1. Packages
  2. Aquasec
  3. API Docs
  4. HostAssurancePolicy
Aquasec v0.8.29 published on Monday, Jul 22, 2024 by Pulumiverse

aquasec.HostAssurancePolicy

Explore with Pulumi AI

Host Assurance is a subsystem of Aqua. It is responsible for: Scans host VMs and Kubernetes nodes’ file system for security issues, vulnerabilities in OS and programming language packages, open-source licenses, and compliance with CIS benchmarks. Evaluates scan findings according to defined Host Assurance Policies. Determines host compliance based on these policies. Generates an audit event for host assurance failure.

Create HostAssurancePolicy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new HostAssurancePolicy(name: string, args: HostAssurancePolicyArgs, opts?: CustomResourceOptions);
@overload
def HostAssurancePolicy(resource_name: str,
                        args: HostAssurancePolicyArgs,
                        opts: Optional[ResourceOptions] = None)

@overload
def HostAssurancePolicy(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        application_scopes: Optional[Sequence[str]] = None,
                        aggregated_vulnerability: Optional[Mapping[str, str]] = None,
                        allowed_images: Optional[Sequence[str]] = None,
                        assurance_type: Optional[str] = None,
                        audit_on_failure: Optional[bool] = None,
                        author: Optional[str] = None,
                        auto_scan_configured: Optional[bool] = None,
                        auto_scan_enabled: Optional[bool] = None,
                        auto_scan_times: Optional[Sequence[HostAssurancePolicyAutoScanTimeArgs]] = None,
                        blacklist_permissions: Optional[Sequence[str]] = None,
                        blacklist_permissions_enabled: Optional[bool] = None,
                        blacklisted_licenses: Optional[Sequence[str]] = None,
                        blacklisted_licenses_enabled: Optional[bool] = None,
                        block_failed: Optional[bool] = None,
                        control_exclude_no_fix: Optional[bool] = None,
                        custom_checks: Optional[Sequence[HostAssurancePolicyCustomCheckArgs]] = None,
                        custom_checks_enabled: Optional[bool] = None,
                        custom_severity: Optional[str] = None,
                        custom_severity_enabled: Optional[bool] = None,
                        cves_black_list_enabled: Optional[bool] = None,
                        cves_black_lists: Optional[Sequence[str]] = None,
                        cves_white_list_enabled: Optional[bool] = None,
                        cves_white_lists: Optional[Sequence[str]] = None,
                        cvss_severity: Optional[str] = None,
                        cvss_severity_enabled: Optional[bool] = None,
                        cvss_severity_exclude_no_fix: Optional[bool] = None,
                        description: Optional[str] = None,
                        disallow_exploit_types: Optional[Sequence[str]] = None,
                        disallow_malware: Optional[bool] = None,
                        docker_cis_enabled: Optional[bool] = None,
                        domain: Optional[str] = None,
                        domain_name: Optional[str] = None,
                        dta_enabled: Optional[bool] = None,
                        dta_severity: Optional[str] = None,
                        enabled: Optional[bool] = None,
                        enforce: Optional[bool] = None,
                        enforce_after_days: Optional[int] = None,
                        enforce_excessive_permissions: Optional[bool] = None,
                        exceptional_monitored_malware_paths: Optional[Sequence[str]] = None,
                        exclude_application_scopes: Optional[Sequence[str]] = None,
                        fail_cicd: Optional[bool] = None,
                        forbidden_labels: Optional[Sequence[HostAssurancePolicyForbiddenLabelArgs]] = None,
                        forbidden_labels_enabled: Optional[bool] = None,
                        force_microenforcer: Optional[bool] = None,
                        function_integrity_enabled: Optional[bool] = None,
                        ignore_base_image_vln: Optional[bool] = None,
                        ignore_recently_published_vln: Optional[bool] = None,
                        ignore_recently_published_vln_period: Optional[int] = None,
                        ignore_risk_resources_enabled: Optional[bool] = None,
                        ignored_risk_resources: Optional[Sequence[str]] = None,
                        ignored_sensitive_resources: Optional[Sequence[str]] = None,
                        images: Optional[Sequence[str]] = None,
                        kube_cis_enabled: Optional[bool] = None,
                        kubernetes_controls: Optional[Sequence[str]] = None,
                        kubernetes_controls_avd_ids: Optional[Sequence[str]] = None,
                        kubernetes_controls_names: Optional[Sequence[str]] = None,
                        labels: Optional[Sequence[str]] = None,
                        lastupdate: Optional[str] = None,
                        linux_cis_enabled: Optional[bool] = None,
                        malware_action: Optional[str] = None,
                        maximum_score: Optional[float] = None,
                        maximum_score_enabled: Optional[bool] = None,
                        maximum_score_exclude_no_fix: Optional[bool] = None,
                        monitored_malware_paths: Optional[Sequence[str]] = None,
                        name: Optional[str] = None,
                        only_none_root_users: Optional[bool] = None,
                        openshift_hardening_enabled: Optional[bool] = None,
                        packages_black_list_enabled: Optional[bool] = None,
                        packages_black_lists: Optional[Sequence[HostAssurancePolicyPackagesBlackListArgs]] = None,
                        packages_white_list_enabled: Optional[bool] = None,
                        packages_white_lists: Optional[Sequence[HostAssurancePolicyPackagesWhiteListArgs]] = None,
                        partial_results_image_fail: Optional[bool] = None,
                        permission: Optional[str] = None,
                        policy_settings: Optional[HostAssurancePolicyPolicySettingsArgs] = None,
                        read_only: Optional[bool] = None,
                        registries: Optional[Sequence[str]] = None,
                        registry: Optional[str] = None,
                        required_labels: Optional[Sequence[HostAssurancePolicyRequiredLabelArgs]] = None,
                        required_labels_enabled: Optional[bool] = None,
                        scan_malware_in_archives: Optional[bool] = None,
                        scan_nfs_mounts: Optional[bool] = None,
                        scan_process_memory: Optional[bool] = None,
                        scan_sensitive_data: Optional[bool] = None,
                        scan_windows_registry: Optional[bool] = None,
                        scap_enabled: Optional[bool] = None,
                        scap_files: Optional[Sequence[str]] = None,
                        scopes: Optional[Sequence[HostAssurancePolicyScopeArgs]] = None,
                        trusted_base_images: Optional[Sequence[HostAssurancePolicyTrustedBaseImageArgs]] = None,
                        trusted_base_images_enabled: Optional[bool] = None,
                        vulnerability_exploitability: Optional[bool] = None,
                        vulnerability_score_ranges: Optional[Sequence[int]] = None,
                        whitelisted_licenses: Optional[Sequence[str]] = None,
                        whitelisted_licenses_enabled: Optional[bool] = None,
                        windows_cis_enabled: Optional[bool] = None)
func NewHostAssurancePolicy(ctx *Context, name string, args HostAssurancePolicyArgs, opts ...ResourceOption) (*HostAssurancePolicy, error)
public HostAssurancePolicy(string name, HostAssurancePolicyArgs args, CustomResourceOptions? opts = null)
public HostAssurancePolicy(String name, HostAssurancePolicyArgs args)
public HostAssurancePolicy(String name, HostAssurancePolicyArgs args, CustomResourceOptions options)
type: aquasec:HostAssurancePolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. HostAssurancePolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. HostAssurancePolicyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. HostAssurancePolicyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. HostAssurancePolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. HostAssurancePolicyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var hostAssurancePolicyResource = new Aquasec.HostAssurancePolicy("hostAssurancePolicyResource", new()
{
    ApplicationScopes = new[]
    {
        "string",
    },
    AggregatedVulnerability = 
    {
        { "string", "string" },
    },
    AllowedImages = new[]
    {
        "string",
    },
    AssuranceType = "string",
    AuditOnFailure = false,
    Author = "string",
    AutoScanConfigured = false,
    AutoScanEnabled = false,
    AutoScanTimes = new[]
    {
        new Aquasec.Inputs.HostAssurancePolicyAutoScanTimeArgs
        {
            Iteration = 0,
            IterationType = "string",
            Time = "string",
            WeekDays = new[]
            {
                "string",
            },
        },
    },
    BlacklistPermissions = new[]
    {
        "string",
    },
    BlacklistPermissionsEnabled = false,
    BlacklistedLicenses = new[]
    {
        "string",
    },
    BlacklistedLicensesEnabled = false,
    BlockFailed = false,
    ControlExcludeNoFix = false,
    CustomChecks = new[]
    {
        new Aquasec.Inputs.HostAssurancePolicyCustomCheckArgs
        {
            Author = "string",
            Description = "string",
            Engine = "string",
            LastModified = 0,
            Name = "string",
            Path = "string",
            ReadOnly = false,
            ScriptId = "string",
            Severity = "string",
            Snippet = "string",
        },
    },
    CustomChecksEnabled = false,
    CustomSeverity = "string",
    CustomSeverityEnabled = false,
    CvesBlackListEnabled = false,
    CvesBlackLists = new[]
    {
        "string",
    },
    CvesWhiteListEnabled = false,
    CvesWhiteLists = new[]
    {
        "string",
    },
    CvssSeverity = "string",
    CvssSeverityEnabled = false,
    CvssSeverityExcludeNoFix = false,
    Description = "string",
    DisallowExploitTypes = new[]
    {
        "string",
    },
    DisallowMalware = false,
    DockerCisEnabled = false,
    Domain = "string",
    DomainName = "string",
    DtaEnabled = false,
    DtaSeverity = "string",
    Enabled = false,
    Enforce = false,
    EnforceAfterDays = 0,
    EnforceExcessivePermissions = false,
    ExceptionalMonitoredMalwarePaths = new[]
    {
        "string",
    },
    ExcludeApplicationScopes = new[]
    {
        "string",
    },
    FailCicd = false,
    ForbiddenLabels = new[]
    {
        new Aquasec.Inputs.HostAssurancePolicyForbiddenLabelArgs
        {
            Key = "string",
            Value = "string",
        },
    },
    ForbiddenLabelsEnabled = false,
    ForceMicroenforcer = false,
    FunctionIntegrityEnabled = false,
    IgnoreBaseImageVln = false,
    IgnoreRecentlyPublishedVln = false,
    IgnoreRecentlyPublishedVlnPeriod = 0,
    IgnoreRiskResourcesEnabled = false,
    IgnoredRiskResources = new[]
    {
        "string",
    },
    IgnoredSensitiveResources = new[]
    {
        "string",
    },
    Images = new[]
    {
        "string",
    },
    KubeCisEnabled = false,
    KubernetesControls = new[]
    {
        "string",
    },
    KubernetesControlsAvdIds = new[]
    {
        "string",
    },
    KubernetesControlsNames = new[]
    {
        "string",
    },
    Labels = new[]
    {
        "string",
    },
    Lastupdate = "string",
    LinuxCisEnabled = false,
    MalwareAction = "string",
    MaximumScore = 0,
    MaximumScoreEnabled = false,
    MaximumScoreExcludeNoFix = false,
    MonitoredMalwarePaths = new[]
    {
        "string",
    },
    Name = "string",
    OnlyNoneRootUsers = false,
    OpenshiftHardeningEnabled = false,
    PackagesBlackListEnabled = false,
    PackagesBlackLists = new[]
    {
        new Aquasec.Inputs.HostAssurancePolicyPackagesBlackListArgs
        {
            Arch = "string",
            Display = "string",
            Epoch = "string",
            Format = "string",
            License = "string",
            Name = "string",
            Release = "string",
            Version = "string",
            VersionRange = "string",
        },
    },
    PackagesWhiteListEnabled = false,
    PackagesWhiteLists = new[]
    {
        new Aquasec.Inputs.HostAssurancePolicyPackagesWhiteListArgs
        {
            Arch = "string",
            Display = "string",
            Epoch = "string",
            Format = "string",
            License = "string",
            Name = "string",
            Release = "string",
            Version = "string",
            VersionRange = "string",
        },
    },
    PartialResultsImageFail = false,
    Permission = "string",
    PolicySettings = new Aquasec.Inputs.HostAssurancePolicyPolicySettingsArgs
    {
        Enforce = false,
        IsAuditChecked = false,
        Warn = false,
        WarningMessage = "string",
    },
    ReadOnly = false,
    Registries = new[]
    {
        "string",
    },
    Registry = "string",
    RequiredLabels = new[]
    {
        new Aquasec.Inputs.HostAssurancePolicyRequiredLabelArgs
        {
            Key = "string",
            Value = "string",
        },
    },
    RequiredLabelsEnabled = false,
    ScanMalwareInArchives = false,
    ScanNfsMounts = false,
    ScanProcessMemory = false,
    ScanSensitiveData = false,
    ScanWindowsRegistry = false,
    ScapEnabled = false,
    ScapFiles = new[]
    {
        "string",
    },
    Scopes = new[]
    {
        new Aquasec.Inputs.HostAssurancePolicyScopeArgs
        {
            Expression = "string",
            Variables = new[]
            {
                new Aquasec.Inputs.HostAssurancePolicyScopeVariableArgs
                {
                    Attribute = "string",
                    Name = "string",
                    Value = "string",
                },
            },
        },
    },
    TrustedBaseImages = new[]
    {
        new Aquasec.Inputs.HostAssurancePolicyTrustedBaseImageArgs
        {
            Imagename = "string",
            Registry = "string",
        },
    },
    TrustedBaseImagesEnabled = false,
    VulnerabilityExploitability = false,
    VulnerabilityScoreRanges = new[]
    {
        0,
    },
    WhitelistedLicenses = new[]
    {
        "string",
    },
    WhitelistedLicensesEnabled = false,
    WindowsCisEnabled = false,
});
Copy
example, err := aquasec.NewHostAssurancePolicy(ctx, "hostAssurancePolicyResource", &aquasec.HostAssurancePolicyArgs{
	ApplicationScopes: pulumi.StringArray{
		pulumi.String("string"),
	},
	AggregatedVulnerability: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	AllowedImages: pulumi.StringArray{
		pulumi.String("string"),
	},
	AssuranceType:      pulumi.String("string"),
	AuditOnFailure:     pulumi.Bool(false),
	Author:             pulumi.String("string"),
	AutoScanConfigured: pulumi.Bool(false),
	AutoScanEnabled:    pulumi.Bool(false),
	AutoScanTimes: aquasec.HostAssurancePolicyAutoScanTimeArray{
		&aquasec.HostAssurancePolicyAutoScanTimeArgs{
			Iteration:     pulumi.Int(0),
			IterationType: pulumi.String("string"),
			Time:          pulumi.String("string"),
			WeekDays: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	BlacklistPermissions: pulumi.StringArray{
		pulumi.String("string"),
	},
	BlacklistPermissionsEnabled: pulumi.Bool(false),
	BlacklistedLicenses: pulumi.StringArray{
		pulumi.String("string"),
	},
	BlacklistedLicensesEnabled: pulumi.Bool(false),
	BlockFailed:                pulumi.Bool(false),
	ControlExcludeNoFix:        pulumi.Bool(false),
	CustomChecks: aquasec.HostAssurancePolicyCustomCheckArray{
		&aquasec.HostAssurancePolicyCustomCheckArgs{
			Author:       pulumi.String("string"),
			Description:  pulumi.String("string"),
			Engine:       pulumi.String("string"),
			LastModified: pulumi.Int(0),
			Name:         pulumi.String("string"),
			Path:         pulumi.String("string"),
			ReadOnly:     pulumi.Bool(false),
			ScriptId:     pulumi.String("string"),
			Severity:     pulumi.String("string"),
			Snippet:      pulumi.String("string"),
		},
	},
	CustomChecksEnabled:   pulumi.Bool(false),
	CustomSeverity:        pulumi.String("string"),
	CustomSeverityEnabled: pulumi.Bool(false),
	CvesBlackListEnabled:  pulumi.Bool(false),
	CvesBlackLists: pulumi.StringArray{
		pulumi.String("string"),
	},
	CvesWhiteListEnabled: pulumi.Bool(false),
	CvesWhiteLists: pulumi.StringArray{
		pulumi.String("string"),
	},
	CvssSeverity:             pulumi.String("string"),
	CvssSeverityEnabled:      pulumi.Bool(false),
	CvssSeverityExcludeNoFix: pulumi.Bool(false),
	Description:              pulumi.String("string"),
	DisallowExploitTypes: pulumi.StringArray{
		pulumi.String("string"),
	},
	DisallowMalware:             pulumi.Bool(false),
	DockerCisEnabled:            pulumi.Bool(false),
	Domain:                      pulumi.String("string"),
	DomainName:                  pulumi.String("string"),
	DtaEnabled:                  pulumi.Bool(false),
	DtaSeverity:                 pulumi.String("string"),
	Enabled:                     pulumi.Bool(false),
	Enforce:                     pulumi.Bool(false),
	EnforceAfterDays:            pulumi.Int(0),
	EnforceExcessivePermissions: pulumi.Bool(false),
	ExceptionalMonitoredMalwarePaths: pulumi.StringArray{
		pulumi.String("string"),
	},
	ExcludeApplicationScopes: pulumi.StringArray{
		pulumi.String("string"),
	},
	FailCicd: pulumi.Bool(false),
	ForbiddenLabels: aquasec.HostAssurancePolicyForbiddenLabelArray{
		&aquasec.HostAssurancePolicyForbiddenLabelArgs{
			Key:   pulumi.String("string"),
			Value: pulumi.String("string"),
		},
	},
	ForbiddenLabelsEnabled:           pulumi.Bool(false),
	ForceMicroenforcer:               pulumi.Bool(false),
	FunctionIntegrityEnabled:         pulumi.Bool(false),
	IgnoreBaseImageVln:               pulumi.Bool(false),
	IgnoreRecentlyPublishedVln:       pulumi.Bool(false),
	IgnoreRecentlyPublishedVlnPeriod: pulumi.Int(0),
	IgnoreRiskResourcesEnabled:       pulumi.Bool(false),
	IgnoredRiskResources: pulumi.StringArray{
		pulumi.String("string"),
	},
	IgnoredSensitiveResources: pulumi.StringArray{
		pulumi.String("string"),
	},
	Images: pulumi.StringArray{
		pulumi.String("string"),
	},
	KubeCisEnabled: pulumi.Bool(false),
	KubernetesControls: pulumi.StringArray{
		pulumi.String("string"),
	},
	KubernetesControlsAvdIds: pulumi.StringArray{
		pulumi.String("string"),
	},
	KubernetesControlsNames: pulumi.StringArray{
		pulumi.String("string"),
	},
	Labels: pulumi.StringArray{
		pulumi.String("string"),
	},
	Lastupdate:               pulumi.String("string"),
	LinuxCisEnabled:          pulumi.Bool(false),
	MalwareAction:            pulumi.String("string"),
	MaximumScore:             pulumi.Float64(0),
	MaximumScoreEnabled:      pulumi.Bool(false),
	MaximumScoreExcludeNoFix: pulumi.Bool(false),
	MonitoredMalwarePaths: pulumi.StringArray{
		pulumi.String("string"),
	},
	Name:                      pulumi.String("string"),
	OnlyNoneRootUsers:         pulumi.Bool(false),
	OpenshiftHardeningEnabled: pulumi.Bool(false),
	PackagesBlackListEnabled:  pulumi.Bool(false),
	PackagesBlackLists: aquasec.HostAssurancePolicyPackagesBlackListArray{
		&aquasec.HostAssurancePolicyPackagesBlackListArgs{
			Arch:         pulumi.String("string"),
			Display:      pulumi.String("string"),
			Epoch:        pulumi.String("string"),
			Format:       pulumi.String("string"),
			License:      pulumi.String("string"),
			Name:         pulumi.String("string"),
			Release:      pulumi.String("string"),
			Version:      pulumi.String("string"),
			VersionRange: pulumi.String("string"),
		},
	},
	PackagesWhiteListEnabled: pulumi.Bool(false),
	PackagesWhiteLists: aquasec.HostAssurancePolicyPackagesWhiteListArray{
		&aquasec.HostAssurancePolicyPackagesWhiteListArgs{
			Arch:         pulumi.String("string"),
			Display:      pulumi.String("string"),
			Epoch:        pulumi.String("string"),
			Format:       pulumi.String("string"),
			License:      pulumi.String("string"),
			Name:         pulumi.String("string"),
			Release:      pulumi.String("string"),
			Version:      pulumi.String("string"),
			VersionRange: pulumi.String("string"),
		},
	},
	PartialResultsImageFail: pulumi.Bool(false),
	Permission:              pulumi.String("string"),
	PolicySettings: &aquasec.HostAssurancePolicyPolicySettingsArgs{
		Enforce:        pulumi.Bool(false),
		IsAuditChecked: pulumi.Bool(false),
		Warn:           pulumi.Bool(false),
		WarningMessage: pulumi.String("string"),
	},
	ReadOnly: pulumi.Bool(false),
	Registries: pulumi.StringArray{
		pulumi.String("string"),
	},
	Registry: pulumi.String("string"),
	RequiredLabels: aquasec.HostAssurancePolicyRequiredLabelArray{
		&aquasec.HostAssurancePolicyRequiredLabelArgs{
			Key:   pulumi.String("string"),
			Value: pulumi.String("string"),
		},
	},
	RequiredLabelsEnabled: pulumi.Bool(false),
	ScanMalwareInArchives: pulumi.Bool(false),
	ScanNfsMounts:         pulumi.Bool(false),
	ScanProcessMemory:     pulumi.Bool(false),
	ScanSensitiveData:     pulumi.Bool(false),
	ScanWindowsRegistry:   pulumi.Bool(false),
	ScapEnabled:           pulumi.Bool(false),
	ScapFiles: pulumi.StringArray{
		pulumi.String("string"),
	},
	Scopes: aquasec.HostAssurancePolicyScopeArray{
		&aquasec.HostAssurancePolicyScopeArgs{
			Expression: pulumi.String("string"),
			Variables: aquasec.HostAssurancePolicyScopeVariableArray{
				&aquasec.HostAssurancePolicyScopeVariableArgs{
					Attribute: pulumi.String("string"),
					Name:      pulumi.String("string"),
					Value:     pulumi.String("string"),
				},
			},
		},
	},
	TrustedBaseImages: aquasec.HostAssurancePolicyTrustedBaseImageArray{
		&aquasec.HostAssurancePolicyTrustedBaseImageArgs{
			Imagename: pulumi.String("string"),
			Registry:  pulumi.String("string"),
		},
	},
	TrustedBaseImagesEnabled:    pulumi.Bool(false),
	VulnerabilityExploitability: pulumi.Bool(false),
	VulnerabilityScoreRanges: pulumi.IntArray{
		pulumi.Int(0),
	},
	WhitelistedLicenses: pulumi.StringArray{
		pulumi.String("string"),
	},
	WhitelistedLicensesEnabled: pulumi.Bool(false),
	WindowsCisEnabled:          pulumi.Bool(false),
})
Copy
var hostAssurancePolicyResource = new HostAssurancePolicy("hostAssurancePolicyResource", HostAssurancePolicyArgs.builder()
    .applicationScopes("string")
    .aggregatedVulnerability(Map.of("string", "string"))
    .allowedImages("string")
    .assuranceType("string")
    .auditOnFailure(false)
    .author("string")
    .autoScanConfigured(false)
    .autoScanEnabled(false)
    .autoScanTimes(HostAssurancePolicyAutoScanTimeArgs.builder()
        .iteration(0)
        .iterationType("string")
        .time("string")
        .weekDays("string")
        .build())
    .blacklistPermissions("string")
    .blacklistPermissionsEnabled(false)
    .blacklistedLicenses("string")
    .blacklistedLicensesEnabled(false)
    .blockFailed(false)
    .controlExcludeNoFix(false)
    .customChecks(HostAssurancePolicyCustomCheckArgs.builder()
        .author("string")
        .description("string")
        .engine("string")
        .lastModified(0)
        .name("string")
        .path("string")
        .readOnly(false)
        .scriptId("string")
        .severity("string")
        .snippet("string")
        .build())
    .customChecksEnabled(false)
    .customSeverity("string")
    .customSeverityEnabled(false)
    .cvesBlackListEnabled(false)
    .cvesBlackLists("string")
    .cvesWhiteListEnabled(false)
    .cvesWhiteLists("string")
    .cvssSeverity("string")
    .cvssSeverityEnabled(false)
    .cvssSeverityExcludeNoFix(false)
    .description("string")
    .disallowExploitTypes("string")
    .disallowMalware(false)
    .dockerCisEnabled(false)
    .domain("string")
    .domainName("string")
    .dtaEnabled(false)
    .dtaSeverity("string")
    .enabled(false)
    .enforce(false)
    .enforceAfterDays(0)
    .enforceExcessivePermissions(false)
    .exceptionalMonitoredMalwarePaths("string")
    .excludeApplicationScopes("string")
    .failCicd(false)
    .forbiddenLabels(HostAssurancePolicyForbiddenLabelArgs.builder()
        .key("string")
        .value("string")
        .build())
    .forbiddenLabelsEnabled(false)
    .forceMicroenforcer(false)
    .functionIntegrityEnabled(false)
    .ignoreBaseImageVln(false)
    .ignoreRecentlyPublishedVln(false)
    .ignoreRecentlyPublishedVlnPeriod(0)
    .ignoreRiskResourcesEnabled(false)
    .ignoredRiskResources("string")
    .ignoredSensitiveResources("string")
    .images("string")
    .kubeCisEnabled(false)
    .kubernetesControls("string")
    .kubernetesControlsAvdIds("string")
    .kubernetesControlsNames("string")
    .labels("string")
    .lastupdate("string")
    .linuxCisEnabled(false)
    .malwareAction("string")
    .maximumScore(0)
    .maximumScoreEnabled(false)
    .maximumScoreExcludeNoFix(false)
    .monitoredMalwarePaths("string")
    .name("string")
    .onlyNoneRootUsers(false)
    .openshiftHardeningEnabled(false)
    .packagesBlackListEnabled(false)
    .packagesBlackLists(HostAssurancePolicyPackagesBlackListArgs.builder()
        .arch("string")
        .display("string")
        .epoch("string")
        .format("string")
        .license("string")
        .name("string")
        .release("string")
        .version("string")
        .versionRange("string")
        .build())
    .packagesWhiteListEnabled(false)
    .packagesWhiteLists(HostAssurancePolicyPackagesWhiteListArgs.builder()
        .arch("string")
        .display("string")
        .epoch("string")
        .format("string")
        .license("string")
        .name("string")
        .release("string")
        .version("string")
        .versionRange("string")
        .build())
    .partialResultsImageFail(false)
    .permission("string")
    .policySettings(HostAssurancePolicyPolicySettingsArgs.builder()
        .enforce(false)
        .isAuditChecked(false)
        .warn(false)
        .warningMessage("string")
        .build())
    .readOnly(false)
    .registries("string")
    .registry("string")
    .requiredLabels(HostAssurancePolicyRequiredLabelArgs.builder()
        .key("string")
        .value("string")
        .build())
    .requiredLabelsEnabled(false)
    .scanMalwareInArchives(false)
    .scanNfsMounts(false)
    .scanProcessMemory(false)
    .scanSensitiveData(false)
    .scanWindowsRegistry(false)
    .scapEnabled(false)
    .scapFiles("string")
    .scopes(HostAssurancePolicyScopeArgs.builder()
        .expression("string")
        .variables(HostAssurancePolicyScopeVariableArgs.builder()
            .attribute("string")
            .name("string")
            .value("string")
            .build())
        .build())
    .trustedBaseImages(HostAssurancePolicyTrustedBaseImageArgs.builder()
        .imagename("string")
        .registry("string")
        .build())
    .trustedBaseImagesEnabled(false)
    .vulnerabilityExploitability(false)
    .vulnerabilityScoreRanges(0)
    .whitelistedLicenses("string")
    .whitelistedLicensesEnabled(false)
    .windowsCisEnabled(false)
    .build());
Copy
host_assurance_policy_resource = aquasec.HostAssurancePolicy("hostAssurancePolicyResource",
    application_scopes=["string"],
    aggregated_vulnerability={
        "string": "string",
    },
    allowed_images=["string"],
    assurance_type="string",
    audit_on_failure=False,
    author="string",
    auto_scan_configured=False,
    auto_scan_enabled=False,
    auto_scan_times=[{
        "iteration": 0,
        "iteration_type": "string",
        "time": "string",
        "week_days": ["string"],
    }],
    blacklist_permissions=["string"],
    blacklist_permissions_enabled=False,
    blacklisted_licenses=["string"],
    blacklisted_licenses_enabled=False,
    block_failed=False,
    control_exclude_no_fix=False,
    custom_checks=[{
        "author": "string",
        "description": "string",
        "engine": "string",
        "last_modified": 0,
        "name": "string",
        "path": "string",
        "read_only": False,
        "script_id": "string",
        "severity": "string",
        "snippet": "string",
    }],
    custom_checks_enabled=False,
    custom_severity="string",
    custom_severity_enabled=False,
    cves_black_list_enabled=False,
    cves_black_lists=["string"],
    cves_white_list_enabled=False,
    cves_white_lists=["string"],
    cvss_severity="string",
    cvss_severity_enabled=False,
    cvss_severity_exclude_no_fix=False,
    description="string",
    disallow_exploit_types=["string"],
    disallow_malware=False,
    docker_cis_enabled=False,
    domain="string",
    domain_name="string",
    dta_enabled=False,
    dta_severity="string",
    enabled=False,
    enforce=False,
    enforce_after_days=0,
    enforce_excessive_permissions=False,
    exceptional_monitored_malware_paths=["string"],
    exclude_application_scopes=["string"],
    fail_cicd=False,
    forbidden_labels=[{
        "key": "string",
        "value": "string",
    }],
    forbidden_labels_enabled=False,
    force_microenforcer=False,
    function_integrity_enabled=False,
    ignore_base_image_vln=False,
    ignore_recently_published_vln=False,
    ignore_recently_published_vln_period=0,
    ignore_risk_resources_enabled=False,
    ignored_risk_resources=["string"],
    ignored_sensitive_resources=["string"],
    images=["string"],
    kube_cis_enabled=False,
    kubernetes_controls=["string"],
    kubernetes_controls_avd_ids=["string"],
    kubernetes_controls_names=["string"],
    labels=["string"],
    lastupdate="string",
    linux_cis_enabled=False,
    malware_action="string",
    maximum_score=0,
    maximum_score_enabled=False,
    maximum_score_exclude_no_fix=False,
    monitored_malware_paths=["string"],
    name="string",
    only_none_root_users=False,
    openshift_hardening_enabled=False,
    packages_black_list_enabled=False,
    packages_black_lists=[{
        "arch": "string",
        "display": "string",
        "epoch": "string",
        "format": "string",
        "license": "string",
        "name": "string",
        "release": "string",
        "version": "string",
        "version_range": "string",
    }],
    packages_white_list_enabled=False,
    packages_white_lists=[{
        "arch": "string",
        "display": "string",
        "epoch": "string",
        "format": "string",
        "license": "string",
        "name": "string",
        "release": "string",
        "version": "string",
        "version_range": "string",
    }],
    partial_results_image_fail=False,
    permission="string",
    policy_settings={
        "enforce": False,
        "is_audit_checked": False,
        "warn": False,
        "warning_message": "string",
    },
    read_only=False,
    registries=["string"],
    registry="string",
    required_labels=[{
        "key": "string",
        "value": "string",
    }],
    required_labels_enabled=False,
    scan_malware_in_archives=False,
    scan_nfs_mounts=False,
    scan_process_memory=False,
    scan_sensitive_data=False,
    scan_windows_registry=False,
    scap_enabled=False,
    scap_files=["string"],
    scopes=[{
        "expression": "string",
        "variables": [{
            "attribute": "string",
            "name": "string",
            "value": "string",
        }],
    }],
    trusted_base_images=[{
        "imagename": "string",
        "registry": "string",
    }],
    trusted_base_images_enabled=False,
    vulnerability_exploitability=False,
    vulnerability_score_ranges=[0],
    whitelisted_licenses=["string"],
    whitelisted_licenses_enabled=False,
    windows_cis_enabled=False)
Copy
const hostAssurancePolicyResource = new aquasec.HostAssurancePolicy("hostAssurancePolicyResource", {
    applicationScopes: ["string"],
    aggregatedVulnerability: {
        string: "string",
    },
    allowedImages: ["string"],
    assuranceType: "string",
    auditOnFailure: false,
    author: "string",
    autoScanConfigured: false,
    autoScanEnabled: false,
    autoScanTimes: [{
        iteration: 0,
        iterationType: "string",
        time: "string",
        weekDays: ["string"],
    }],
    blacklistPermissions: ["string"],
    blacklistPermissionsEnabled: false,
    blacklistedLicenses: ["string"],
    blacklistedLicensesEnabled: false,
    blockFailed: false,
    controlExcludeNoFix: false,
    customChecks: [{
        author: "string",
        description: "string",
        engine: "string",
        lastModified: 0,
        name: "string",
        path: "string",
        readOnly: false,
        scriptId: "string",
        severity: "string",
        snippet: "string",
    }],
    customChecksEnabled: false,
    customSeverity: "string",
    customSeverityEnabled: false,
    cvesBlackListEnabled: false,
    cvesBlackLists: ["string"],
    cvesWhiteListEnabled: false,
    cvesWhiteLists: ["string"],
    cvssSeverity: "string",
    cvssSeverityEnabled: false,
    cvssSeverityExcludeNoFix: false,
    description: "string",
    disallowExploitTypes: ["string"],
    disallowMalware: false,
    dockerCisEnabled: false,
    domain: "string",
    domainName: "string",
    dtaEnabled: false,
    dtaSeverity: "string",
    enabled: false,
    enforce: false,
    enforceAfterDays: 0,
    enforceExcessivePermissions: false,
    exceptionalMonitoredMalwarePaths: ["string"],
    excludeApplicationScopes: ["string"],
    failCicd: false,
    forbiddenLabels: [{
        key: "string",
        value: "string",
    }],
    forbiddenLabelsEnabled: false,
    forceMicroenforcer: false,
    functionIntegrityEnabled: false,
    ignoreBaseImageVln: false,
    ignoreRecentlyPublishedVln: false,
    ignoreRecentlyPublishedVlnPeriod: 0,
    ignoreRiskResourcesEnabled: false,
    ignoredRiskResources: ["string"],
    ignoredSensitiveResources: ["string"],
    images: ["string"],
    kubeCisEnabled: false,
    kubernetesControls: ["string"],
    kubernetesControlsAvdIds: ["string"],
    kubernetesControlsNames: ["string"],
    labels: ["string"],
    lastupdate: "string",
    linuxCisEnabled: false,
    malwareAction: "string",
    maximumScore: 0,
    maximumScoreEnabled: false,
    maximumScoreExcludeNoFix: false,
    monitoredMalwarePaths: ["string"],
    name: "string",
    onlyNoneRootUsers: false,
    openshiftHardeningEnabled: false,
    packagesBlackListEnabled: false,
    packagesBlackLists: [{
        arch: "string",
        display: "string",
        epoch: "string",
        format: "string",
        license: "string",
        name: "string",
        release: "string",
        version: "string",
        versionRange: "string",
    }],
    packagesWhiteListEnabled: false,
    packagesWhiteLists: [{
        arch: "string",
        display: "string",
        epoch: "string",
        format: "string",
        license: "string",
        name: "string",
        release: "string",
        version: "string",
        versionRange: "string",
    }],
    partialResultsImageFail: false,
    permission: "string",
    policySettings: {
        enforce: false,
        isAuditChecked: false,
        warn: false,
        warningMessage: "string",
    },
    readOnly: false,
    registries: ["string"],
    registry: "string",
    requiredLabels: [{
        key: "string",
        value: "string",
    }],
    requiredLabelsEnabled: false,
    scanMalwareInArchives: false,
    scanNfsMounts: false,
    scanProcessMemory: false,
    scanSensitiveData: false,
    scanWindowsRegistry: false,
    scapEnabled: false,
    scapFiles: ["string"],
    scopes: [{
        expression: "string",
        variables: [{
            attribute: "string",
            name: "string",
            value: "string",
        }],
    }],
    trustedBaseImages: [{
        imagename: "string",
        registry: "string",
    }],
    trustedBaseImagesEnabled: false,
    vulnerabilityExploitability: false,
    vulnerabilityScoreRanges: [0],
    whitelistedLicenses: ["string"],
    whitelistedLicensesEnabled: false,
    windowsCisEnabled: false,
});
Copy
type: aquasec:HostAssurancePolicy
properties:
    aggregatedVulnerability:
        string: string
    allowedImages:
        - string
    applicationScopes:
        - string
    assuranceType: string
    auditOnFailure: false
    author: string
    autoScanConfigured: false
    autoScanEnabled: false
    autoScanTimes:
        - iteration: 0
          iterationType: string
          time: string
          weekDays:
            - string
    blacklistPermissions:
        - string
    blacklistPermissionsEnabled: false
    blacklistedLicenses:
        - string
    blacklistedLicensesEnabled: false
    blockFailed: false
    controlExcludeNoFix: false
    customChecks:
        - author: string
          description: string
          engine: string
          lastModified: 0
          name: string
          path: string
          readOnly: false
          scriptId: string
          severity: string
          snippet: string
    customChecksEnabled: false
    customSeverity: string
    customSeverityEnabled: false
    cvesBlackListEnabled: false
    cvesBlackLists:
        - string
    cvesWhiteListEnabled: false
    cvesWhiteLists:
        - string
    cvssSeverity: string
    cvssSeverityEnabled: false
    cvssSeverityExcludeNoFix: false
    description: string
    disallowExploitTypes:
        - string
    disallowMalware: false
    dockerCisEnabled: false
    domain: string
    domainName: string
    dtaEnabled: false
    dtaSeverity: string
    enabled: false
    enforce: false
    enforceAfterDays: 0
    enforceExcessivePermissions: false
    exceptionalMonitoredMalwarePaths:
        - string
    excludeApplicationScopes:
        - string
    failCicd: false
    forbiddenLabels:
        - key: string
          value: string
    forbiddenLabelsEnabled: false
    forceMicroenforcer: false
    functionIntegrityEnabled: false
    ignoreBaseImageVln: false
    ignoreRecentlyPublishedVln: false
    ignoreRecentlyPublishedVlnPeriod: 0
    ignoreRiskResourcesEnabled: false
    ignoredRiskResources:
        - string
    ignoredSensitiveResources:
        - string
    images:
        - string
    kubeCisEnabled: false
    kubernetesControls:
        - string
    kubernetesControlsAvdIds:
        - string
    kubernetesControlsNames:
        - string
    labels:
        - string
    lastupdate: string
    linuxCisEnabled: false
    malwareAction: string
    maximumScore: 0
    maximumScoreEnabled: false
    maximumScoreExcludeNoFix: false
    monitoredMalwarePaths:
        - string
    name: string
    onlyNoneRootUsers: false
    openshiftHardeningEnabled: false
    packagesBlackListEnabled: false
    packagesBlackLists:
        - arch: string
          display: string
          epoch: string
          format: string
          license: string
          name: string
          release: string
          version: string
          versionRange: string
    packagesWhiteListEnabled: false
    packagesWhiteLists:
        - arch: string
          display: string
          epoch: string
          format: string
          license: string
          name: string
          release: string
          version: string
          versionRange: string
    partialResultsImageFail: false
    permission: string
    policySettings:
        enforce: false
        isAuditChecked: false
        warn: false
        warningMessage: string
    readOnly: false
    registries:
        - string
    registry: string
    requiredLabels:
        - key: string
          value: string
    requiredLabelsEnabled: false
    scanMalwareInArchives: false
    scanNfsMounts: false
    scanProcessMemory: false
    scanSensitiveData: false
    scanWindowsRegistry: false
    scapEnabled: false
    scapFiles:
        - string
    scopes:
        - expression: string
          variables:
            - attribute: string
              name: string
              value: string
    trustedBaseImages:
        - imagename: string
          registry: string
    trustedBaseImagesEnabled: false
    vulnerabilityExploitability: false
    vulnerabilityScoreRanges:
        - 0
    whitelistedLicenses:
        - string
    whitelistedLicensesEnabled: false
    windowsCisEnabled: false
Copy

HostAssurancePolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The HostAssurancePolicy resource accepts the following input properties:

ApplicationScopes This property is required. List<string>
AggregatedVulnerability Dictionary<string, string>
Aggregated vulnerability information.
AllowedImages List<string>
List of explicitly allowed images.
AssuranceType string
What type of assurance policy is described.
AuditOnFailure bool
Indicates if auditing for failures.
Author string
Name of user account that created the policy.
AutoScanConfigured bool
AutoScanEnabled bool
AutoScanTimes List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyAutoScanTime>
BlacklistPermissions List<string>
List of function's forbidden permissions.
BlacklistPermissionsEnabled bool
Indicates if blacklist permissions is relevant.
BlacklistedLicenses List<string>
List of blacklisted licenses.
BlacklistedLicensesEnabled bool
Indicates if license blacklist is relevant.
BlockFailed bool
Indicates if failed images are blocked.
ControlExcludeNoFix bool
CustomChecks List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyCustomCheck>
List of Custom user scripts for checks.
CustomChecksEnabled bool
Indicates if scanning should include custom checks.
CustomSeverity string
CustomSeverityEnabled bool
CvesBlackListEnabled bool
Indicates if CVEs blacklist is relevant.
CvesBlackLists List<string>
List of CVEs blacklisted items.
CvesWhiteListEnabled bool
Indicates if CVEs whitelist is relevant.
CvesWhiteLists List<string>
List of cves whitelisted licenses
CvssSeverity string
Identifier of the cvss severity.
CvssSeverityEnabled bool
Indicates if the cvss severity is scanned.
CvssSeverityExcludeNoFix bool
Indicates that policy should ignore cvss cases that do not have a known fix.
Description string
DisallowExploitTypes List<string>
DisallowMalware bool
Indicates if malware should block the image.
DockerCisEnabled bool
Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
Domain string
Name of the container image.
DomainName string
DtaEnabled bool
DtaSeverity string
Enabled bool
Enforce bool
EnforceAfterDays int
EnforceExcessivePermissions bool
ExceptionalMonitoredMalwarePaths List<string>
ExcludeApplicationScopes List<string>
FailCicd bool
Indicates if cicd failures will fail the image.
ForbiddenLabels List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyForbiddenLabel>
ForbiddenLabelsEnabled bool
ForceMicroenforcer bool
FunctionIntegrityEnabled bool
IgnoreBaseImageVln bool
IgnoreRecentlyPublishedVln bool
IgnoreRecentlyPublishedVlnPeriod int
IgnoreRiskResourcesEnabled bool
Indicates if risk resources are ignored.
IgnoredRiskResources List<string>
List of ignored risk resources.
IgnoredSensitiveResources List<string>
Images List<string>
List of images.
KubeCisEnabled bool
Performs a Kubernetes CIS benchmark check for the host.
KubernetesControls List<string>
KubernetesControlsAvdIds List<string>
KubernetesControlsNames List<string>
Labels List<string>
List of labels.
Lastupdate string
LinuxCisEnabled bool
MalwareAction string
MaximumScore double
Value of allowed maximum score.
MaximumScoreEnabled bool
Indicates if exceeding the maximum score is scanned.
MaximumScoreExcludeNoFix bool
Indicates that policy should ignore cases that do not have a known fix.
MonitoredMalwarePaths List<string>
Name Changes to this property will trigger replacement. string
OnlyNoneRootUsers bool
Indicates if raise a warning for images that should only be run as root.
OpenshiftHardeningEnabled bool
PackagesBlackListEnabled bool
Indicates if packages blacklist is relevant.
PackagesBlackLists List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyPackagesBlackList>
List of blacklisted images.
PackagesWhiteListEnabled bool
Indicates if packages whitelist is relevant.
PackagesWhiteLists List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyPackagesWhiteList>
List of whitelisted images.
PartialResultsImageFail bool
Permission string
PolicySettings Pulumiverse.Aquasec.Inputs.HostAssurancePolicyPolicySettings
ReadOnly bool
Registries List<string>
List of registries.
Registry string
RequiredLabels List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyRequiredLabel>
RequiredLabelsEnabled bool
ScanMalwareInArchives bool
ScanNfsMounts bool
ScanProcessMemory bool
ScanSensitiveData bool
Indicates if scan should include sensitive data in the image.
ScanWindowsRegistry bool
ScapEnabled bool
Indicates if scanning should include scap.
ScapFiles List<string>
List of SCAP user scripts for checks.
Scopes List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyScope>
TrustedBaseImages List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyTrustedBaseImage>
List of trusted images.
TrustedBaseImagesEnabled bool
Indicates if list of trusted base images is relevant.
VulnerabilityExploitability bool
VulnerabilityScoreRanges List<int>
WhitelistedLicenses List<string>
List of whitelisted licenses.
WhitelistedLicensesEnabled bool
Indicates if license blacklist is relevant.
WindowsCisEnabled bool
Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).
ApplicationScopes This property is required. []string
AggregatedVulnerability map[string]string
Aggregated vulnerability information.
AllowedImages []string
List of explicitly allowed images.
AssuranceType string
What type of assurance policy is described.
AuditOnFailure bool
Indicates if auditing for failures.
Author string
Name of user account that created the policy.
AutoScanConfigured bool
AutoScanEnabled bool
AutoScanTimes []HostAssurancePolicyAutoScanTimeArgs
BlacklistPermissions []string
List of function's forbidden permissions.
BlacklistPermissionsEnabled bool
Indicates if blacklist permissions is relevant.
BlacklistedLicenses []string
List of blacklisted licenses.
BlacklistedLicensesEnabled bool
Indicates if license blacklist is relevant.
BlockFailed bool
Indicates if failed images are blocked.
ControlExcludeNoFix bool
CustomChecks []HostAssurancePolicyCustomCheckArgs
List of Custom user scripts for checks.
CustomChecksEnabled bool
Indicates if scanning should include custom checks.
CustomSeverity string
CustomSeverityEnabled bool
CvesBlackListEnabled bool
Indicates if CVEs blacklist is relevant.
CvesBlackLists []string
List of CVEs blacklisted items.
CvesWhiteListEnabled bool
Indicates if CVEs whitelist is relevant.
CvesWhiteLists []string
List of cves whitelisted licenses
CvssSeverity string
Identifier of the cvss severity.
CvssSeverityEnabled bool
Indicates if the cvss severity is scanned.
CvssSeverityExcludeNoFix bool
Indicates that policy should ignore cvss cases that do not have a known fix.
Description string
DisallowExploitTypes []string
DisallowMalware bool
Indicates if malware should block the image.
DockerCisEnabled bool
Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
Domain string
Name of the container image.
DomainName string
DtaEnabled bool
DtaSeverity string
Enabled bool
Enforce bool
EnforceAfterDays int
EnforceExcessivePermissions bool
ExceptionalMonitoredMalwarePaths []string
ExcludeApplicationScopes []string
FailCicd bool
Indicates if cicd failures will fail the image.
ForbiddenLabels []HostAssurancePolicyForbiddenLabelArgs
ForbiddenLabelsEnabled bool
ForceMicroenforcer bool
FunctionIntegrityEnabled bool
IgnoreBaseImageVln bool
IgnoreRecentlyPublishedVln bool
IgnoreRecentlyPublishedVlnPeriod int
IgnoreRiskResourcesEnabled bool
Indicates if risk resources are ignored.
IgnoredRiskResources []string
List of ignored risk resources.
IgnoredSensitiveResources []string
Images []string
List of images.
KubeCisEnabled bool
Performs a Kubernetes CIS benchmark check for the host.
KubernetesControls []string
KubernetesControlsAvdIds []string
KubernetesControlsNames []string
Labels []string
List of labels.
Lastupdate string
LinuxCisEnabled bool
MalwareAction string
MaximumScore float64
Value of allowed maximum score.
MaximumScoreEnabled bool
Indicates if exceeding the maximum score is scanned.
MaximumScoreExcludeNoFix bool
Indicates that policy should ignore cases that do not have a known fix.
MonitoredMalwarePaths []string
Name Changes to this property will trigger replacement. string
OnlyNoneRootUsers bool
Indicates if raise a warning for images that should only be run as root.
OpenshiftHardeningEnabled bool
PackagesBlackListEnabled bool
Indicates if packages blacklist is relevant.
PackagesBlackLists []HostAssurancePolicyPackagesBlackListArgs
List of blacklisted images.
PackagesWhiteListEnabled bool
Indicates if packages whitelist is relevant.
PackagesWhiteLists []HostAssurancePolicyPackagesWhiteListArgs
List of whitelisted images.
PartialResultsImageFail bool
Permission string
PolicySettings HostAssurancePolicyPolicySettingsArgs
ReadOnly bool
Registries []string
List of registries.
Registry string
RequiredLabels []HostAssurancePolicyRequiredLabelArgs
RequiredLabelsEnabled bool
ScanMalwareInArchives bool
ScanNfsMounts bool
ScanProcessMemory bool
ScanSensitiveData bool
Indicates if scan should include sensitive data in the image.
ScanWindowsRegistry bool
ScapEnabled bool
Indicates if scanning should include scap.
ScapFiles []string
List of SCAP user scripts for checks.
Scopes []HostAssurancePolicyScopeArgs
TrustedBaseImages []HostAssurancePolicyTrustedBaseImageArgs
List of trusted images.
TrustedBaseImagesEnabled bool
Indicates if list of trusted base images is relevant.
VulnerabilityExploitability bool
VulnerabilityScoreRanges []int
WhitelistedLicenses []string
List of whitelisted licenses.
WhitelistedLicensesEnabled bool
Indicates if license blacklist is relevant.
WindowsCisEnabled bool
Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).
applicationScopes This property is required. List<String>
aggregatedVulnerability Map<String,String>
Aggregated vulnerability information.
allowedImages List<String>
List of explicitly allowed images.
assuranceType String
What type of assurance policy is described.
auditOnFailure Boolean
Indicates if auditing for failures.
author String
Name of user account that created the policy.
autoScanConfigured Boolean
autoScanEnabled Boolean
autoScanTimes List<HostAssurancePolicyAutoScanTime>
blacklistPermissions List<String>
List of function's forbidden permissions.
blacklistPermissionsEnabled Boolean
Indicates if blacklist permissions is relevant.
blacklistedLicenses List<String>
List of blacklisted licenses.
blacklistedLicensesEnabled Boolean
Indicates if license blacklist is relevant.
blockFailed Boolean
Indicates if failed images are blocked.
controlExcludeNoFix Boolean
customChecks List<HostAssurancePolicyCustomCheck>
List of Custom user scripts for checks.
customChecksEnabled Boolean
Indicates if scanning should include custom checks.
customSeverity String
customSeverityEnabled Boolean
cvesBlackListEnabled Boolean
Indicates if CVEs blacklist is relevant.
cvesBlackLists List<String>
List of CVEs blacklisted items.
cvesWhiteListEnabled Boolean
Indicates if CVEs whitelist is relevant.
cvesWhiteLists List<String>
List of cves whitelisted licenses
cvssSeverity String
Identifier of the cvss severity.
cvssSeverityEnabled Boolean
Indicates if the cvss severity is scanned.
cvssSeverityExcludeNoFix Boolean
Indicates that policy should ignore cvss cases that do not have a known fix.
description String
disallowExploitTypes List<String>
disallowMalware Boolean
Indicates if malware should block the image.
dockerCisEnabled Boolean
Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain String
Name of the container image.
domainName String
dtaEnabled Boolean
dtaSeverity String
enabled Boolean
enforce Boolean
enforceAfterDays Integer
enforceExcessivePermissions Boolean
exceptionalMonitoredMalwarePaths List<String>
excludeApplicationScopes List<String>
failCicd Boolean
Indicates if cicd failures will fail the image.
forbiddenLabels List<HostAssurancePolicyForbiddenLabel>
forbiddenLabelsEnabled Boolean
forceMicroenforcer Boolean
functionIntegrityEnabled Boolean
ignoreBaseImageVln Boolean
ignoreRecentlyPublishedVln Boolean
ignoreRecentlyPublishedVlnPeriod Integer
ignoreRiskResourcesEnabled Boolean
Indicates if risk resources are ignored.
ignoredRiskResources List<String>
List of ignored risk resources.
ignoredSensitiveResources List<String>
images List<String>
List of images.
kubeCisEnabled Boolean
Performs a Kubernetes CIS benchmark check for the host.
kubernetesControls List<String>
kubernetesControlsAvdIds List<String>
kubernetesControlsNames List<String>
labels List<String>
List of labels.
lastupdate String
linuxCisEnabled Boolean
malwareAction String
maximumScore Double
Value of allowed maximum score.
maximumScoreEnabled Boolean
Indicates if exceeding the maximum score is scanned.
maximumScoreExcludeNoFix Boolean
Indicates that policy should ignore cases that do not have a known fix.
monitoredMalwarePaths List<String>
name Changes to this property will trigger replacement. String
onlyNoneRootUsers Boolean
Indicates if raise a warning for images that should only be run as root.
openshiftHardeningEnabled Boolean
packagesBlackListEnabled Boolean
Indicates if packages blacklist is relevant.
packagesBlackLists List<HostAssurancePolicyPackagesBlackList>
List of blacklisted images.
packagesWhiteListEnabled Boolean
Indicates if packages whitelist is relevant.
packagesWhiteLists List<HostAssurancePolicyPackagesWhiteList>
List of whitelisted images.
partialResultsImageFail Boolean
permission String
policySettings HostAssurancePolicyPolicySettings
readOnly Boolean
registries List<String>
List of registries.
registry String
requiredLabels List<HostAssurancePolicyRequiredLabel>
requiredLabelsEnabled Boolean
scanMalwareInArchives Boolean
scanNfsMounts Boolean
scanProcessMemory Boolean
scanSensitiveData Boolean
Indicates if scan should include sensitive data in the image.
scanWindowsRegistry Boolean
scapEnabled Boolean
Indicates if scanning should include scap.
scapFiles List<String>
List of SCAP user scripts for checks.
scopes List<HostAssurancePolicyScope>
trustedBaseImages List<HostAssurancePolicyTrustedBaseImage>
List of trusted images.
trustedBaseImagesEnabled Boolean
Indicates if list of trusted base images is relevant.
vulnerabilityExploitability Boolean
vulnerabilityScoreRanges List<Integer>
whitelistedLicenses List<String>
List of whitelisted licenses.
whitelistedLicensesEnabled Boolean
Indicates if license blacklist is relevant.
windowsCisEnabled Boolean
Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).
applicationScopes This property is required. string[]
aggregatedVulnerability {[key: string]: string}
Aggregated vulnerability information.
allowedImages string[]
List of explicitly allowed images.
assuranceType string
What type of assurance policy is described.
auditOnFailure boolean
Indicates if auditing for failures.
author string
Name of user account that created the policy.
autoScanConfigured boolean
autoScanEnabled boolean
autoScanTimes HostAssurancePolicyAutoScanTime[]
blacklistPermissions string[]
List of function's forbidden permissions.
blacklistPermissionsEnabled boolean
Indicates if blacklist permissions is relevant.
blacklistedLicenses string[]
List of blacklisted licenses.
blacklistedLicensesEnabled boolean
Indicates if license blacklist is relevant.
blockFailed boolean
Indicates if failed images are blocked.
controlExcludeNoFix boolean
customChecks HostAssurancePolicyCustomCheck[]
List of Custom user scripts for checks.
customChecksEnabled boolean
Indicates if scanning should include custom checks.
customSeverity string
customSeverityEnabled boolean
cvesBlackListEnabled boolean
Indicates if CVEs blacklist is relevant.
cvesBlackLists string[]
List of CVEs blacklisted items.
cvesWhiteListEnabled boolean
Indicates if CVEs whitelist is relevant.
cvesWhiteLists string[]
List of cves whitelisted licenses
cvssSeverity string
Identifier of the cvss severity.
cvssSeverityEnabled boolean
Indicates if the cvss severity is scanned.
cvssSeverityExcludeNoFix boolean
Indicates that policy should ignore cvss cases that do not have a known fix.
description string
disallowExploitTypes string[]
disallowMalware boolean
Indicates if malware should block the image.
dockerCisEnabled boolean
Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain string
Name of the container image.
domainName string
dtaEnabled boolean
dtaSeverity string
enabled boolean
enforce boolean
enforceAfterDays number
enforceExcessivePermissions boolean
exceptionalMonitoredMalwarePaths string[]
excludeApplicationScopes string[]
failCicd boolean
Indicates if cicd failures will fail the image.
forbiddenLabels HostAssurancePolicyForbiddenLabel[]
forbiddenLabelsEnabled boolean
forceMicroenforcer boolean
functionIntegrityEnabled boolean
ignoreBaseImageVln boolean
ignoreRecentlyPublishedVln boolean
ignoreRecentlyPublishedVlnPeriod number
ignoreRiskResourcesEnabled boolean
Indicates if risk resources are ignored.
ignoredRiskResources string[]
List of ignored risk resources.
ignoredSensitiveResources string[]
images string[]
List of images.
kubeCisEnabled boolean
Performs a Kubernetes CIS benchmark check for the host.
kubernetesControls string[]
kubernetesControlsAvdIds string[]
kubernetesControlsNames string[]
labels string[]
List of labels.
lastupdate string
linuxCisEnabled boolean
malwareAction string
maximumScore number
Value of allowed maximum score.
maximumScoreEnabled boolean
Indicates if exceeding the maximum score is scanned.
maximumScoreExcludeNoFix boolean
Indicates that policy should ignore cases that do not have a known fix.
monitoredMalwarePaths string[]
name Changes to this property will trigger replacement. string
onlyNoneRootUsers boolean
Indicates if raise a warning for images that should only be run as root.
openshiftHardeningEnabled boolean
packagesBlackListEnabled boolean
Indicates if packages blacklist is relevant.
packagesBlackLists HostAssurancePolicyPackagesBlackList[]
List of blacklisted images.
packagesWhiteListEnabled boolean
Indicates if packages whitelist is relevant.
packagesWhiteLists HostAssurancePolicyPackagesWhiteList[]
List of whitelisted images.
partialResultsImageFail boolean
permission string
policySettings HostAssurancePolicyPolicySettings
readOnly boolean
registries string[]
List of registries.
registry string
requiredLabels HostAssurancePolicyRequiredLabel[]
requiredLabelsEnabled boolean
scanMalwareInArchives boolean
scanNfsMounts boolean
scanProcessMemory boolean
scanSensitiveData boolean
Indicates if scan should include sensitive data in the image.
scanWindowsRegistry boolean
scapEnabled boolean
Indicates if scanning should include scap.
scapFiles string[]
List of SCAP user scripts for checks.
scopes HostAssurancePolicyScope[]
trustedBaseImages HostAssurancePolicyTrustedBaseImage[]
List of trusted images.
trustedBaseImagesEnabled boolean
Indicates if list of trusted base images is relevant.
vulnerabilityExploitability boolean
vulnerabilityScoreRanges number[]
whitelistedLicenses string[]
List of whitelisted licenses.
whitelistedLicensesEnabled boolean
Indicates if license blacklist is relevant.
windowsCisEnabled boolean
Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).
application_scopes This property is required. Sequence[str]
aggregated_vulnerability Mapping[str, str]
Aggregated vulnerability information.
allowed_images Sequence[str]
List of explicitly allowed images.
assurance_type str
What type of assurance policy is described.
audit_on_failure bool
Indicates if auditing for failures.
author str
Name of user account that created the policy.
auto_scan_configured bool
auto_scan_enabled bool
auto_scan_times Sequence[HostAssurancePolicyAutoScanTimeArgs]
blacklist_permissions Sequence[str]
List of function's forbidden permissions.
blacklist_permissions_enabled bool
Indicates if blacklist permissions is relevant.
blacklisted_licenses Sequence[str]
List of blacklisted licenses.
blacklisted_licenses_enabled bool
Indicates if license blacklist is relevant.
block_failed bool
Indicates if failed images are blocked.
control_exclude_no_fix bool
custom_checks Sequence[HostAssurancePolicyCustomCheckArgs]
List of Custom user scripts for checks.
custom_checks_enabled bool
Indicates if scanning should include custom checks.
custom_severity str
custom_severity_enabled bool
cves_black_list_enabled bool
Indicates if CVEs blacklist is relevant.
cves_black_lists Sequence[str]
List of CVEs blacklisted items.
cves_white_list_enabled bool
Indicates if CVEs whitelist is relevant.
cves_white_lists Sequence[str]
List of cves whitelisted licenses
cvss_severity str
Identifier of the cvss severity.
cvss_severity_enabled bool
Indicates if the cvss severity is scanned.
cvss_severity_exclude_no_fix bool
Indicates that policy should ignore cvss cases that do not have a known fix.
description str
disallow_exploit_types Sequence[str]
disallow_malware bool
Indicates if malware should block the image.
docker_cis_enabled bool
Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain str
Name of the container image.
domain_name str
dta_enabled bool
dta_severity str
enabled bool
enforce bool
enforce_after_days int
enforce_excessive_permissions bool
exceptional_monitored_malware_paths Sequence[str]
exclude_application_scopes Sequence[str]
fail_cicd bool
Indicates if cicd failures will fail the image.
forbidden_labels Sequence[HostAssurancePolicyForbiddenLabelArgs]
forbidden_labels_enabled bool
force_microenforcer bool
function_integrity_enabled bool
ignore_base_image_vln bool
ignore_recently_published_vln bool
ignore_recently_published_vln_period int
ignore_risk_resources_enabled bool
Indicates if risk resources are ignored.
ignored_risk_resources Sequence[str]
List of ignored risk resources.
ignored_sensitive_resources Sequence[str]
images Sequence[str]
List of images.
kube_cis_enabled bool
Performs a Kubernetes CIS benchmark check for the host.
kubernetes_controls Sequence[str]
kubernetes_controls_avd_ids Sequence[str]
kubernetes_controls_names Sequence[str]
labels Sequence[str]
List of labels.
lastupdate str
linux_cis_enabled bool
malware_action str
maximum_score float
Value of allowed maximum score.
maximum_score_enabled bool
Indicates if exceeding the maximum score is scanned.
maximum_score_exclude_no_fix bool
Indicates that policy should ignore cases that do not have a known fix.
monitored_malware_paths Sequence[str]
name Changes to this property will trigger replacement. str
only_none_root_users bool
Indicates if raise a warning for images that should only be run as root.
openshift_hardening_enabled bool
packages_black_list_enabled bool
Indicates if packages blacklist is relevant.
packages_black_lists Sequence[HostAssurancePolicyPackagesBlackListArgs]
List of blacklisted images.
packages_white_list_enabled bool
Indicates if packages whitelist is relevant.
packages_white_lists Sequence[HostAssurancePolicyPackagesWhiteListArgs]
List of whitelisted images.
partial_results_image_fail bool
permission str
policy_settings HostAssurancePolicyPolicySettingsArgs
read_only bool
registries Sequence[str]
List of registries.
registry str
required_labels Sequence[HostAssurancePolicyRequiredLabelArgs]
required_labels_enabled bool
scan_malware_in_archives bool
scan_nfs_mounts bool
scan_process_memory bool
scan_sensitive_data bool
Indicates if scan should include sensitive data in the image.
scan_windows_registry bool
scap_enabled bool
Indicates if scanning should include scap.
scap_files Sequence[str]
List of SCAP user scripts for checks.
scopes Sequence[HostAssurancePolicyScopeArgs]
trusted_base_images Sequence[HostAssurancePolicyTrustedBaseImageArgs]
List of trusted images.
trusted_base_images_enabled bool
Indicates if list of trusted base images is relevant.
vulnerability_exploitability bool
vulnerability_score_ranges Sequence[int]
whitelisted_licenses Sequence[str]
List of whitelisted licenses.
whitelisted_licenses_enabled bool
Indicates if license blacklist is relevant.
windows_cis_enabled bool
Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).
applicationScopes This property is required. List<String>
aggregatedVulnerability Map<String>
Aggregated vulnerability information.
allowedImages List<String>
List of explicitly allowed images.
assuranceType String
What type of assurance policy is described.
auditOnFailure Boolean
Indicates if auditing for failures.
author String
Name of user account that created the policy.
autoScanConfigured Boolean
autoScanEnabled Boolean
autoScanTimes List<Property Map>
blacklistPermissions List<String>
List of function's forbidden permissions.
blacklistPermissionsEnabled Boolean
Indicates if blacklist permissions is relevant.
blacklistedLicenses List<String>
List of blacklisted licenses.
blacklistedLicensesEnabled Boolean
Indicates if license blacklist is relevant.
blockFailed Boolean
Indicates if failed images are blocked.
controlExcludeNoFix Boolean
customChecks List<Property Map>
List of Custom user scripts for checks.
customChecksEnabled Boolean
Indicates if scanning should include custom checks.
customSeverity String
customSeverityEnabled Boolean
cvesBlackListEnabled Boolean
Indicates if CVEs blacklist is relevant.
cvesBlackLists List<String>
List of CVEs blacklisted items.
cvesWhiteListEnabled Boolean
Indicates if CVEs whitelist is relevant.
cvesWhiteLists List<String>
List of cves whitelisted licenses
cvssSeverity String
Identifier of the cvss severity.
cvssSeverityEnabled Boolean
Indicates if the cvss severity is scanned.
cvssSeverityExcludeNoFix Boolean
Indicates that policy should ignore cvss cases that do not have a known fix.
description String
disallowExploitTypes List<String>
disallowMalware Boolean
Indicates if malware should block the image.
dockerCisEnabled Boolean
Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain String
Name of the container image.
domainName String
dtaEnabled Boolean
dtaSeverity String
enabled Boolean
enforce Boolean
enforceAfterDays Number
enforceExcessivePermissions Boolean
exceptionalMonitoredMalwarePaths List<String>
excludeApplicationScopes List<String>
failCicd Boolean
Indicates if cicd failures will fail the image.
forbiddenLabels List<Property Map>
forbiddenLabelsEnabled Boolean
forceMicroenforcer Boolean
functionIntegrityEnabled Boolean
ignoreBaseImageVln Boolean
ignoreRecentlyPublishedVln Boolean
ignoreRecentlyPublishedVlnPeriod Number
ignoreRiskResourcesEnabled Boolean
Indicates if risk resources are ignored.
ignoredRiskResources List<String>
List of ignored risk resources.
ignoredSensitiveResources List<String>
images List<String>
List of images.
kubeCisEnabled Boolean
Performs a Kubernetes CIS benchmark check for the host.
kubernetesControls List<String>
kubernetesControlsAvdIds List<String>
kubernetesControlsNames List<String>
labels List<String>
List of labels.
lastupdate String
linuxCisEnabled Boolean
malwareAction String
maximumScore Number
Value of allowed maximum score.
maximumScoreEnabled Boolean
Indicates if exceeding the maximum score is scanned.
maximumScoreExcludeNoFix Boolean
Indicates that policy should ignore cases that do not have a known fix.
monitoredMalwarePaths List<String>
name Changes to this property will trigger replacement. String
onlyNoneRootUsers Boolean
Indicates if raise a warning for images that should only be run as root.
openshiftHardeningEnabled Boolean
packagesBlackListEnabled Boolean
Indicates if packages blacklist is relevant.
packagesBlackLists List<Property Map>
List of blacklisted images.
packagesWhiteListEnabled Boolean
Indicates if packages whitelist is relevant.
packagesWhiteLists List<Property Map>
List of whitelisted images.
partialResultsImageFail Boolean
permission String
policySettings Property Map
readOnly Boolean
registries List<String>
List of registries.
registry String
requiredLabels List<Property Map>
requiredLabelsEnabled Boolean
scanMalwareInArchives Boolean
scanNfsMounts Boolean
scanProcessMemory Boolean
scanSensitiveData Boolean
Indicates if scan should include sensitive data in the image.
scanWindowsRegistry Boolean
scapEnabled Boolean
Indicates if scanning should include scap.
scapFiles List<String>
List of SCAP user scripts for checks.
scopes List<Property Map>
trustedBaseImages List<Property Map>
List of trusted images.
trustedBaseImagesEnabled Boolean
Indicates if list of trusted base images is relevant.
vulnerabilityExploitability Boolean
vulnerabilityScoreRanges List<Number>
whitelistedLicenses List<String>
List of whitelisted licenses.
whitelistedLicensesEnabled Boolean
Indicates if license blacklist is relevant.
windowsCisEnabled Boolean
Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).

Outputs

All input properties are implicitly available as output properties. Additionally, the HostAssurancePolicy resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing HostAssurancePolicy Resource

Get an existing HostAssurancePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: HostAssurancePolicyState, opts?: CustomResourceOptions): HostAssurancePolicy
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        aggregated_vulnerability: Optional[Mapping[str, str]] = None,
        allowed_images: Optional[Sequence[str]] = None,
        application_scopes: Optional[Sequence[str]] = None,
        assurance_type: Optional[str] = None,
        audit_on_failure: Optional[bool] = None,
        author: Optional[str] = None,
        auto_scan_configured: Optional[bool] = None,
        auto_scan_enabled: Optional[bool] = None,
        auto_scan_times: Optional[Sequence[HostAssurancePolicyAutoScanTimeArgs]] = None,
        blacklist_permissions: Optional[Sequence[str]] = None,
        blacklist_permissions_enabled: Optional[bool] = None,
        blacklisted_licenses: Optional[Sequence[str]] = None,
        blacklisted_licenses_enabled: Optional[bool] = None,
        block_failed: Optional[bool] = None,
        control_exclude_no_fix: Optional[bool] = None,
        custom_checks: Optional[Sequence[HostAssurancePolicyCustomCheckArgs]] = None,
        custom_checks_enabled: Optional[bool] = None,
        custom_severity: Optional[str] = None,
        custom_severity_enabled: Optional[bool] = None,
        cves_black_list_enabled: Optional[bool] = None,
        cves_black_lists: Optional[Sequence[str]] = None,
        cves_white_list_enabled: Optional[bool] = None,
        cves_white_lists: Optional[Sequence[str]] = None,
        cvss_severity: Optional[str] = None,
        cvss_severity_enabled: Optional[bool] = None,
        cvss_severity_exclude_no_fix: Optional[bool] = None,
        description: Optional[str] = None,
        disallow_exploit_types: Optional[Sequence[str]] = None,
        disallow_malware: Optional[bool] = None,
        docker_cis_enabled: Optional[bool] = None,
        domain: Optional[str] = None,
        domain_name: Optional[str] = None,
        dta_enabled: Optional[bool] = None,
        dta_severity: Optional[str] = None,
        enabled: Optional[bool] = None,
        enforce: Optional[bool] = None,
        enforce_after_days: Optional[int] = None,
        enforce_excessive_permissions: Optional[bool] = None,
        exceptional_monitored_malware_paths: Optional[Sequence[str]] = None,
        exclude_application_scopes: Optional[Sequence[str]] = None,
        fail_cicd: Optional[bool] = None,
        forbidden_labels: Optional[Sequence[HostAssurancePolicyForbiddenLabelArgs]] = None,
        forbidden_labels_enabled: Optional[bool] = None,
        force_microenforcer: Optional[bool] = None,
        function_integrity_enabled: Optional[bool] = None,
        ignore_base_image_vln: Optional[bool] = None,
        ignore_recently_published_vln: Optional[bool] = None,
        ignore_recently_published_vln_period: Optional[int] = None,
        ignore_risk_resources_enabled: Optional[bool] = None,
        ignored_risk_resources: Optional[Sequence[str]] = None,
        ignored_sensitive_resources: Optional[Sequence[str]] = None,
        images: Optional[Sequence[str]] = None,
        kube_cis_enabled: Optional[bool] = None,
        kubernetes_controls: Optional[Sequence[str]] = None,
        kubernetes_controls_avd_ids: Optional[Sequence[str]] = None,
        kubernetes_controls_names: Optional[Sequence[str]] = None,
        labels: Optional[Sequence[str]] = None,
        lastupdate: Optional[str] = None,
        linux_cis_enabled: Optional[bool] = None,
        malware_action: Optional[str] = None,
        maximum_score: Optional[float] = None,
        maximum_score_enabled: Optional[bool] = None,
        maximum_score_exclude_no_fix: Optional[bool] = None,
        monitored_malware_paths: Optional[Sequence[str]] = None,
        name: Optional[str] = None,
        only_none_root_users: Optional[bool] = None,
        openshift_hardening_enabled: Optional[bool] = None,
        packages_black_list_enabled: Optional[bool] = None,
        packages_black_lists: Optional[Sequence[HostAssurancePolicyPackagesBlackListArgs]] = None,
        packages_white_list_enabled: Optional[bool] = None,
        packages_white_lists: Optional[Sequence[HostAssurancePolicyPackagesWhiteListArgs]] = None,
        partial_results_image_fail: Optional[bool] = None,
        permission: Optional[str] = None,
        policy_settings: Optional[HostAssurancePolicyPolicySettingsArgs] = None,
        read_only: Optional[bool] = None,
        registries: Optional[Sequence[str]] = None,
        registry: Optional[str] = None,
        required_labels: Optional[Sequence[HostAssurancePolicyRequiredLabelArgs]] = None,
        required_labels_enabled: Optional[bool] = None,
        scan_malware_in_archives: Optional[bool] = None,
        scan_nfs_mounts: Optional[bool] = None,
        scan_process_memory: Optional[bool] = None,
        scan_sensitive_data: Optional[bool] = None,
        scan_windows_registry: Optional[bool] = None,
        scap_enabled: Optional[bool] = None,
        scap_files: Optional[Sequence[str]] = None,
        scopes: Optional[Sequence[HostAssurancePolicyScopeArgs]] = None,
        trusted_base_images: Optional[Sequence[HostAssurancePolicyTrustedBaseImageArgs]] = None,
        trusted_base_images_enabled: Optional[bool] = None,
        vulnerability_exploitability: Optional[bool] = None,
        vulnerability_score_ranges: Optional[Sequence[int]] = None,
        whitelisted_licenses: Optional[Sequence[str]] = None,
        whitelisted_licenses_enabled: Optional[bool] = None,
        windows_cis_enabled: Optional[bool] = None) -> HostAssurancePolicy
func GetHostAssurancePolicy(ctx *Context, name string, id IDInput, state *HostAssurancePolicyState, opts ...ResourceOption) (*HostAssurancePolicy, error)
public static HostAssurancePolicy Get(string name, Input<string> id, HostAssurancePolicyState? state, CustomResourceOptions? opts = null)
public static HostAssurancePolicy get(String name, Output<String> id, HostAssurancePolicyState state, CustomResourceOptions options)
resources:  _:    type: aquasec:HostAssurancePolicy    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AggregatedVulnerability Dictionary<string, string>
Aggregated vulnerability information.
AllowedImages List<string>
List of explicitly allowed images.
ApplicationScopes List<string>
AssuranceType string
What type of assurance policy is described.
AuditOnFailure bool
Indicates if auditing for failures.
Author string
Name of user account that created the policy.
AutoScanConfigured bool
AutoScanEnabled bool
AutoScanTimes List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyAutoScanTime>
BlacklistPermissions List<string>
List of function's forbidden permissions.
BlacklistPermissionsEnabled bool
Indicates if blacklist permissions is relevant.
BlacklistedLicenses List<string>
List of blacklisted licenses.
BlacklistedLicensesEnabled bool
Indicates if license blacklist is relevant.
BlockFailed bool
Indicates if failed images are blocked.
ControlExcludeNoFix bool
CustomChecks List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyCustomCheck>
List of Custom user scripts for checks.
CustomChecksEnabled bool
Indicates if scanning should include custom checks.
CustomSeverity string
CustomSeverityEnabled bool
CvesBlackListEnabled bool
Indicates if CVEs blacklist is relevant.
CvesBlackLists List<string>
List of CVEs blacklisted items.
CvesWhiteListEnabled bool
Indicates if CVEs whitelist is relevant.
CvesWhiteLists List<string>
List of cves whitelisted licenses
CvssSeverity string
Identifier of the cvss severity.
CvssSeverityEnabled bool
Indicates if the cvss severity is scanned.
CvssSeverityExcludeNoFix bool
Indicates that policy should ignore cvss cases that do not have a known fix.
Description string
DisallowExploitTypes List<string>
DisallowMalware bool
Indicates if malware should block the image.
DockerCisEnabled bool
Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
Domain string
Name of the container image.
DomainName string
DtaEnabled bool
DtaSeverity string
Enabled bool
Enforce bool
EnforceAfterDays int
EnforceExcessivePermissions bool
ExceptionalMonitoredMalwarePaths List<string>
ExcludeApplicationScopes List<string>
FailCicd bool
Indicates if cicd failures will fail the image.
ForbiddenLabels List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyForbiddenLabel>
ForbiddenLabelsEnabled bool
ForceMicroenforcer bool
FunctionIntegrityEnabled bool
IgnoreBaseImageVln bool
IgnoreRecentlyPublishedVln bool
IgnoreRecentlyPublishedVlnPeriod int
IgnoreRiskResourcesEnabled bool
Indicates if risk resources are ignored.
IgnoredRiskResources List<string>
List of ignored risk resources.
IgnoredSensitiveResources List<string>
Images List<string>
List of images.
KubeCisEnabled bool
Performs a Kubernetes CIS benchmark check for the host.
KubernetesControls List<string>
KubernetesControlsAvdIds List<string>
KubernetesControlsNames List<string>
Labels List<string>
List of labels.
Lastupdate string
LinuxCisEnabled bool
MalwareAction string
MaximumScore double
Value of allowed maximum score.
MaximumScoreEnabled bool
Indicates if exceeding the maximum score is scanned.
MaximumScoreExcludeNoFix bool
Indicates that policy should ignore cases that do not have a known fix.
MonitoredMalwarePaths List<string>
Name Changes to this property will trigger replacement. string
OnlyNoneRootUsers bool
Indicates if raise a warning for images that should only be run as root.
OpenshiftHardeningEnabled bool
PackagesBlackListEnabled bool
Indicates if packages blacklist is relevant.
PackagesBlackLists List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyPackagesBlackList>
List of blacklisted images.
PackagesWhiteListEnabled bool
Indicates if packages whitelist is relevant.
PackagesWhiteLists List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyPackagesWhiteList>
List of whitelisted images.
PartialResultsImageFail bool
Permission string
PolicySettings Pulumiverse.Aquasec.Inputs.HostAssurancePolicyPolicySettings
ReadOnly bool
Registries List<string>
List of registries.
Registry string
RequiredLabels List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyRequiredLabel>
RequiredLabelsEnabled bool
ScanMalwareInArchives bool
ScanNfsMounts bool
ScanProcessMemory bool
ScanSensitiveData bool
Indicates if scan should include sensitive data in the image.
ScanWindowsRegistry bool
ScapEnabled bool
Indicates if scanning should include scap.
ScapFiles List<string>
List of SCAP user scripts for checks.
Scopes List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyScope>
TrustedBaseImages List<Pulumiverse.Aquasec.Inputs.HostAssurancePolicyTrustedBaseImage>
List of trusted images.
TrustedBaseImagesEnabled bool
Indicates if list of trusted base images is relevant.
VulnerabilityExploitability bool
VulnerabilityScoreRanges List<int>
WhitelistedLicenses List<string>
List of whitelisted licenses.
WhitelistedLicensesEnabled bool
Indicates if license blacklist is relevant.
WindowsCisEnabled bool
Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).
AggregatedVulnerability map[string]string
Aggregated vulnerability information.
AllowedImages []string
List of explicitly allowed images.
ApplicationScopes []string
AssuranceType string
What type of assurance policy is described.
AuditOnFailure bool
Indicates if auditing for failures.
Author string
Name of user account that created the policy.
AutoScanConfigured bool
AutoScanEnabled bool
AutoScanTimes []HostAssurancePolicyAutoScanTimeArgs
BlacklistPermissions []string
List of function's forbidden permissions.
BlacklistPermissionsEnabled bool
Indicates if blacklist permissions is relevant.
BlacklistedLicenses []string
List of blacklisted licenses.
BlacklistedLicensesEnabled bool
Indicates if license blacklist is relevant.
BlockFailed bool
Indicates if failed images are blocked.
ControlExcludeNoFix bool
CustomChecks []HostAssurancePolicyCustomCheckArgs
List of Custom user scripts for checks.
CustomChecksEnabled bool
Indicates if scanning should include custom checks.
CustomSeverity string
CustomSeverityEnabled bool
CvesBlackListEnabled bool
Indicates if CVEs blacklist is relevant.
CvesBlackLists []string
List of CVEs blacklisted items.
CvesWhiteListEnabled bool
Indicates if CVEs whitelist is relevant.
CvesWhiteLists []string
List of cves whitelisted licenses
CvssSeverity string
Identifier of the cvss severity.
CvssSeverityEnabled bool
Indicates if the cvss severity is scanned.
CvssSeverityExcludeNoFix bool
Indicates that policy should ignore cvss cases that do not have a known fix.
Description string
DisallowExploitTypes []string
DisallowMalware bool
Indicates if malware should block the image.
DockerCisEnabled bool
Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
Domain string
Name of the container image.
DomainName string
DtaEnabled bool
DtaSeverity string
Enabled bool
Enforce bool
EnforceAfterDays int
EnforceExcessivePermissions bool
ExceptionalMonitoredMalwarePaths []string
ExcludeApplicationScopes []string
FailCicd bool
Indicates if cicd failures will fail the image.
ForbiddenLabels []HostAssurancePolicyForbiddenLabelArgs
ForbiddenLabelsEnabled bool
ForceMicroenforcer bool
FunctionIntegrityEnabled bool
IgnoreBaseImageVln bool
IgnoreRecentlyPublishedVln bool
IgnoreRecentlyPublishedVlnPeriod int
IgnoreRiskResourcesEnabled bool
Indicates if risk resources are ignored.
IgnoredRiskResources []string
List of ignored risk resources.
IgnoredSensitiveResources []string
Images []string
List of images.
KubeCisEnabled bool
Performs a Kubernetes CIS benchmark check for the host.
KubernetesControls []string
KubernetesControlsAvdIds []string
KubernetesControlsNames []string
Labels []string
List of labels.
Lastupdate string
LinuxCisEnabled bool
MalwareAction string
MaximumScore float64
Value of allowed maximum score.
MaximumScoreEnabled bool
Indicates if exceeding the maximum score is scanned.
MaximumScoreExcludeNoFix bool
Indicates that policy should ignore cases that do not have a known fix.
MonitoredMalwarePaths []string
Name Changes to this property will trigger replacement. string
OnlyNoneRootUsers bool
Indicates if raise a warning for images that should only be run as root.
OpenshiftHardeningEnabled bool
PackagesBlackListEnabled bool
Indicates if packages blacklist is relevant.
PackagesBlackLists []HostAssurancePolicyPackagesBlackListArgs
List of blacklisted images.
PackagesWhiteListEnabled bool
Indicates if packages whitelist is relevant.
PackagesWhiteLists []HostAssurancePolicyPackagesWhiteListArgs
List of whitelisted images.
PartialResultsImageFail bool
Permission string
PolicySettings HostAssurancePolicyPolicySettingsArgs
ReadOnly bool
Registries []string
List of registries.
Registry string
RequiredLabels []HostAssurancePolicyRequiredLabelArgs
RequiredLabelsEnabled bool
ScanMalwareInArchives bool
ScanNfsMounts bool
ScanProcessMemory bool
ScanSensitiveData bool
Indicates if scan should include sensitive data in the image.
ScanWindowsRegistry bool
ScapEnabled bool
Indicates if scanning should include scap.
ScapFiles []string
List of SCAP user scripts for checks.
Scopes []HostAssurancePolicyScopeArgs
TrustedBaseImages []HostAssurancePolicyTrustedBaseImageArgs
List of trusted images.
TrustedBaseImagesEnabled bool
Indicates if list of trusted base images is relevant.
VulnerabilityExploitability bool
VulnerabilityScoreRanges []int
WhitelistedLicenses []string
List of whitelisted licenses.
WhitelistedLicensesEnabled bool
Indicates if license blacklist is relevant.
WindowsCisEnabled bool
Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).
aggregatedVulnerability Map<String,String>
Aggregated vulnerability information.
allowedImages List<String>
List of explicitly allowed images.
applicationScopes List<String>
assuranceType String
What type of assurance policy is described.
auditOnFailure Boolean
Indicates if auditing for failures.
author String
Name of user account that created the policy.
autoScanConfigured Boolean
autoScanEnabled Boolean
autoScanTimes List<HostAssurancePolicyAutoScanTime>
blacklistPermissions List<String>
List of function's forbidden permissions.
blacklistPermissionsEnabled Boolean
Indicates if blacklist permissions is relevant.
blacklistedLicenses List<String>
List of blacklisted licenses.
blacklistedLicensesEnabled Boolean
Indicates if license blacklist is relevant.
blockFailed Boolean
Indicates if failed images are blocked.
controlExcludeNoFix Boolean
customChecks List<HostAssurancePolicyCustomCheck>
List of Custom user scripts for checks.
customChecksEnabled Boolean
Indicates if scanning should include custom checks.
customSeverity String
customSeverityEnabled Boolean
cvesBlackListEnabled Boolean
Indicates if CVEs blacklist is relevant.
cvesBlackLists List<String>
List of CVEs blacklisted items.
cvesWhiteListEnabled Boolean
Indicates if CVEs whitelist is relevant.
cvesWhiteLists List<String>
List of cves whitelisted licenses
cvssSeverity String
Identifier of the cvss severity.
cvssSeverityEnabled Boolean
Indicates if the cvss severity is scanned.
cvssSeverityExcludeNoFix Boolean
Indicates that policy should ignore cvss cases that do not have a known fix.
description String
disallowExploitTypes List<String>
disallowMalware Boolean
Indicates if malware should block the image.
dockerCisEnabled Boolean
Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain String
Name of the container image.
domainName String
dtaEnabled Boolean
dtaSeverity String
enabled Boolean
enforce Boolean
enforceAfterDays Integer
enforceExcessivePermissions Boolean
exceptionalMonitoredMalwarePaths List<String>
excludeApplicationScopes List<String>
failCicd Boolean
Indicates if cicd failures will fail the image.
forbiddenLabels List<HostAssurancePolicyForbiddenLabel>
forbiddenLabelsEnabled Boolean
forceMicroenforcer Boolean
functionIntegrityEnabled Boolean
ignoreBaseImageVln Boolean
ignoreRecentlyPublishedVln Boolean
ignoreRecentlyPublishedVlnPeriod Integer
ignoreRiskResourcesEnabled Boolean
Indicates if risk resources are ignored.
ignoredRiskResources List<String>
List of ignored risk resources.
ignoredSensitiveResources List<String>
images List<String>
List of images.
kubeCisEnabled Boolean
Performs a Kubernetes CIS benchmark check for the host.
kubernetesControls List<String>
kubernetesControlsAvdIds List<String>
kubernetesControlsNames List<String>
labels List<String>
List of labels.
lastupdate String
linuxCisEnabled Boolean
malwareAction String
maximumScore Double
Value of allowed maximum score.
maximumScoreEnabled Boolean
Indicates if exceeding the maximum score is scanned.
maximumScoreExcludeNoFix Boolean
Indicates that policy should ignore cases that do not have a known fix.
monitoredMalwarePaths List<String>
name Changes to this property will trigger replacement. String
onlyNoneRootUsers Boolean
Indicates if raise a warning for images that should only be run as root.
openshiftHardeningEnabled Boolean
packagesBlackListEnabled Boolean
Indicates if packages blacklist is relevant.
packagesBlackLists List<HostAssurancePolicyPackagesBlackList>
List of blacklisted images.
packagesWhiteListEnabled Boolean
Indicates if packages whitelist is relevant.
packagesWhiteLists List<HostAssurancePolicyPackagesWhiteList>
List of whitelisted images.
partialResultsImageFail Boolean
permission String
policySettings HostAssurancePolicyPolicySettings
readOnly Boolean
registries List<String>
List of registries.
registry String
requiredLabels List<HostAssurancePolicyRequiredLabel>
requiredLabelsEnabled Boolean
scanMalwareInArchives Boolean
scanNfsMounts Boolean
scanProcessMemory Boolean
scanSensitiveData Boolean
Indicates if scan should include sensitive data in the image.
scanWindowsRegistry Boolean
scapEnabled Boolean
Indicates if scanning should include scap.
scapFiles List<String>
List of SCAP user scripts for checks.
scopes List<HostAssurancePolicyScope>
trustedBaseImages List<HostAssurancePolicyTrustedBaseImage>
List of trusted images.
trustedBaseImagesEnabled Boolean
Indicates if list of trusted base images is relevant.
vulnerabilityExploitability Boolean
vulnerabilityScoreRanges List<Integer>
whitelistedLicenses List<String>
List of whitelisted licenses.
whitelistedLicensesEnabled Boolean
Indicates if license blacklist is relevant.
windowsCisEnabled Boolean
Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).
aggregatedVulnerability {[key: string]: string}
Aggregated vulnerability information.
allowedImages string[]
List of explicitly allowed images.
applicationScopes string[]
assuranceType string
What type of assurance policy is described.
auditOnFailure boolean
Indicates if auditing for failures.
author string
Name of user account that created the policy.
autoScanConfigured boolean
autoScanEnabled boolean
autoScanTimes HostAssurancePolicyAutoScanTime[]
blacklistPermissions string[]
List of function's forbidden permissions.
blacklistPermissionsEnabled boolean
Indicates if blacklist permissions is relevant.
blacklistedLicenses string[]
List of blacklisted licenses.
blacklistedLicensesEnabled boolean
Indicates if license blacklist is relevant.
blockFailed boolean
Indicates if failed images are blocked.
controlExcludeNoFix boolean
customChecks HostAssurancePolicyCustomCheck[]
List of Custom user scripts for checks.
customChecksEnabled boolean
Indicates if scanning should include custom checks.
customSeverity string
customSeverityEnabled boolean
cvesBlackListEnabled boolean
Indicates if CVEs blacklist is relevant.
cvesBlackLists string[]
List of CVEs blacklisted items.
cvesWhiteListEnabled boolean
Indicates if CVEs whitelist is relevant.
cvesWhiteLists string[]
List of cves whitelisted licenses
cvssSeverity string
Identifier of the cvss severity.
cvssSeverityEnabled boolean
Indicates if the cvss severity is scanned.
cvssSeverityExcludeNoFix boolean
Indicates that policy should ignore cvss cases that do not have a known fix.
description string
disallowExploitTypes string[]
disallowMalware boolean
Indicates if malware should block the image.
dockerCisEnabled boolean
Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain string
Name of the container image.
domainName string
dtaEnabled boolean
dtaSeverity string
enabled boolean
enforce boolean
enforceAfterDays number
enforceExcessivePermissions boolean
exceptionalMonitoredMalwarePaths string[]
excludeApplicationScopes string[]
failCicd boolean
Indicates if cicd failures will fail the image.
forbiddenLabels HostAssurancePolicyForbiddenLabel[]
forbiddenLabelsEnabled boolean
forceMicroenforcer boolean
functionIntegrityEnabled boolean
ignoreBaseImageVln boolean
ignoreRecentlyPublishedVln boolean
ignoreRecentlyPublishedVlnPeriod number
ignoreRiskResourcesEnabled boolean
Indicates if risk resources are ignored.
ignoredRiskResources string[]
List of ignored risk resources.
ignoredSensitiveResources string[]
images string[]
List of images.
kubeCisEnabled boolean
Performs a Kubernetes CIS benchmark check for the host.
kubernetesControls string[]
kubernetesControlsAvdIds string[]
kubernetesControlsNames string[]
labels string[]
List of labels.
lastupdate string
linuxCisEnabled boolean
malwareAction string
maximumScore number
Value of allowed maximum score.
maximumScoreEnabled boolean
Indicates if exceeding the maximum score is scanned.
maximumScoreExcludeNoFix boolean
Indicates that policy should ignore cases that do not have a known fix.
monitoredMalwarePaths string[]
name Changes to this property will trigger replacement. string
onlyNoneRootUsers boolean
Indicates if raise a warning for images that should only be run as root.
openshiftHardeningEnabled boolean
packagesBlackListEnabled boolean
Indicates if packages blacklist is relevant.
packagesBlackLists HostAssurancePolicyPackagesBlackList[]
List of blacklisted images.
packagesWhiteListEnabled boolean
Indicates if packages whitelist is relevant.
packagesWhiteLists HostAssurancePolicyPackagesWhiteList[]
List of whitelisted images.
partialResultsImageFail boolean
permission string
policySettings HostAssurancePolicyPolicySettings
readOnly boolean
registries string[]
List of registries.
registry string
requiredLabels HostAssurancePolicyRequiredLabel[]
requiredLabelsEnabled boolean
scanMalwareInArchives boolean
scanNfsMounts boolean
scanProcessMemory boolean
scanSensitiveData boolean
Indicates if scan should include sensitive data in the image.
scanWindowsRegistry boolean
scapEnabled boolean
Indicates if scanning should include scap.
scapFiles string[]
List of SCAP user scripts for checks.
scopes HostAssurancePolicyScope[]
trustedBaseImages HostAssurancePolicyTrustedBaseImage[]
List of trusted images.
trustedBaseImagesEnabled boolean
Indicates if list of trusted base images is relevant.
vulnerabilityExploitability boolean
vulnerabilityScoreRanges number[]
whitelistedLicenses string[]
List of whitelisted licenses.
whitelistedLicensesEnabled boolean
Indicates if license blacklist is relevant.
windowsCisEnabled boolean
Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).
aggregated_vulnerability Mapping[str, str]
Aggregated vulnerability information.
allowed_images Sequence[str]
List of explicitly allowed images.
application_scopes Sequence[str]
assurance_type str
What type of assurance policy is described.
audit_on_failure bool
Indicates if auditing for failures.
author str
Name of user account that created the policy.
auto_scan_configured bool
auto_scan_enabled bool
auto_scan_times Sequence[HostAssurancePolicyAutoScanTimeArgs]
blacklist_permissions Sequence[str]
List of function's forbidden permissions.
blacklist_permissions_enabled bool
Indicates if blacklist permissions is relevant.
blacklisted_licenses Sequence[str]
List of blacklisted licenses.
blacklisted_licenses_enabled bool
Indicates if license blacklist is relevant.
block_failed bool
Indicates if failed images are blocked.
control_exclude_no_fix bool
custom_checks Sequence[HostAssurancePolicyCustomCheckArgs]
List of Custom user scripts for checks.
custom_checks_enabled bool
Indicates if scanning should include custom checks.
custom_severity str
custom_severity_enabled bool
cves_black_list_enabled bool
Indicates if CVEs blacklist is relevant.
cves_black_lists Sequence[str]
List of CVEs blacklisted items.
cves_white_list_enabled bool
Indicates if CVEs whitelist is relevant.
cves_white_lists Sequence[str]
List of cves whitelisted licenses
cvss_severity str
Identifier of the cvss severity.
cvss_severity_enabled bool
Indicates if the cvss severity is scanned.
cvss_severity_exclude_no_fix bool
Indicates that policy should ignore cvss cases that do not have a known fix.
description str
disallow_exploit_types Sequence[str]
disallow_malware bool
Indicates if malware should block the image.
docker_cis_enabled bool
Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain str
Name of the container image.
domain_name str
dta_enabled bool
dta_severity str
enabled bool
enforce bool
enforce_after_days int
enforce_excessive_permissions bool
exceptional_monitored_malware_paths Sequence[str]
exclude_application_scopes Sequence[str]
fail_cicd bool
Indicates if cicd failures will fail the image.
forbidden_labels Sequence[HostAssurancePolicyForbiddenLabelArgs]
forbidden_labels_enabled bool
force_microenforcer bool
function_integrity_enabled bool
ignore_base_image_vln bool
ignore_recently_published_vln bool
ignore_recently_published_vln_period int
ignore_risk_resources_enabled bool
Indicates if risk resources are ignored.
ignored_risk_resources Sequence[str]
List of ignored risk resources.
ignored_sensitive_resources Sequence[str]
images Sequence[str]
List of images.
kube_cis_enabled bool
Performs a Kubernetes CIS benchmark check for the host.
kubernetes_controls Sequence[str]
kubernetes_controls_avd_ids Sequence[str]
kubernetes_controls_names Sequence[str]
labels Sequence[str]
List of labels.
lastupdate str
linux_cis_enabled bool
malware_action str
maximum_score float
Value of allowed maximum score.
maximum_score_enabled bool
Indicates if exceeding the maximum score is scanned.
maximum_score_exclude_no_fix bool
Indicates that policy should ignore cases that do not have a known fix.
monitored_malware_paths Sequence[str]
name Changes to this property will trigger replacement. str
only_none_root_users bool
Indicates if raise a warning for images that should only be run as root.
openshift_hardening_enabled bool
packages_black_list_enabled bool
Indicates if packages blacklist is relevant.
packages_black_lists Sequence[HostAssurancePolicyPackagesBlackListArgs]
List of blacklisted images.
packages_white_list_enabled bool
Indicates if packages whitelist is relevant.
packages_white_lists Sequence[HostAssurancePolicyPackagesWhiteListArgs]
List of whitelisted images.
partial_results_image_fail bool
permission str
policy_settings HostAssurancePolicyPolicySettingsArgs
read_only bool
registries Sequence[str]
List of registries.
registry str
required_labels Sequence[HostAssurancePolicyRequiredLabelArgs]
required_labels_enabled bool
scan_malware_in_archives bool
scan_nfs_mounts bool
scan_process_memory bool
scan_sensitive_data bool
Indicates if scan should include sensitive data in the image.
scan_windows_registry bool
scap_enabled bool
Indicates if scanning should include scap.
scap_files Sequence[str]
List of SCAP user scripts for checks.
scopes Sequence[HostAssurancePolicyScopeArgs]
trusted_base_images Sequence[HostAssurancePolicyTrustedBaseImageArgs]
List of trusted images.
trusted_base_images_enabled bool
Indicates if list of trusted base images is relevant.
vulnerability_exploitability bool
vulnerability_score_ranges Sequence[int]
whitelisted_licenses Sequence[str]
List of whitelisted licenses.
whitelisted_licenses_enabled bool
Indicates if license blacklist is relevant.
windows_cis_enabled bool
Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).
aggregatedVulnerability Map<String>
Aggregated vulnerability information.
allowedImages List<String>
List of explicitly allowed images.
applicationScopes List<String>
assuranceType String
What type of assurance policy is described.
auditOnFailure Boolean
Indicates if auditing for failures.
author String
Name of user account that created the policy.
autoScanConfigured Boolean
autoScanEnabled Boolean
autoScanTimes List<Property Map>
blacklistPermissions List<String>
List of function's forbidden permissions.
blacklistPermissionsEnabled Boolean
Indicates if blacklist permissions is relevant.
blacklistedLicenses List<String>
List of blacklisted licenses.
blacklistedLicensesEnabled Boolean
Indicates if license blacklist is relevant.
blockFailed Boolean
Indicates if failed images are blocked.
controlExcludeNoFix Boolean
customChecks List<Property Map>
List of Custom user scripts for checks.
customChecksEnabled Boolean
Indicates if scanning should include custom checks.
customSeverity String
customSeverityEnabled Boolean
cvesBlackListEnabled Boolean
Indicates if CVEs blacklist is relevant.
cvesBlackLists List<String>
List of CVEs blacklisted items.
cvesWhiteListEnabled Boolean
Indicates if CVEs whitelist is relevant.
cvesWhiteLists List<String>
List of cves whitelisted licenses
cvssSeverity String
Identifier of the cvss severity.
cvssSeverityEnabled Boolean
Indicates if the cvss severity is scanned.
cvssSeverityExcludeNoFix Boolean
Indicates that policy should ignore cvss cases that do not have a known fix.
description String
disallowExploitTypes List<String>
disallowMalware Boolean
Indicates if malware should block the image.
dockerCisEnabled Boolean
Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
domain String
Name of the container image.
domainName String
dtaEnabled Boolean
dtaSeverity String
enabled Boolean
enforce Boolean
enforceAfterDays Number
enforceExcessivePermissions Boolean
exceptionalMonitoredMalwarePaths List<String>
excludeApplicationScopes List<String>
failCicd Boolean
Indicates if cicd failures will fail the image.
forbiddenLabels List<Property Map>
forbiddenLabelsEnabled Boolean
forceMicroenforcer Boolean
functionIntegrityEnabled Boolean
ignoreBaseImageVln Boolean
ignoreRecentlyPublishedVln Boolean
ignoreRecentlyPublishedVlnPeriod Number
ignoreRiskResourcesEnabled Boolean
Indicates if risk resources are ignored.
ignoredRiskResources List<String>
List of ignored risk resources.
ignoredSensitiveResources List<String>
images List<String>
List of images.
kubeCisEnabled Boolean
Performs a Kubernetes CIS benchmark check for the host.
kubernetesControls List<String>
kubernetesControlsAvdIds List<String>
kubernetesControlsNames List<String>
labels List<String>
List of labels.
lastupdate String
linuxCisEnabled Boolean
malwareAction String
maximumScore Number
Value of allowed maximum score.
maximumScoreEnabled Boolean
Indicates if exceeding the maximum score is scanned.
maximumScoreExcludeNoFix Boolean
Indicates that policy should ignore cases that do not have a known fix.
monitoredMalwarePaths List<String>
name Changes to this property will trigger replacement. String
onlyNoneRootUsers Boolean
Indicates if raise a warning for images that should only be run as root.
openshiftHardeningEnabled Boolean
packagesBlackListEnabled Boolean
Indicates if packages blacklist is relevant.
packagesBlackLists List<Property Map>
List of blacklisted images.
packagesWhiteListEnabled Boolean
Indicates if packages whitelist is relevant.
packagesWhiteLists List<Property Map>
List of whitelisted images.
partialResultsImageFail Boolean
permission String
policySettings Property Map
readOnly Boolean
registries List<String>
List of registries.
registry String
requiredLabels List<Property Map>
requiredLabelsEnabled Boolean
scanMalwareInArchives Boolean
scanNfsMounts Boolean
scanProcessMemory Boolean
scanSensitiveData Boolean
Indicates if scan should include sensitive data in the image.
scanWindowsRegistry Boolean
scapEnabled Boolean
Indicates if scanning should include scap.
scapFiles List<String>
List of SCAP user scripts for checks.
scopes List<Property Map>
trustedBaseImages List<Property Map>
List of trusted images.
trustedBaseImagesEnabled Boolean
Indicates if list of trusted base images is relevant.
vulnerabilityExploitability Boolean
vulnerabilityScoreRanges List<Number>
whitelistedLicenses List<String>
List of whitelisted licenses.
whitelistedLicensesEnabled Boolean
Indicates if license blacklist is relevant.
windowsCisEnabled Boolean
Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).

Supporting Types

HostAssurancePolicyAutoScanTime
, HostAssurancePolicyAutoScanTimeArgs

Iteration int
IterationType string
Time string
WeekDays List<string>
Iteration int
IterationType string
Time string
WeekDays []string
iteration Integer
iterationType String
time String
weekDays List<String>
iteration number
iterationType string
time string
weekDays string[]
iteration int
iteration_type str
time str
week_days Sequence[str]
iteration Number
iterationType String
time String
weekDays List<String>

HostAssurancePolicyCustomCheck
, HostAssurancePolicyCustomCheckArgs

Author string
Name of user account that created the policy.
Description string
Engine string
LastModified int
Name string
Path string
ReadOnly bool
ScriptId string
Severity string
Snippet string
Author string
Name of user account that created the policy.
Description string
Engine string
LastModified int
Name string
Path string
ReadOnly bool
ScriptId string
Severity string
Snippet string
author String
Name of user account that created the policy.
description String
engine String
lastModified Integer
name String
path String
readOnly Boolean
scriptId String
severity String
snippet String
author string
Name of user account that created the policy.
description string
engine string
lastModified number
name string
path string
readOnly boolean
scriptId string
severity string
snippet string
author str
Name of user account that created the policy.
description str
engine str
last_modified int
name str
path str
read_only bool
script_id str
severity str
snippet str
author String
Name of user account that created the policy.
description String
engine String
lastModified Number
name String
path String
readOnly Boolean
scriptId String
severity String
snippet String

HostAssurancePolicyForbiddenLabel
, HostAssurancePolicyForbiddenLabelArgs

Key string
Value string
Key string
Value string
key String
value String
key string
value string
key str
value str
key String
value String

HostAssurancePolicyPackagesBlackList
, HostAssurancePolicyPackagesBlackListArgs

Arch string
Display string
Epoch string
Format string
License string
Name string
Release string
Version string
VersionRange string
Arch string
Display string
Epoch string
Format string
License string
Name string
Release string
Version string
VersionRange string
arch String
display String
epoch String
format String
license String
name String
release String
version String
versionRange String
arch string
display string
epoch string
format string
license string
name string
release string
version string
versionRange string
arch String
display String
epoch String
format String
license String
name String
release String
version String
versionRange String

HostAssurancePolicyPackagesWhiteList
, HostAssurancePolicyPackagesWhiteListArgs

Arch string
Display string
Epoch string
Format string
License string
Name string
Release string
Version string
VersionRange string
Arch string
Display string
Epoch string
Format string
License string
Name string
Release string
Version string
VersionRange string
arch String
display String
epoch String
format String
license String
name String
release String
version String
versionRange String
arch string
display string
epoch string
format string
license string
name string
release string
version string
versionRange string
arch String
display String
epoch String
format String
license String
name String
release String
version String
versionRange String

HostAssurancePolicyPolicySettings
, HostAssurancePolicyPolicySettingsArgs

enforce Boolean
isAuditChecked Boolean
warn Boolean
warningMessage String
enforce boolean
isAuditChecked boolean
warn boolean
warningMessage string
enforce Boolean
isAuditChecked Boolean
warn Boolean
warningMessage String

HostAssurancePolicyRequiredLabel
, HostAssurancePolicyRequiredLabelArgs

Key string
Value string
Key string
Value string
key String
value String
key string
value string
key str
value str
key String
value String

HostAssurancePolicyScope
, HostAssurancePolicyScopeArgs

HostAssurancePolicyScopeVariable
, HostAssurancePolicyScopeVariableArgs

Attribute string
Name string
Value string
Attribute string
Name string
Value string
attribute String
name String
value String
attribute string
name string
value string
attribute str
name str
value str
attribute String
name String
value String

HostAssurancePolicyTrustedBaseImage
, HostAssurancePolicyTrustedBaseImageArgs

Imagename string
Registry string
Imagename string
Registry string
imagename String
registry String
imagename string
registry string
imagename String
registry String

Package Details

Repository
aquasec pulumiverse/pulumi-aquasec
License
Apache-2.0
Notes
This Pulumi package is based on the aquasec Terraform Provider.