",
        engine: "string",
        lastModified: 0,
        name: "string",
        path: "string",
        readOnly: false,
        scriptId: "string",
        severity: "string",
        snippet: "string",
    }],
    customChecksEnabled: false,
    customSeverity: "string",
    customSeverityEnabled: false,
    cvesBlackListEnabled: false,
    cvesBlackLists: ["string"],
    cvesWhiteListEnabled: false,
    cvesWhiteLists: ["string"],
    cvssSeverity: "string",
    cvssSeverityEnabled: false,
    cvssSeverityExcludeNoFix: false,
    description: "string",
    disallowExploitTypes: ["string"],
    disallowMalware: false,
    dockerCisEnabled: false,
    domain: "string",
    domainName: "string",
    dtaEnabled: false,
    dtaSeverity: "string",
    enabled: false,
    enforce: false,
    enforceAfterDays: 0,
    enforceExcessivePermissions: false,
    exceptionalMonitoredMalwarePaths: ["string"],
    excludeApplicationScopes: ["string"],
    failCicd: false,
    forbiddenLabels: [{
        key: "string",
        value: "string",
    }],
    forbiddenLabelsEnabled: false,
    forceMicroenforcer: false,
    functionIntegrityEnabled: false,
    ignoreBaseImageVln: false,
    ignoreRecentlyPublishedVln: false,
    ignoreRecentlyPublishedVlnPeriod: 0,
    ignoreRiskResourcesEnabled: false,
    ignoredRiskResources: ["string"],
    ignoredSensitiveResources: ["string"],
    images: ["string"],
    kubeCisEnabled: false,
    kubernetesControls: {
        avdId: "string",
        description: "string",
        enabled: false,
        kind: "string",
        name: "string",
        ootb: false,
        scriptId: 0,
        severity: "string",
    },
    kubernetesControlsAvdIds: ["string"],
    kubernetesControlsNames: ["string"],
    labels: ["string"],
    lastupdate: "string",
    linuxCisEnabled: false,
    malwareAction: "string",
    maximumScore: 0,
    maximumScoreEnabled: false,
    maximumScoreExcludeNoFix: false,
    monitoredMalwarePaths: ["string"],
    name: "string",
    onlyNoneRootUsers: false,
    openshiftHardeningEnabled: false,
    packagesBlackListEnabled: false,
    packagesBlackLists: [{
        arch: "string",
        display: "string",
        epoch: "string",
        format: "string",
        license: "string",
        name: "string",
        release: "string",
        version: "string",
        versionRange: "string",
    }],
    packagesWhiteListEnabled: false,
    packagesWhiteLists: [{
        arch: "string",
        display: "string",
        epoch: "string",
        format: "string",
        license: "string",
        name: "string",
        release: "string",
        version: "string",
        versionRange: "string",
    }],
    partialResultsImageFail: false,
    permission: "string",
    policySettings: {
        enforce: false,
        isAuditChecked: false,
        warn: false,
        warningMessage: "string",
    },
    readOnly: false,
    registries: ["string"],
    registry: "string",
    requiredLabels: [{
        key: "string",
        value: "string",
    }],
    requiredLabelsEnabled: false,
    scanMalwareInArchives: false,
    scanNfsMounts: false,
    scanProcessMemory: false,
    scanSensitiveData: false,
    scanWindowsRegistry: false,
    scapEnabled: false,
    scapFiles: ["string"],
    scopes: [{
        expression: "string",
        variables: [{
            attribute: "string",
            name: "string",
            value: "string",
        }],
    }],
    trustedBaseImages: [{
        imagename: "string",
        registry: "string",
    }],
    trustedBaseImagesEnabled: false,
    vulnerabilityExploitability: false,
    vulnerabilityScoreRanges: [0],
    whitelistedLicenses: ["string"],
    whitelistedLicensesEnabled: false,
});

type: aquasec:ImageAssurancePolicy
properties:
    aggregatedVulnerability:
        string: string
    allowedImages:
        - string
    applicationScopes:
        - string
    assuranceType: string
    auditOnFailure: false
    author: string
    autoScanConfigured: false
    autoScanEnabled: false
    autoScanTimes:
        - iteration: 0
          iterationType: string
          time: string
          weekDays:
            - string
    blacklistPermissions:
        - string
    blacklistPermissionsEnabled: false
    blacklistedLicenses:
        - string
    blacklistedLicensesEnabled: false
    blockFailed: false
    controlExcludeNoFix: false
    customChecks:
        - author: string
          description: string
          engine: string
          lastModified: 0
          name: string
          path: string
          readOnly: false
          scriptId: string
          severity: string
          snippet: string
    customChecksEnabled: false
    customSeverity: string
    customSeverityEnabled: false
    cvesBlackListEnabled: false
    cvesBlackLists:
        - string
    cvesWhiteListEnabled: false
    cvesWhiteLists:
        - string
    cvssSeverity: string
    cvssSeverityEnabled: false
    cvssSeverityExcludeNoFix: false
    description: string
    disallowExploitTypes:
        - string
    disallowMalware: false
    dockerCisEnabled: false
    domain: string
    domainName: string
    dtaEnabled: false
    dtaSeverity: string
    enabled: false
    enforce: false
    enforceAfterDays: 0
    enforceExcessivePermissions: false
    exceptionalMonitoredMalwarePaths:
        - string
    excludeApplicationScopes:
        - string
    failCicd: false
    forbiddenLabels:
        - key: string
          value: string
    forbiddenLabelsEnabled: false
    forceMicroenforcer: false
    functionIntegrityEnabled: false
    ignoreBaseImageVln: false
    ignoreRecentlyPublishedVln: false
    ignoreRecentlyPublishedVlnPeriod: 0
    ignoreRiskResourcesEnabled: false
    ignoredRiskResources:
        - string
    ignoredSensitiveResources:
        - string
    images:
        - string
    kubeCisEnabled: false
    kubernetesControls:
        avdId: string
        description: string
        enabled: false
        kind: string
        name: string
        ootb: false
        scriptId: 0
        severity: string
    kubernetesControlsAvdIds:
        - string
    kubernetesControlsNames:
        - string
    labels:
        - string
    lastupdate: string
    linuxCisEnabled: false
    malwareAction: string
    maximumScore: 0
    maximumScoreEnabled: false
    maximumScoreExcludeNoFix: false
    monitoredMalwarePaths:
        - string
    name: string
    onlyNoneRootUsers: false
    openshiftHardeningEnabled: false
    packagesBlackListEnabled: false
    packagesBlackLists:
        - arch: string
          display: string
          epoch: string
          format: string
          license: string
          name: string
          release: string
          version: string
          versionRange: string
    packagesWhiteListEnabled: false
    packagesWhiteLists:
        - arch: string
          display: string
          epoch: string
          format: string
          license: string
          name: string
          release: string
          version: string
          versionRange: string
    partialResultsImageFail: false
    permission: string
    policySettings:
        enforce: false
        isAuditChecked: false
        warn: false
        warningMessage: string
    readOnly: false
    registries:
        - string
    registry: string
    requiredLabels:
        - key: string
          value: string
    requiredLabelsEnabled: false
    scanMalwareInArchives: false
    scanNfsMounts: false
    scanProcessMemory: false
    scanSensitiveData: false
    scanWindowsRegistry: false
    scapEnabled: false
    scapFiles:
        - string
    scopes:
        - expression: string
          variables:
            - attribute: string
              name: string
              value: string
    trustedBaseImages:
        - imagename: string
          registry: string
    trustedBaseImagesEnabled: false
    vulnerabilityExploitability: false
    vulnerabilityScoreRanges:
        - 0
    whitelistedLicenses:
        - string
    whitelistedLicensesEnabled: false

ImageAssurancePolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ImageAssurancePolicy resource accepts the following input properties:

ApplicationScopes List<string>
AggregatedVulnerability Dictionary<string, string>: Aggregated vulnerability information.
AllowedImages List<string>: List of explicitly allowed images.
AssuranceType string: What type of assurance policy is described.
AuditOnFailure bool: Indicates if auditing for failures.
Author string: Name of user account that created the policy.
AutoScanConfigured bool
AutoScanEnabled bool
AutoScanTimes List<Pulumiverse.Aquasec.Inputs.ImageAssurancePolicyAutoScanTime>
BlacklistPermissions List<string>: List of function's forbidden permissions.
BlacklistPermissionsEnabled bool: Indicates if blacklist permissions is relevant.
BlacklistedLicenses List<string>: List of blacklisted licenses.
BlacklistedLicensesEnabled bool: Indicates if license blacklist is relevant.
BlockFailed bool: Indicates if failed images are blocked.
ControlExcludeNoFix bool
CustomChecks List<Pulumiverse.Aquasec.Inputs.ImageAssurancePolicyCustomCheck>: List of Custom user scripts for checks.
CustomChecksEnabled bool: Indicates if scanning should include custom checks.
CustomSeverity string
CustomSeverityEnabled bool
CvesBlackListEnabled bool: Indicates if CVEs blacklist is relevant.
CvesBlackLists List<string>: List of cves blacklisted items.
CvesWhiteListEnabled bool: Indicates if cves whitelist is relevant.
CvesWhiteLists List<string>: List of cves whitelisted licenses
CvssSeverity string: Identifier of the cvss severity. Only applied if cvss_severity_enabled is set to true. Valid options: critical, high, medium, low.
CvssSeverityEnabled bool: Indicates if the cvss severity is scanned.
CvssSeverityExcludeNoFix bool: Indicates that policy should ignore cvss cases that do not have a known fix.
Description string
DisallowExploitTypes List<string>
DisallowMalware bool: Indicates if malware should block the image.
DockerCisEnabled bool: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
Domain string: Name of the container image.
DomainName string
DtaEnabled bool
DtaSeverity string
Enabled bool
Enforce bool
EnforceAfterDays int
EnforceExcessivePermissions bool
ExceptionalMonitoredMalwarePaths List<string>
ExcludeApplicationScopes List<string>
FailCicd bool: Indicates if cicd failures will fail the image.
ForbiddenLabels List<Pulumiverse.Aquasec.Inputs.ImageAssurancePolicyForbiddenLabel>
ForbiddenLabelsEnabled bool
ForceMicroenforcer bool
FunctionIntegrityEnabled bool
IgnoreBaseImageVln bool
IgnoreRecentlyPublishedVln bool
IgnoreRecentlyPublishedVlnPeriod int
IgnoreRiskResourcesEnabled bool: Indicates if risk resources are ignored.
IgnoredRiskResources List<string>: List of ignored risk resources.
IgnoredSensitiveResources List<string>
Images List<string>: List of images.
KubeCisEnabled bool: Performs a Kubernetes CIS benchmark check for the host.
KubernetesControls Pulumiverse.Aquasec.Inputs.ImageAssurancePolicyKubernetesControls: List of Kubernetes controls.
KubernetesControlsAvdIds List<string>
KubernetesControlsNames List<string>
Labels List<string>: List of labels.
Lastupdate string
LinuxCisEnabled bool
MalwareAction string
MaximumScore double: Value of allowed maximum score.
MaximumScoreEnabled bool: Indicates if exceeding the maximum score is scanned.
MaximumScoreExcludeNoFix bool
MonitoredMalwarePaths List<string>
Name string
OnlyNoneRootUsers bool: Indicates if raise a warning for images that should only be run as root.
OpenshiftHardeningEnabled bool
PackagesBlackListEnabled bool: Indicates if packages blacklist is relevant.
PackagesBlackLists List<Pulumiverse.Aquasec.Inputs.ImageAssurancePolicyPackagesBlackList>: List of blacklisted images.
PackagesWhiteListEnabled bool: Indicates if packages whitelist is relevant.
PackagesWhiteLists List<Pulumiverse.Aquasec.Inputs.ImageAssurancePolicyPackagesWhiteList>: List of whitelisted images.
PartialResultsImageFail bool
Permission string
PolicySettings Pulumiverse.Aquasec.Inputs.ImageAssurancePolicyPolicySettings
ReadOnly bool
Registries List<string>: List of registries.
Registry string
RequiredLabels List<Pulumiverse.Aquasec.Inputs.ImageAssurancePolicyRequiredLabel>
RequiredLabelsEnabled bool
ScanMalwareInArchives bool
ScanNfsMounts bool
ScanProcessMemory bool
ScanSensitiveData bool: Indicates if scan should include sensitive data in the image.
ScanWindowsRegistry bool
ScapEnabled bool: Indicates if scanning should include scap.
ScapFiles List<string>: List of SCAP user scripts for checks.
Scopes List<Pulumiverse.Aquasec.Inputs.ImageAssurancePolicyScope>
TrustedBaseImages List<Pulumiverse.Aquasec.Inputs.ImageAssurancePolicyTrustedBaseImage>: List of trusted images.
TrustedBaseImagesEnabled bool: Indicates if list of trusted base images is relevant.
VulnerabilityExploitability bool
VulnerabilityScoreRanges List<int>
WhitelistedLicenses List<string>: List of whitelisted licenses.
WhitelistedLicensesEnabled bool: Indicates if license blacklist is relevant.

ApplicationScopes []string
AggregatedVulnerability map[string]string: Aggregated vulnerability information.
AllowedImages []string: List of explicitly allowed images.
AssuranceType string: What type of assurance policy is described.
AuditOnFailure bool: Indicates if auditing for failures.
Author string: Name of user account that created the policy.
AutoScanConfigured bool
AutoScanEnabled bool
AutoScanTimes []ImageAssurancePolicyAutoScanTimeArgs
BlacklistPermissions []string: List of function's forbidden permissions.
BlacklistPermissionsEnabled bool: Indicates if blacklist permissions is relevant.
BlacklistedLicenses []string: List of blacklisted licenses.
BlacklistedLicensesEnabled bool: Indicates if license blacklist is relevant.
BlockFailed bool: Indicates if failed images are blocked.
ControlExcludeNoFix bool
CustomChecks []ImageAssurancePolicyCustomCheckArgs: List of Custom user scripts for checks.
CustomChecksEnabled bool: Indicates if scanning should include custom checks.
CustomSeverity string
CustomSeverityEnabled bool
CvesBlackListEnabled bool: Indicates if CVEs blacklist is relevant.
CvesBlackLists []string: List of cves blacklisted items.
CvesWhiteListEnabled bool: Indicates if cves whitelist is relevant.
CvesWhiteLists []string: List of cves whitelisted licenses
CvssSeverity string: Identifier of the cvss severity. Only applied if cvss_severity_enabled is set to true. Valid options: critical, high, medium, low.
CvssSeverityEnabled bool: Indicates if the cvss severity is scanned.
CvssSeverityExcludeNoFix bool: Indicates that policy should ignore cvss cases that do not have a known fix.
Description string
DisallowExploitTypes []string
DisallowMalware bool: Indicates if malware should block the image.
DockerCisEnabled bool: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
Domain string: Name of the container image.
DomainName string
DtaEnabled bool
DtaSeverity string
Enabled bool
Enforce bool
EnforceAfterDays int
EnforceExcessivePermissions bool
ExceptionalMonitoredMalwarePaths []string
ExcludeApplicationScopes []string
FailCicd bool: Indicates if cicd failures will fail the image.
ForbiddenLabels []ImageAssurancePolicyForbiddenLabelArgs
ForbiddenLabelsEnabled bool
ForceMicroenforcer bool
FunctionIntegrityEnabled bool
IgnoreBaseImageVln bool
IgnoreRecentlyPublishedVln bool
IgnoreRecentlyPublishedVlnPeriod int
IgnoreRiskResourcesEnabled bool: Indicates if risk resources are ignored.
IgnoredRiskResources []string: List of ignored risk resources.
IgnoredSensitiveResources []string
Images []string: List of images.
KubeCisEnabled bool: Performs a Kubernetes CIS benchmark check for the host.
KubernetesControls ImageAssurancePolicyKubernetesControlsArgs: List of Kubernetes controls.
KubernetesControlsAvdIds []string
KubernetesControlsNames []string
Labels []string: List of labels.
Lastupdate string
LinuxCisEnabled bool
MalwareAction string
MaximumScore float64: Value of allowed maximum score.
MaximumScoreEnabled bool: Indicates if exceeding the maximum score is scanned.
MaximumScoreExcludeNoFix bool
MonitoredMalwarePaths []string
Name string
OnlyNoneRootUsers bool: Indicates if raise a warning for images that should only be run as root.
OpenshiftHardeningEnabled bool
PackagesBlackListEnabled bool: Indicates if packages blacklist is relevant.
PackagesBlackLists []ImageAssurancePolicyPackagesBlackListArgs: List of blacklisted images.
PackagesWhiteListEnabled bool: Indicates if packages whitelist is relevant.
PackagesWhiteLists []ImageAssurancePolicyPackagesWhiteListArgs: List of whitelisted images.
PartialResultsImageFail bool
Permission string
PolicySettings ImageAssurancePolicyPolicySettingsArgs
ReadOnly bool
Registries []string: List of registries.
Registry string
RequiredLabels []ImageAssurancePolicyRequiredLabelArgs
RequiredLabelsEnabled bool
ScanMalwareInArchives bool
ScanNfsMounts bool
ScanProcessMemory bool
ScanSensitiveData bool: Indicates if scan should include sensitive data in the image.
ScanWindowsRegistry bool
ScapEnabled bool: Indicates if scanning should include scap.
ScapFiles []string: List of SCAP user scripts for checks.
Scopes []ImageAssurancePolicyScopeArgs
TrustedBaseImages []ImageAssurancePolicyTrustedBaseImageArgs: List of trusted images.
TrustedBaseImagesEnabled bool: Indicates if list of trusted base images is relevant.
VulnerabilityExploitability bool
VulnerabilityScoreRanges []int
WhitelistedLicenses []string: List of whitelisted licenses.
WhitelistedLicensesEnabled bool: Indicates if license blacklist is relevant.

applicationScopes List<String>
aggregatedVulnerability Map<String,String>: Aggregated vulnerability information.
allowedImages List<String>: List of explicitly allowed images.
assuranceType String: What type of assurance policy is described.
auditOnFailure Boolean: Indicates if auditing for failures.
author String: Name of user account that created the policy.
autoScanConfigured Boolean
autoScanEnabled Boolean
autoScanTimes List<ImageAssurancePolicyAutoScanTime>
blacklistPermissions List<String>: List of function's forbidden permissions.
blacklistPermissionsEnabled Boolean: Indicates if blacklist permissions is relevant.
blacklistedLicenses List<String>: List of blacklisted licenses.
blacklistedLicensesEnabled Boolean: Indicates if license blacklist is relevant.
blockFailed Boolean: Indicates if failed images are blocked.
controlExcludeNoFix Boolean
customChecks List<ImageAssurancePolicyCustomCheck>: List of Custom user scripts for checks.
customChecksEnabled Boolean: Indicates if scanning should include custom checks.
customSeverity String
customSeverityEnabled Boolean
cvesBlackListEnabled Boolean: Indicates if CVEs blacklist is relevant.
cvesBlackLists List<String>: List of cves blacklisted items.
cvesWhiteListEnabled Boolean: Indicates if cves whitelist is relevant.
cvesWhiteLists List<String>: List of cves whitelisted licenses
cvssSeverity String: Identifier of the cvss severity. Only applied if cvss_severity_enabled is set to true. Valid options: critical, high, medium, low.
cvssSeverityEnabled Boolean: Indicates if the cvss severity is scanned.
cvssSeverityExcludeNoFix Boolean: Indicates that policy should ignore cvss cases that do not have a known fix.
description String
disallowExploitTypes List<String>
disallowMalware Boolean: Indicates if malware should block the image.
dockerCisEnabled Boolean: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain String: Name of the container image.
domainName String
dtaEnabled Boolean
dtaSeverity String
enabled Boolean
enforce Boolean
enforceAfterDays Integer
enforceExcessivePermissions Boolean
exceptionalMonitoredMalwarePaths List<String>
excludeApplicationScopes List<String>
failCicd Boolean: Indicates if cicd failures will fail the image.
forbiddenLabels List<ImageAssurancePolicyForbiddenLabel>
forbiddenLabelsEnabled Boolean
forceMicroenforcer Boolean
functionIntegrityEnabled Boolean
ignoreBaseImageVln Boolean
ignoreRecentlyPublishedVln Boolean
ignoreRecentlyPublishedVlnPeriod Integer
ignoreRiskResourcesEnabled Boolean: Indicates if risk resources are ignored.
ignoredRiskResources List<String>: List of ignored risk resources.
ignoredSensitiveResources List<String>
images List<String>: List of images.
kubeCisEnabled Boolean: Performs a Kubernetes CIS benchmark check for the host.
kubernetesControls ImageAssurancePolicyKubernetesControls: List of Kubernetes controls.
kubernetesControlsAvdIds List<String>
kubernetesControlsNames List<String>
labels List<String>: List of labels.
lastupdate String
linuxCisEnabled Boolean
malwareAction String
maximumScore Double: Value of allowed maximum score.
maximumScoreEnabled Boolean: Indicates if exceeding the maximum score is scanned.
maximumScoreExcludeNoFix Boolean
monitoredMalwarePaths List<String>
name String
onlyNoneRootUsers Boolean: Indicates if raise a warning for images that should only be run as root.
openshiftHardeningEnabled Boolean
packagesBlackListEnabled Boolean: Indicates if packages blacklist is relevant.
packagesBlackLists List<ImageAssurancePolicyPackagesBlackList>: List of blacklisted images.
packagesWhiteListEnabled Boolean: Indicates if packages whitelist is relevant.
packagesWhiteLists List<ImageAssurancePolicyPackagesWhiteList>: List of whitelisted images.
partialResultsImageFail Boolean
permission String
policySettings ImageAssurancePolicyPolicySettings
readOnly Boolean
registries List<String>: List of registries.
registry String
requiredLabels List<ImageAssurancePolicyRequiredLabel>
requiredLabelsEnabled Boolean
scanMalwareInArchives Boolean
scanNfsMounts Boolean
scanProcessMemory Boolean
scanSensitiveData Boolean: Indicates if scan should include sensitive data in the image.
scanWindowsRegistry Boolean
scapEnabled Boolean: Indicates if scanning should include scap.
scapFiles List<String>: List of SCAP user scripts for checks.
scopes List<ImageAssurancePolicyScope>
trustedBaseImages List<ImageAssurancePolicyTrustedBaseImage>: List of trusted images.
trustedBaseImagesEnabled Boolean: Indicates if list of trusted base images is relevant.
vulnerabilityExploitability Boolean
vulnerabilityScoreRanges List<Integer>
whitelistedLicenses List<String>: List of whitelisted licenses.
whitelistedLicensesEnabled Boolean: Indicates if license blacklist is relevant.

applicationScopes string[]
aggregatedVulnerability {[key: string]: string}: Aggregated vulnerability information.
allowedImages string[]: List of explicitly allowed images.
assuranceType string: What type of assurance policy is described.
auditOnFailure boolean: Indicates if auditing for failures.
author string: Name of user account that created the policy.
autoScanConfigured boolean
autoScanEnabled boolean
autoScanTimes ImageAssurancePolicyAutoScanTime[]
blacklistPermissions string[]: List of function's forbidden permissions.
blacklistPermissionsEnabled boolean: Indicates if blacklist permissions is relevant.
blacklistedLicenses string[]: List of blacklisted licenses.
blacklistedLicensesEnabled boolean: Indicates if license blacklist is relevant.
blockFailed boolean: Indicates if failed images are blocked.
controlExcludeNoFix boolean
customChecks ImageAssurancePolicyCustomCheck[]: List of Custom user scripts for checks.
customChecksEnabled boolean: Indicates if scanning should include custom checks.
customSeverity string
customSeverityEnabled boolean
cvesBlackListEnabled boolean: Indicates if CVEs blacklist is relevant.
cvesBlackLists string[]: List of cves blacklisted items.
cvesWhiteListEnabled boolean: Indicates if cves whitelist is relevant.
cvesWhiteLists string[]: List of cves whitelisted licenses
cvssSeverity string: Identifier of the cvss severity. Only applied if cvss_severity_enabled is set to true. Valid options: critical, high, medium, low.
cvssSeverityEnabled boolean: Indicates if the cvss severity is scanned.
cvssSeverityExcludeNoFix boolean: Indicates that policy should ignore cvss cases that do not have a known fix.
description string
disallowExploitTypes string[]
disallowMalware boolean: Indicates if malware should block the image.
dockerCisEnabled boolean: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain string: Name of the container image.
domainName string
dtaEnabled boolean
dtaSeverity string
enabled boolean
enforce boolean
enforceAfterDays number
enforceExcessivePermissions boolean
exceptionalMonitoredMalwarePaths string[]
excludeApplicationScopes string[]
failCicd boolean: Indicates if cicd failures will fail the image.
forbiddenLabels ImageAssurancePolicyForbiddenLabel[]
forbiddenLabelsEnabled boolean
forceMicroenforcer boolean
functionIntegrityEnabled boolean
ignoreBaseImageVln boolean
ignoreRecentlyPublishedVln boolean
ignoreRecentlyPublishedVlnPeriod number
ignoreRiskResourcesEnabled boolean: Indicates if risk resources are ignored.
ignoredRiskResources string[]: List of ignored risk resources.
ignoredSensitiveResources string[]
images string[]: List of images.
kubeCisEnabled boolean: Performs a Kubernetes CIS benchmark check for the host.
kubernetesControls ImageAssurancePolicyKubernetesControls: List of Kubernetes controls.
kubernetesControlsAvdIds string[]
kubernetesControlsNames string[]
labels string[]: List of labels.
lastupdate string
linuxCisEnabled boolean
malwareAction string
maximumScore number: Value of allowed maximum score.
maximumScoreEnabled boolean: Indicates if exceeding the maximum score is scanned.
maximumScoreExcludeNoFix boolean
monitoredMalwarePaths string[]
name string
onlyNoneRootUsers boolean: Indicates if raise a warning for images that should only be run as root.
openshiftHardeningEnabled boolean
packagesBlackListEnabled boolean: Indicates if packages blacklist is relevant.
packagesBlackLists ImageAssurancePolicyPackagesBlackList[]: List of blacklisted images.
packagesWhiteListEnabled boolean: Indicates if packages whitelist is relevant.
packagesWhiteLists ImageAssurancePolicyPackagesWhiteList[]: List of whitelisted images.
partialResultsImageFail boolean
permission string
policySettings ImageAssurancePolicyPolicySettings
readOnly boolean
registries string[]: List of registries.
registry string
requiredLabels ImageAssurancePolicyRequiredLabel[]
requiredLabelsEnabled boolean
scanMalwareInArchives boolean
scanNfsMounts boolean
scanProcessMemory boolean
scanSensitiveData boolean: Indicates if scan should include sensitive data in the image.
scanWindowsRegistry boolean
scapEnabled boolean: Indicates if scanning should include scap.
scapFiles string[]: List of SCAP user scripts for checks.
scopes ImageAssurancePolicyScope[]
trustedBaseImages ImageAssurancePolicyTrustedBaseImage[]: List of trusted images.
trustedBaseImagesEnabled boolean: Indicates if list of trusted base images is relevant.
vulnerabilityExploitability boolean
vulnerabilityScoreRanges number[]
whitelistedLicenses string[]: List of whitelisted licenses.
whitelistedLicensesEnabled boolean: Indicates if license blacklist is relevant.

application_scopes Sequence[str]
aggregated_vulnerability Mapping[str, str]: Aggregated vulnerability information.
allowed_images Sequence[str]: List of explicitly allowed images.
assurance_type str: What type of assurance policy is described.
audit_on_failure bool: Indicates if auditing for failures.
author str: Name of user account that created the policy.
auto_scan_configured bool
auto_scan_enabled bool
auto_scan_times Sequence[ImageAssurancePolicyAutoScanTimeArgs]
blacklist_permissions Sequence[str]: List of function's forbidden permissions.
blacklist_permissions_enabled bool: Indicates if blacklist permissions is relevant.
blacklisted_licenses Sequence[str]: List of blacklisted licenses.
blacklisted_licenses_enabled bool: Indicates if license blacklist is relevant.
block_failed bool: Indicates if failed images are blocked.
control_exclude_no_fix bool
custom_checks Sequence[ImageAssurancePolicyCustomCheckArgs]: List of Custom user scripts for checks.
custom_checks_enabled bool: Indicates if scanning should include custom checks.
custom_severity str
custom_severity_enabled bool
cves_black_list_enabled bool: Indicates if CVEs blacklist is relevant.
cves_black_lists Sequence[str]: List of cves blacklisted items.
cves_white_list_enabled bool: Indicates if cves whitelist is relevant.
cves_white_lists Sequence[str]: List of cves whitelisted licenses
cvss_severity str: Identifier of the cvss severity. Only applied if cvss_severity_enabled is set to true. Valid options: critical, high, medium, low.
cvss_severity_enabled bool: Indicates if the cvss severity is scanned.
cvss_severity_exclude_no_fix bool: Indicates that policy should ignore cvss cases that do not have a known fix.
description str
disallow_exploit_types Sequence[str]
disallow_malware bool: Indicates if malware should block the image.
docker_cis_enabled bool: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain str: Name of the container image.
domain_name str
dta_enabled bool
dta_severity str
enabled bool
enforce bool
enforce_after_days int
enforce_excessive_permissions bool
exceptional_monitored_malware_paths Sequence[str]
exclude_application_scopes Sequence[str]
fail_cicd bool: Indicates if cicd failures will fail the image.
forbidden_labels Sequence[ImageAssurancePolicyForbiddenLabelArgs]
forbidden_labels_enabled bool
force_microenforcer bool
function_integrity_enabled bool
ignore_base_image_vln bool
ignore_recently_published_vln bool
ignore_recently_published_vln_period int
ignore_risk_resources_enabled bool: Indicates if risk resources are ignored.
ignored_risk_resources Sequence[str]: List of ignored risk resources.
ignored_sensitive_resources Sequence[str]
images Sequence[str]: List of images.
kube_cis_enabled bool: Performs a Kubernetes CIS benchmark check for the host.
kubernetes_controls ImageAssurancePolicyKubernetesControlsArgs: List of Kubernetes controls.
kubernetes_controls_avd_ids Sequence[str]
kubernetes_controls_names Sequence[str]
labels Sequence[str]: List of labels.
lastupdate str
linux_cis_enabled bool
malware_action str
maximum_score float: Value of allowed maximum score.
maximum_score_enabled bool: Indicates if exceeding the maximum score is scanned.
maximum_score_exclude_no_fix bool
monitored_malware_paths Sequence[str]
name str
only_none_root_users bool: Indicates if raise a warning for images that should only be run as root.
openshift_hardening_enabled bool
packages_black_list_enabled bool: Indicates if packages blacklist is relevant.
packages_black_lists Sequence[ImageAssurancePolicyPackagesBlackListArgs]: List of blacklisted images.
packages_white_list_enabled bool: Indicates if packages whitelist is relevant.
packages_white_lists Sequence[ImageAssurancePolicyPackagesWhiteListArgs]: List of whitelisted images.
partial_results_image_fail bool
permission str
policy_settings ImageAssurancePolicyPolicySettingsArgs
read_only bool
registries Sequence[str]: List of registries.
registry str
required_labels Sequence[ImageAssurancePolicyRequiredLabelArgs]
required_labels_enabled bool
scan_malware_in_archives bool
scan_nfs_mounts bool
scan_process_memory bool
scan_sensitive_data bool: Indicates if scan should include sensitive data in the image.
scan_windows_registry bool
scap_enabled bool: Indicates if scanning should include scap.
scap_files Sequence[str]: List of SCAP user scripts for checks.
scopes Sequence[ImageAssurancePolicyScopeArgs]
trusted_base_images Sequence[ImageAssurancePolicyTrustedBaseImageArgs]: List of trusted images.
trusted_base_images_enabled bool: Indicates if list of trusted base images is relevant.
vulnerability_exploitability bool
vulnerability_score_ranges Sequence[int]
whitelisted_licenses Sequence[str]: List of whitelisted licenses.
whitelisted_licenses_enabled bool: Indicates if license blacklist is relevant.

applicationScopes List<String>
aggregatedVulnerability Map<String>: Aggregated vulnerability information.
allowedImages List<String>: List of explicitly allowed images.
assuranceType String: What type of assurance policy is described.
auditOnFailure Boolean: Indicates if auditing for failures.
author String: Name of user account that created the policy.
autoScanConfigured Boolean
autoScanEnabled Boolean
autoScanTimes List<Property Map>
blacklistPermissions List<String>: List of function's forbidden permissions.
blacklistPermissionsEnabled Boolean: Indicates if blacklist permissions is relevant.
blacklistedLicenses List<String>: List of blacklisted licenses.
blacklistedLicensesEnabled Boolean: Indicates if license blacklist is relevant.
blockFailed Boolean: Indicates if failed images are blocked.
controlExcludeNoFix Boolean
customChecks List<Property Map>: List of Custom user scripts for checks.
customChecksEnabled Boolean: Indicates if scanning should include custom checks.
customSeverity String
customSeverityEnabled Boolean
cvesBlackListEnabled Boolean: Indicates if CVEs blacklist is relevant.
cvesBlackLists List<String>: List of cves blacklisted items.
cvesWhiteListEnabled Boolean: Indicates if cves whitelist is relevant.
cvesWhiteLists List<String>: List of cves whitelisted licenses
cvssSeverity String: Identifier of the cvss severity. Only applied if cvss_severity_enabled is set to true. Valid options: critical, high, medium, low.
cvssSeverityEnabled Boolean: Indicates if the cvss severity is scanned.
cvssSeverityExcludeNoFix Boolean: Indicates that policy should ignore cvss cases that do not have a known fix.
description String
disallowExploitTypes List<String>
disallowMalware Boolean: Indicates if malware should block the image.
dockerCisEnabled Boolean: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain String: Name of the container image.
domainName String
dtaEnabled Boolean
dtaSeverity String
enabled Boolean
enforce Boolean
enforceAfterDays Number
enforceExcessivePermissions Boolean
exceptionalMonitoredMalwarePaths List<String>
excludeApplicationScopes List<String>
failCicd Boolean: Indicates if cicd failures will fail the image.
forbiddenLabels List<Property Map>
forbiddenLabelsEnabled Boolean
forceMicroenforcer Boolean
functionIntegrityEnabled Boolean
ignoreBaseImageVln Boolean
ignoreRecentlyPublishedVln Boolean
ignoreRecentlyPublishedVlnPeriod Number
ignoreRiskResourcesEnabled Boolean: Indicates if risk resources are ignored.
ignoredRiskResources List<String>: List of ignored risk resources.
ignoredSensitiveResources List<String>
images List<String>: List of images.
kubeCisEnabled Boolean: Performs a Kubernetes CIS benchmark check for the host.
kubernetesControls Property Map: List of Kubernetes controls.
kubernetesControlsAvdIds List<String>
kubernetesControlsNames List<String>
labels List<String>: List of labels.
lastupdate String
linuxCisEnabled Boolean
malwareAction String
maximumScore Number: Value of allowed maximum score.
maximumScoreEnabled Boolean: Indicates if exceeding the maximum score is scanned.
maximumScoreExcludeNoFix Boolean
monitoredMalwarePaths List<String>
name String
onlyNoneRootUsers Boolean: Indicates if raise a warning for images that should only be run as root.
openshiftHardeningEnabled Boolean
packagesBlackListEnabled Boolean: Indicates if packages blacklist is relevant.
packagesBlackLists List<Property Map>: List of blacklisted images.
packagesWhiteListEnabled Boolean: Indicates if packages whitelist is relevant.
packagesWhiteLists List<Property Map>: List of whitelisted images.
partialResultsImageFail Boolean
permission String
policySettings Property Map
readOnly Boolean
registries List<String>: List of registries.
registry String
requiredLabels List<Property Map>
requiredLabelsEnabled Boolean
scanMalwareInArchives Boolean
scanNfsMounts Boolean
scanProcessMemory Boolean
scanSensitiveData Boolean: Indicates if scan should include sensitive data in the image.
scanWindowsRegistry Boolean
scapEnabled Boolean: Indicates if scanning should include scap.
scapFiles List<String>: List of SCAP user scripts for checks.
scopes List<Property Map>
trustedBaseImages List<Property Map>: List of trusted images.
trustedBaseImagesEnabled Boolean: Indicates if list of trusted base images is relevant.
vulnerabilityExploitability Boolean
vulnerabilityScoreRanges List<Number>
whitelistedLicenses List<String>: List of whitelisted licenses.
whitelistedLicensesEnabled Boolean: Indicates if license blacklist is relevant.

Outputs

All input properties are implicitly available as output properties. Additionally, the ImageAssurancePolicy resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing ImageAssurancePolicy Resource

Get an existing ImageAssurancePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ImageAssurancePolicyState, opts?: CustomResourceOptions): ImageAssurancePolicy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        aggregated_vulnerability: Optional[Mapping[str, str]] = None,
        allowed_images: Optional[Sequence[str]] = None,
        application_scopes: Optional[Sequence[str]] = None,
        assurance_type: Optional[str] = None,
        audit_on_failure: Optional[bool] = None,
        author: Optional[str] = None,
        auto_scan_configured: Optional[bool] = None,
        auto_scan_enabled: Optional[bool] = None,
        auto_scan_times: Optional[Sequence[ImageAssurancePolicyAutoScanTimeArgs]] = None,
        blacklist_permissions: Optional[Sequence[str]] = None,
        blacklist_permissions_enabled: Optional[bool] = None,
        blacklisted_licenses: Optional[Sequence[str]] = None,
        blacklisted_licenses_enabled: Optional[bool] = None,
        block_failed: Optional[bool] = None,
        control_exclude_no_fix: Optional[bool] = None,
        custom_checks: Optional[Sequence[ImageAssurancePolicyCustomCheckArgs]] = None,
        custom_checks_enabled: Optional[bool] = None,
        custom_severity: Optional[str] = None,
        custom_severity_enabled: Optional[bool] = None,
        cves_black_list_enabled: Optional[bool] = None,
        cves_black_lists: Optional[Sequence[str]] = None,
        cves_white_list_enabled: Optional[bool] = None,
        cves_white_lists: Optional[Sequence[str]] = None,
        cvss_severity: Optional[str] = None,
        cvss_severity_enabled: Optional[bool] = None,
        cvss_severity_exclude_no_fix: Optional[bool] = None,
        description: Optional[str] = None,
        disallow_exploit_types: Optional[Sequence[str]] = None,
        disallow_malware: Optional[bool] = None,
        docker_cis_enabled: Optional[bool] = None,
        domain: Optional[str] = None,
        domain_name: Optional[str] = None,
        dta_enabled: Optional[bool] = None,
        dta_severity: Optional[str] = None,
        enabled: Optional[bool] = None,
        enforce: Optional[bool] = None,
        enforce_after_days: Optional[int] = None,
        enforce_excessive_permissions: Optional[bool] = None,
        exceptional_monitored_malware_paths: Optional[Sequence[str]] = None,
        exclude_application_scopes: Optional[Sequence[str]] = None,
        fail_cicd: Optional[bool] = None,
        forbidden_labels: Optional[Sequence[ImageAssurancePolicyForbiddenLabelArgs]] = None,
        forbidden_labels_enabled: Optional[bool] = None,
        force_microenforcer: Optional[bool] = None,
        function_integrity_enabled: Optional[bool] = None,
        ignore_base_image_vln: Optional[bool] = None,
        ignore_recently_published_vln: Optional[bool] = None,
        ignore_recently_published_vln_period: Optional[int] = None,
        ignore_risk_resources_enabled: Optional[bool] = None,
        ignored_risk_resources: Optional[Sequence[str]] = None,
        ignored_sensitive_resources: Optional[Sequence[str]] = None,
        images: Optional[Sequence[str]] = None,
        kube_cis_enabled: Optional[bool] = None,
        kubernetes_controls: Optional[ImageAssurancePolicyKubernetesControlsArgs] = None,
        kubernetes_controls_avd_ids: Optional[Sequence[str]] = None,
        kubernetes_controls_names: Optional[Sequence[str]] = None,
        labels: Optional[Sequence[str]] = None,
        lastupdate: Optional[str] = None,
        linux_cis_enabled: Optional[bool] = None,
        malware_action: Optional[str] = None,
        maximum_score: Optional[float] = None,
        maximum_score_enabled: Optional[bool] = None,
        maximum_score_exclude_no_fix: Optional[bool] = None,
        monitored_malware_paths: Optional[Sequence[str]] = None,
        name: Optional[str] = None,
        only_none_root_users: Optional[bool] = None,
        openshift_hardening_enabled: Optional[bool] = None,
        packages_black_list_enabled: Optional[bool] = None,
        packages_black_lists: Optional[Sequence[ImageAssurancePolicyPackagesBlackListArgs]] = None,
        packages_white_list_enabled: Optional[bool] = None,
        packages_white_lists: Optional[Sequence[ImageAssurancePolicyPackagesWhiteListArgs]] = None,
        partial_results_image_fail: Optional[bool] = None,
        permission: Optional[str] = None,
        policy_settings: Optional[ImageAssurancePolicyPolicySettingsArgs] = None,
        read_only: Optional[bool] = None,
        registries: Optional[Sequence[str]] = None,
        registry: Optional[str] = None,
        required_labels: Optional[Sequence[ImageAssurancePolicyRequiredLabelArgs]] = None,
        required_labels_enabled: Optional[bool] = None,
        scan_malware_in_archives: Optional[bool] = None,
        scan_nfs_mounts: Optional[bool] = None,
        scan_process_memory: Optional[bool] = None,
        scan_sensitive_data: Optional[bool] = None,
        scan_windows_registry: Optional[bool] = None,
        scap_enabled: Optional[bool] = None,
        scap_files: Optional[Sequence[str]] = None,
        scopes: Optional[Sequence[ImageAssurancePolicyScopeArgs]] = None,
        trusted_base_images: Optional[Sequence[ImageAssurancePolicyTrustedBaseImageArgs]] = None,
        trusted_base_images_enabled: Optional[bool] = None,
        vulnerability_exploitability: Optional[bool] = None,
        vulnerability_score_ranges: Optional[Sequence[int]] = None,
        whitelisted_licenses: Optional[Sequence[str]] = None,
        whitelisted_licenses_enabled: Optional[bool] = None) -> ImageAssurancePolicy

func GetImageAssurancePolicy(ctx *Context, name string, id IDInput, state *ImageAssurancePolicyState, opts ...ResourceOption) (*ImageAssurancePolicy, error)

public static ImageAssurancePolicy Get(string name, Input<string> id, ImageAssurancePolicyState? state, CustomResourceOptions? opts = null)

public static ImageAssurancePolicy get(String name, Output<String> id, ImageAssurancePolicyState state, CustomResourceOptions options)

resources:  _:    type: aquasec:ImageAssurancePolicy    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AggregatedVulnerability Dictionary<string, string>: Aggregated vulnerability information.
AllowedImages List<string>: List of explicitly allowed images.
ApplicationScopes List<string>
AssuranceType string: What type of assurance policy is described.
AuditOnFailure bool: Indicates if auditing for failures.
Author string: Name of user account that created the policy.
AutoScanConfigured bool
AutoScanEnabled bool
AutoScanTimes List<Pulumiverse.Aquasec.Inputs.ImageAssurancePolicyAutoScanTime>
BlacklistPermissions List<string>: List of function's forbidden permissions.
BlacklistPermissionsEnabled bool: Indicates if blacklist permissions is relevant.
BlacklistedLicenses List<string>: List of blacklisted licenses.
BlacklistedLicensesEnabled bool: Indicates if license blacklist is relevant.
BlockFailed bool: Indicates if failed images are blocked.
ControlExcludeNoFix bool
CustomChecks List<Pulumiverse.Aquasec.Inputs.ImageAssurancePolicyCustomCheck>: List of Custom user scripts for checks.
CustomChecksEnabled bool: Indicates if scanning should include custom checks.
CustomSeverity string
CustomSeverityEnabled bool
CvesBlackListEnabled bool: Indicates if CVEs blacklist is relevant.
CvesBlackLists List<string>: List of cves blacklisted items.
CvesWhiteListEnabled bool: Indicates if cves whitelist is relevant.
CvesWhiteLists List<string>: List of cves whitelisted licenses
CvssSeverity string: Identifier of the cvss severity. Only applied if cvss_severity_enabled is set to true. Valid options: critical, high, medium, low.
CvssSeverityEnabled bool: Indicates if the cvss severity is scanned.
CvssSeverityExcludeNoFix bool: Indicates that policy should ignore cvss cases that do not have a known fix.
Description string
DisallowExploitTypes List<string>
DisallowMalware bool: Indicates if malware should block the image.
DockerCisEnabled bool: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
Domain string: Name of the container image.
DomainName string
DtaEnabled bool
DtaSeverity string
Enabled bool
Enforce bool
EnforceAfterDays int
EnforceExcessivePermissions bool
ExceptionalMonitoredMalwarePaths List<string>
ExcludeApplicationScopes List<string>
FailCicd bool: Indicates if cicd failures will fail the image.
ForbiddenLabels List<Pulumiverse.Aquasec.Inputs.ImageAssurancePolicyForbiddenLabel>
ForbiddenLabelsEnabled bool
ForceMicroenforcer bool
FunctionIntegrityEnabled bool
IgnoreBaseImageVln bool
IgnoreRecentlyPublishedVln bool
IgnoreRecentlyPublishedVlnPeriod int
IgnoreRiskResourcesEnabled bool: Indicates if risk resources are ignored.
IgnoredRiskResources List<string>: List of ignored risk resources.
IgnoredSensitiveResources List<string>
Images List<string>: List of images.
KubeCisEnabled bool: Performs a Kubernetes CIS benchmark check for the host.
KubernetesControls Pulumiverse.Aquasec.Inputs.ImageAssurancePolicyKubernetesControls: List of Kubernetes controls.
KubernetesControlsAvdIds List<string>
KubernetesControlsNames List<string>
Labels List<string>: List of labels.
Lastupdate string
LinuxCisEnabled bool
MalwareAction string
MaximumScore double: Value of allowed maximum score.
MaximumScoreEnabled bool: Indicates if exceeding the maximum score is scanned.
MaximumScoreExcludeNoFix bool
MonitoredMalwarePaths List<string>
Name string
OnlyNoneRootUsers bool: Indicates if raise a warning for images that should only be run as root.
OpenshiftHardeningEnabled bool
PackagesBlackListEnabled bool: Indicates if packages blacklist is relevant.
PackagesBlackLists List<Pulumiverse.Aquasec.Inputs.ImageAssurancePolicyPackagesBlackList>: List of blacklisted images.
PackagesWhiteListEnabled bool: Indicates if packages whitelist is relevant.
PackagesWhiteLists List<Pulumiverse.Aquasec.Inputs.ImageAssurancePolicyPackagesWhiteList>: List of whitelisted images.
PartialResultsImageFail bool
Permission string
PolicySettings Pulumiverse.Aquasec.Inputs.ImageAssurancePolicyPolicySettings
ReadOnly bool
Registries List<string>: List of registries.
Registry string
RequiredLabels List<Pulumiverse.Aquasec.Inputs.ImageAssurancePolicyRequiredLabel>
RequiredLabelsEnabled bool
ScanMalwareInArchives bool
ScanNfsMounts bool
ScanProcessMemory bool
ScanSensitiveData bool: Indicates if scan should include sensitive data in the image.
ScanWindowsRegistry bool
ScapEnabled bool: Indicates if scanning should include scap.
ScapFiles List<string>: List of SCAP user scripts for checks.
Scopes List<Pulumiverse.Aquasec.Inputs.ImageAssurancePolicyScope>
TrustedBaseImages List<Pulumiverse.Aquasec.Inputs.ImageAssurancePolicyTrustedBaseImage>: List of trusted images.
TrustedBaseImagesEnabled bool: Indicates if list of trusted base images is relevant.
VulnerabilityExploitability bool
VulnerabilityScoreRanges List<int>
WhitelistedLicenses List<string>: List of whitelisted licenses.
WhitelistedLicensesEnabled bool: Indicates if license blacklist is relevant.

AggregatedVulnerability map[string]string: Aggregated vulnerability information.
AllowedImages []string: List of explicitly allowed images.
ApplicationScopes []string
AssuranceType string: What type of assurance policy is described.
AuditOnFailure bool: Indicates if auditing for failures.
Author string: Name of user account that created the policy.
AutoScanConfigured bool
AutoScanEnabled bool
AutoScanTimes []ImageAssurancePolicyAutoScanTimeArgs
BlacklistPermissions []string: List of function's forbidden permissions.
BlacklistPermissionsEnabled bool: Indicates if blacklist permissions is relevant.
BlacklistedLicenses []string: List of blacklisted licenses.
BlacklistedLicensesEnabled bool: Indicates if license blacklist is relevant.
BlockFailed bool: Indicates if failed images are blocked.
ControlExcludeNoFix bool
CustomChecks []ImageAssurancePolicyCustomCheckArgs: List of Custom user scripts for checks.
CustomChecksEnabled bool: Indicates if scanning should include custom checks.
CustomSeverity string
CustomSeverityEnabled bool
CvesBlackListEnabled bool: Indicates if CVEs blacklist is relevant.
CvesBlackLists []string: List of cves blacklisted items.
CvesWhiteListEnabled bool: Indicates if cves whitelist is relevant.
CvesWhiteLists []string: List of cves whitelisted licenses
CvssSeverity string: Identifier of the cvss severity. Only applied if cvss_severity_enabled is set to true. Valid options: critical, high, medium, low.
CvssSeverityEnabled bool: Indicates if the cvss severity is scanned.
CvssSeverityExcludeNoFix bool: Indicates that policy should ignore cvss cases that do not have a known fix.
Description string
DisallowExploitTypes []string
DisallowMalware bool: Indicates if malware should block the image.
DockerCisEnabled bool: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
Domain string: Name of the container image.
DomainName string
DtaEnabled bool
DtaSeverity string
Enabled bool
Enforce bool
EnforceAfterDays int
EnforceExcessivePermissions bool
ExceptionalMonitoredMalwarePaths []string
ExcludeApplicationScopes []string
FailCicd bool: Indicates if cicd failures will fail the image.
ForbiddenLabels []ImageAssurancePolicyForbiddenLabelArgs
ForbiddenLabelsEnabled bool
ForceMicroenforcer bool
FunctionIntegrityEnabled bool
IgnoreBaseImageVln bool
IgnoreRecentlyPublishedVln bool
IgnoreRecentlyPublishedVlnPeriod int
IgnoreRiskResourcesEnabled bool: Indicates if risk resources are ignored.
IgnoredRiskResources []string: List of ignored risk resources.
IgnoredSensitiveResources []string
Images []string: List of images.
KubeCisEnabled bool: Performs a Kubernetes CIS benchmark check for the host.
KubernetesControls ImageAssurancePolicyKubernetesControlsArgs: List of Kubernetes controls.
KubernetesControlsAvdIds []string
KubernetesControlsNames []string
Labels []string: List of labels.
Lastupdate string
LinuxCisEnabled bool
MalwareAction string
MaximumScore float64: Value of allowed maximum score.
MaximumScoreEnabled bool: Indicates if exceeding the maximum score is scanned.
MaximumScoreExcludeNoFix bool
MonitoredMalwarePaths []string
Name string
OnlyNoneRootUsers bool: Indicates if raise a warning for images that should only be run as root.
OpenshiftHardeningEnabled bool
PackagesBlackListEnabled bool: Indicates if packages blacklist is relevant.
PackagesBlackLists []ImageAssurancePolicyPackagesBlackListArgs: List of blacklisted images.
PackagesWhiteListEnabled bool: Indicates if packages whitelist is relevant.
PackagesWhiteLists []ImageAssurancePolicyPackagesWhiteListArgs: List of whitelisted images.
PartialResultsImageFail bool
Permission string
PolicySettings ImageAssurancePolicyPolicySettingsArgs
ReadOnly bool
Registries []string: List of registries.
Registry string
RequiredLabels []ImageAssurancePolicyRequiredLabelArgs
RequiredLabelsEnabled bool
ScanMalwareInArchives bool
ScanNfsMounts bool
ScanProcessMemory bool
ScanSensitiveData bool: Indicates if scan should include sensitive data in the image.
ScanWindowsRegistry bool
ScapEnabled bool: Indicates if scanning should include scap.
ScapFiles []string: List of SCAP user scripts for checks.
Scopes []ImageAssurancePolicyScopeArgs
TrustedBaseImages []ImageAssurancePolicyTrustedBaseImageArgs: List of trusted images.
TrustedBaseImagesEnabled bool: Indicates if list of trusted base images is relevant.
VulnerabilityExploitability bool
VulnerabilityScoreRanges []int
WhitelistedLicenses []string: List of whitelisted licenses.
WhitelistedLicensesEnabled bool: Indicates if license blacklist is relevant.

aggregatedVulnerability Map<String,String>: Aggregated vulnerability information.
allowedImages List<String>: List of explicitly allowed images.
applicationScopes List<String>
assuranceType String: What type of assurance policy is described.
auditOnFailure Boolean: Indicates if auditing for failures.
author String: Name of user account that created the policy.
autoScanConfigured Boolean
autoScanEnabled Boolean
autoScanTimes List<ImageAssurancePolicyAutoScanTime>
blacklistPermissions List<String>: List of function's forbidden permissions.
blacklistPermissionsEnabled Boolean: Indicates if blacklist permissions is relevant.
blacklistedLicenses List<String>: List of blacklisted licenses.
blacklistedLicensesEnabled Boolean: Indicates if license blacklist is relevant.
blockFailed Boolean: Indicates if failed images are blocked.
controlExcludeNoFix Boolean
customChecks List<ImageAssurancePolicyCustomCheck>: List of Custom user scripts for checks.
customChecksEnabled Boolean: Indicates if scanning should include custom checks.
customSeverity String
customSeverityEnabled Boolean
cvesBlackListEnabled Boolean: Indicates if CVEs blacklist is relevant.
cvesBlackLists List<String>: List of cves blacklisted items.
cvesWhiteListEnabled Boolean: Indicates if cves whitelist is relevant.
cvesWhiteLists List<String>: List of cves whitelisted licenses
cvssSeverity String: Identifier of the cvss severity. Only applied if cvss_severity_enabled is set to true. Valid options: critical, high, medium, low.
cvssSeverityEnabled Boolean: Indicates if the cvss severity is scanned.
cvssSeverityExcludeNoFix Boolean: Indicates that policy should ignore cvss cases that do not have a known fix.
description String
disallowExploitTypes List<String>
disallowMalware Boolean: Indicates if malware should block the image.
dockerCisEnabled Boolean: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain String: Name of the container image.
domainName String
dtaEnabled Boolean
dtaSeverity String
enabled Boolean
enforce Boolean
enforceAfterDays Integer
enforceExcessivePermissions Boolean
exceptionalMonitoredMalwarePaths List<String>
excludeApplicationScopes List<String>
failCicd Boolean: Indicates if cicd failures will fail the image.
forbiddenLabels List<ImageAssurancePolicyForbiddenLabel>
forbiddenLabelsEnabled Boolean
forceMicroenforcer Boolean
functionIntegrityEnabled Boolean
ignoreBaseImageVln Boolean
ignoreRecentlyPublishedVln Boolean
ignoreRecentlyPublishedVlnPeriod Integer
ignoreRiskResourcesEnabled Boolean: Indicates if risk resources are ignored.
ignoredRiskResources List<String>: List of ignored risk resources.
ignoredSensitiveResources List<String>
images List<String>: List of images.
kubeCisEnabled Boolean: Performs a Kubernetes CIS benchmark check for the host.
kubernetesControls ImageAssurancePolicyKubernetesControls: List of Kubernetes controls.
kubernetesControlsAvdIds List<String>
kubernetesControlsNames List<String>
labels List<String>: List of labels.
lastupdate String
linuxCisEnabled Boolean
malwareAction String
maximumScore Double: Value of allowed maximum score.
maximumScoreEnabled Boolean: Indicates if exceeding the maximum score is scanned.
maximumScoreExcludeNoFix Boolean
monitoredMalwarePaths List<String>
name String
onlyNoneRootUsers Boolean: Indicates if raise a warning for images that should only be run as root.
openshiftHardeningEnabled Boolean
packagesBlackListEnabled Boolean: Indicates if packages blacklist is relevant.
packagesBlackLists List<ImageAssurancePolicyPackagesBlackList>: List of blacklisted images.
packagesWhiteListEnabled Boolean: Indicates if packages whitelist is relevant.
packagesWhiteLists List<ImageAssurancePolicyPackagesWhiteList>: List of whitelisted images.
partialResultsImageFail Boolean
permission String
policySettings ImageAssurancePolicyPolicySettings
readOnly Boolean
registries List<String>: List of registries.
registry String
requiredLabels List<ImageAssurancePolicyRequiredLabel>
requiredLabelsEnabled Boolean
scanMalwareInArchives Boolean
scanNfsMounts Boolean
scanProcessMemory Boolean
scanSensitiveData Boolean: Indicates if scan should include sensitive data in the image.
scanWindowsRegistry Boolean
scapEnabled Boolean: Indicates if scanning should include scap.
scapFiles List<String>: List of SCAP user scripts for checks.
scopes List<ImageAssurancePolicyScope>
trustedBaseImages List<ImageAssurancePolicyTrustedBaseImage>: List of trusted images.
trustedBaseImagesEnabled Boolean: Indicates if list of trusted base images is relevant.
vulnerabilityExploitability Boolean
vulnerabilityScoreRanges List<Integer>
whitelistedLicenses List<String>: List of whitelisted licenses.
whitelistedLicensesEnabled Boolean: Indicates if license blacklist is relevant.

aggregatedVulnerability {[key: string]: string}: Aggregated vulnerability information.
allowedImages string[]: List of explicitly allowed images.
applicationScopes string[]
assuranceType string: What type of assurance policy is described.
auditOnFailure boolean: Indicates if auditing for failures.
author string: Name of user account that created the policy.
autoScanConfigured boolean
autoScanEnabled boolean
autoScanTimes ImageAssurancePolicyAutoScanTime[]
blacklistPermissions string[]: List of function's forbidden permissions.
blacklistPermissionsEnabled boolean: Indicates if blacklist permissions is relevant.
blacklistedLicenses string[]: List of blacklisted licenses.
blacklistedLicensesEnabled boolean: Indicates if license blacklist is relevant.
blockFailed boolean: Indicates if failed images are blocked.
controlExcludeNoFix boolean
customChecks ImageAssurancePolicyCustomCheck[]: List of Custom user scripts for checks.
customChecksEnabled boolean: Indicates if scanning should include custom checks.
customSeverity string
customSeverityEnabled boolean
cvesBlackListEnabled boolean: Indicates if CVEs blacklist is relevant.
cvesBlackLists string[]: List of cves blacklisted items.
cvesWhiteListEnabled boolean: Indicates if cves whitelist is relevant.
cvesWhiteLists string[]: List of cves whitelisted licenses
cvssSeverity string: Identifier of the cvss severity. Only applied if cvss_severity_enabled is set to true. Valid options: critical, high, medium, low.
cvssSeverityEnabled boolean: Indicates if the cvss severity is scanned.
cvssSeverityExcludeNoFix boolean: Indicates that policy should ignore cvss cases that do not have a known fix.
description string
disallowExploitTypes string[]
disallowMalware boolean: Indicates if malware should block the image.
dockerCisEnabled boolean: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain string: Name of the container image.
domainName string
dtaEnabled boolean
dtaSeverity string
enabled boolean
enforce boolean
enforceAfterDays number
enforceExcessivePermissions boolean
exceptionalMonitoredMalwarePaths string[]
excludeApplicationScopes string[]
failCicd boolean: Indicates if cicd failures will fail the image.
forbiddenLabels ImageAssurancePolicyForbiddenLabel[]
forbiddenLabelsEnabled boolean
forceMicroenforcer boolean
functionIntegrityEnabled boolean
ignoreBaseImageVln boolean
ignoreRecentlyPublishedVln boolean
ignoreRecentlyPublishedVlnPeriod number
ignoreRiskResourcesEnabled boolean: Indicates if risk resources are ignored.
ignoredRiskResources string[]: List of ignored risk resources.
ignoredSensitiveResources string[]
images string[]: List of images.
kubeCisEnabled boolean: Performs a Kubernetes CIS benchmark check for the host.
kubernetesControls ImageAssurancePolicyKubernetesControls: List of Kubernetes controls.
kubernetesControlsAvdIds string[]
kubernetesControlsNames string[]
labels string[]: List of labels.
lastupdate string
linuxCisEnabled boolean
malwareAction string
maximumScore number: Value of allowed maximum score.
maximumScoreEnabled boolean: Indicates if exceeding the maximum score is scanned.
maximumScoreExcludeNoFix boolean
monitoredMalwarePaths string[]
name string
onlyNoneRootUsers boolean: Indicates if raise a warning for images that should only be run as root.
openshiftHardeningEnabled boolean
packagesBlackListEnabled boolean: Indicates if packages blacklist is relevant.
packagesBlackLists ImageAssurancePolicyPackagesBlackList[]: List of blacklisted images.
packagesWhiteListEnabled boolean: Indicates if packages whitelist is relevant.
packagesWhiteLists ImageAssurancePolicyPackagesWhiteList[]: List of whitelisted images.
partialResultsImageFail boolean
permission string
policySettings ImageAssurancePolicyPolicySettings
readOnly boolean
registries string[]: List of registries.
registry string
requiredLabels ImageAssurancePolicyRequiredLabel[]
requiredLabelsEnabled boolean
scanMalwareInArchives boolean
scanNfsMounts boolean
scanProcessMemory boolean
scanSensitiveData boolean: Indicates if scan should include sensitive data in the image.
scanWindowsRegistry boolean
scapEnabled boolean: Indicates if scanning should include scap.
scapFiles string[]: List of SCAP user scripts for checks.
scopes ImageAssurancePolicyScope[]
trustedBaseImages ImageAssurancePolicyTrustedBaseImage[]: List of trusted images.
trustedBaseImagesEnabled boolean: Indicates if list of trusted base images is relevant.
vulnerabilityExploitability boolean
vulnerabilityScoreRanges number[]
whitelistedLicenses string[]: List of whitelisted licenses.
whitelistedLicensesEnabled boolean: Indicates if license blacklist is relevant.

aggregated_vulnerability Mapping[str, str]: Aggregated vulnerability information.
allowed_images Sequence[str]: List of explicitly allowed images.
application_scopes Sequence[str]
assurance_type str: What type of assurance policy is described.
audit_on_failure bool: Indicates if auditing for failures.
author str: Name of user account that created the policy.
auto_scan_configured bool
auto_scan_enabled bool
auto_scan_times Sequence[ImageAssurancePolicyAutoScanTimeArgs]
blacklist_permissions Sequence[str]: List of function's forbidden permissions.
blacklist_permissions_enabled bool: Indicates if blacklist permissions is relevant.
blacklisted_licenses Sequence[str]: List of blacklisted licenses.
blacklisted_licenses_enabled bool: Indicates if license blacklist is relevant.
block_failed bool: Indicates if failed images are blocked.
control_exclude_no_fix bool
custom_checks Sequence[ImageAssurancePolicyCustomCheckArgs]: List of Custom user scripts for checks.
custom_checks_enabled bool: Indicates if scanning should include custom checks.
custom_severity str
custom_severity_enabled bool
cves_black_list_enabled bool: Indicates if CVEs blacklist is relevant.
cves_black_lists Sequence[str]: List of cves blacklisted items.
cves_white_list_enabled bool: Indicates if cves whitelist is relevant.
cves_white_lists Sequence[str]: List of cves whitelisted licenses
cvss_severity str: Identifier of the cvss severity. Only applied if cvss_severity_enabled is set to true. Valid options: critical, high, medium, low.
cvss_severity_enabled bool: Indicates if the cvss severity is scanned.
cvss_severity_exclude_no_fix bool: Indicates that policy should ignore cvss cases that do not have a known fix.
description str
disallow_exploit_types Sequence[str]
disallow_malware bool: Indicates if malware should block the image.
docker_cis_enabled bool: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain str: Name of the container image.
domain_name str
dta_enabled bool
dta_severity str
enabled bool
enforce bool
enforce_after_days int
enforce_excessive_permissions bool
exceptional_monitored_malware_paths Sequence[str]
exclude_application_scopes Sequence[str]
fail_cicd bool: Indicates if cicd failures will fail the image.
forbidden_labels Sequence[ImageAssurancePolicyForbiddenLabelArgs]
forbidden_labels_enabled bool
force_microenforcer bool
function_integrity_enabled bool
ignore_base_image_vln bool
ignore_recently_published_vln bool
ignore_recently_published_vln_period int
ignore_risk_resources_enabled bool: Indicates if risk resources are ignored.
ignored_risk_resources Sequence[str]: List of ignored risk resources.
ignored_sensitive_resources Sequence[str]
images Sequence[str]: List of images.
kube_cis_enabled bool: Performs a Kubernetes CIS benchmark check for the host.
kubernetes_controls ImageAssurancePolicyKubernetesControlsArgs: List of Kubernetes controls.
kubernetes_controls_avd_ids Sequence[str]
kubernetes_controls_names Sequence[str]
labels Sequence[str]: List of labels.
lastupdate str
linux_cis_enabled bool
malware_action str
maximum_score float: Value of allowed maximum score.
maximum_score_enabled bool: Indicates if exceeding the maximum score is scanned.
maximum_score_exclude_no_fix bool
monitored_malware_paths Sequence[str]
name str
only_none_root_users bool: Indicates if raise a warning for images that should only be run as root.
openshift_hardening_enabled bool
packages_black_list_enabled bool: Indicates if packages blacklist is relevant.
packages_black_lists Sequence[ImageAssurancePolicyPackagesBlackListArgs]: List of blacklisted images.
packages_white_list_enabled bool: Indicates if packages whitelist is relevant.
packages_white_lists Sequence[ImageAssurancePolicyPackagesWhiteListArgs]: List of whitelisted images.
partial_results_image_fail bool
permission str
policy_settings ImageAssurancePolicyPolicySettingsArgs
read_only bool
registries Sequence[str]: List of registries.
registry str
required_labels Sequence[ImageAssurancePolicyRequiredLabelArgs]
required_labels_enabled bool
scan_malware_in_archives bool
scan_nfs_mounts bool
scan_process_memory bool
scan_sensitive_data bool: Indicates if scan should include sensitive data in the image.
scan_windows_registry bool
scap_enabled bool: Indicates if scanning should include scap.
scap_files Sequence[str]: List of SCAP user scripts for checks.
scopes Sequence[ImageAssurancePolicyScopeArgs]
trusted_base_images Sequence[ImageAssurancePolicyTrustedBaseImageArgs]: List of trusted images.
trusted_base_images_enabled bool: Indicates if list of trusted base images is relevant.
vulnerability_exploitability bool
vulnerability_score_ranges Sequence[int]
whitelisted_licenses Sequence[str]: List of whitelisted licenses.
whitelisted_licenses_enabled bool: Indicates if license blacklist is relevant.

aggregatedVulnerability Map<String>: Aggregated vulnerability information.
allowedImages List<String>: List of explicitly allowed images.
applicationScopes List<String>
assuranceType String: What type of assurance policy is described.
auditOnFailure Boolean: Indicates if auditing for failures.
author String: Name of user account that created the policy.
autoScanConfigured Boolean
autoScanEnabled Boolean
autoScanTimes List<Property Map>
blacklistPermissions List<String>: List of function's forbidden permissions.
blacklistPermissionsEnabled Boolean: Indicates if blacklist permissions is relevant.
blacklistedLicenses List<String>: List of blacklisted licenses.
blacklistedLicensesEnabled Boolean: Indicates if license blacklist is relevant.
blockFailed Boolean: Indicates if failed images are blocked.
controlExcludeNoFix Boolean
customChecks List<Property Map>: List of Custom user scripts for checks.
customChecksEnabled Boolean: Indicates if scanning should include custom checks.
customSeverity String
customSeverityEnabled Boolean
cvesBlackListEnabled Boolean: Indicates if CVEs blacklist is relevant.
cvesBlackLists List<String>: List of cves blacklisted items.
cvesWhiteListEnabled Boolean: Indicates if cves whitelist is relevant.
cvesWhiteLists List<String>: List of cves whitelisted licenses
cvssSeverity String: Identifier of the cvss severity. Only applied if cvss_severity_enabled is set to true. Valid options: critical, high, medium, low.
cvssSeverityEnabled Boolean: Indicates if the cvss severity is scanned.
cvssSeverityExcludeNoFix Boolean: Indicates that policy should ignore cvss cases that do not have a known fix.
description String
disallowExploitTypes List<String>
disallowMalware Boolean: Indicates if malware should block the image.
dockerCisEnabled Boolean: Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain String: Name of the container image.
domainName String
dtaEnabled Boolean
dtaSeverity String
enabled Boolean
enforce Boolean
enforceAfterDays Number
enforceExcessivePermissions Boolean
exceptionalMonitoredMalwarePaths List<String>
excludeApplicationScopes List<String>
failCicd Boolean: Indicates if cicd failures will fail the image.
forbiddenLabels List<Property Map>
forbiddenLabelsEnabled Boolean
forceMicroenforcer Boolean
functionIntegrityEnabled Boolean
ignoreBaseImageVln Boolean
ignoreRecentlyPublishedVln Boolean
ignoreRecentlyPublishedVlnPeriod Number
ignoreRiskResourcesEnabled Boolean: Indicates if risk resources are ignored.
ignoredRiskResources List<String>: List of ignored risk resources.
ignoredSensitiveResources List<String>
images List<String>: List of images.
kubeCisEnabled Boolean: Performs a Kubernetes CIS benchmark check for the host.
kubernetesControls Property Map: List of Kubernetes controls.
kubernetesControlsAvdIds List<String>
kubernetesControlsNames List<String>
labels List<String>: List of labels.
lastupdate String
linuxCisEnabled Boolean
malwareAction String
maximumScore Number: Value of allowed maximum score.
maximumScoreEnabled Boolean: Indicates if exceeding the maximum score is scanned.
maximumScoreExcludeNoFix Boolean
monitoredMalwarePaths List<String>
name String
onlyNoneRootUsers Boolean: Indicates if raise a warning for images that should only be run as root.
openshiftHardeningEnabled Boolean
packagesBlackListEnabled Boolean: Indicates if packages blacklist is relevant.
packagesBlackLists List<Property Map>: List of blacklisted images.
packagesWhiteListEnabled Boolean: Indicates if packages whitelist is relevant.
packagesWhiteLists List<Property Map>: List of whitelisted images.
partialResultsImageFail Boolean
permission String
policySettings Property Map
readOnly Boolean
registries List<String>: List of registries.
registry String
requiredLabels List<Property Map>
requiredLabelsEnabled Boolean
scanMalwareInArchives Boolean
scanNfsMounts Boolean
scanProcessMemory Boolean
scanSensitiveData Boolean: Indicates if scan should include sensitive data in the image.
scanWindowsRegistry Boolean
scapEnabled Boolean: Indicates if scanning should include scap.
scapFiles List<String>: List of SCAP user scripts for checks.
scopes List<Property Map>
trustedBaseImages List<Property Map>: List of trusted images.
trustedBaseImagesEnabled Boolean: Indicates if list of trusted base images is relevant.
vulnerabilityExploitability Boolean
vulnerabilityScoreRanges List<Number>
whitelistedLicenses List<String>: List of whitelisted licenses.
whitelistedLicensesEnabled Boolean: Indicates if license blacklist is relevant.