{ "name": "aquasec", "displayName": "Aquasec", "version": "0.8.29", "description": "A Pulumi package for creating and managing Aquasec cloud resources.", "keywords": [ "pulumi", "aquasec", "category/utility" ], "homepage": "https://www.pulumi.com", "license": "Apache-2.0", "attribution": "This Pulumi package is based on the [`aquasec` Terraform Provider](https://github.com/aquasecurity/terraform-provider-aquasec).", "repository": "https://github.com/pulumiverse/pulumi-aquasec", "pluginDownloadURL": "github://api.github.com/pulumiverse/pulumi-aquasec", "publisher": "Pulumiverse", "meta": { "moduleFormat": "(.*)(?:/[^/]*)" }, "language": { "csharp": { "packageReferences": { "Pulumi": "3.*" }, "compatibility": "tfbridge20", "rootNamespace": "Pulumiverse" }, "go": { "importBasePath": "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec", "generateResourceContainerTypes": true, "generateExtraInputTypes": true }, "java": { "basePackage": "com.pulumiverse", "buildFiles": "", "gradleNexusPublishPluginVersion": "", "gradleTest": "" }, "nodejs": { "packageName": "@pulumiverse/aquasec", "packageDescription": "A Pulumi package for creating and managing Aquasec cloud resources.", "readme": "> This provider is a derived work of the [Terraform Provider](https://github.com/aquasecurity/terraform-provider-aquasec)\n> distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n> first check the [`pulumi-aquasec` repo](https://github.com/pulumiverse/pulumi-aquasec/issues); however, if that doesn't turn up anything,\n> please consult the source [`terraform-provider-aquasec` repo](https://github.com/aquasecurity/terraform-provider-aquasec/issues).", "dependencies": { "@pulumi/pulumi": "^3.0.0" }, "devDependencies": { "@types/mime": "^2.0.0", "@types/node": "^10.0.0" }, "compatibility": "tfbridge20", "disableUnionOutputTypes": true }, "python": { "packageName": "pulumiverse_aquasec", "requires": { "pulumi": ">=3.0.0,<4.0.0" }, "readme": "> This provider is a derived work of the [Terraform Provider](https://github.com/aquasecurity/terraform-provider-aquasec)\n> distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n> first check the [`pulumi-aquasec` repo](https://github.com/pulumiverse/pulumi-aquasec/issues); however, if that doesn't turn up anything,\n> please consult the source [`terraform-provider-aquasec` repo](https://github.com/aquasecurity/terraform-provider-aquasec/issues).", "compatibility": "tfbridge20", "pyproject": {} } }, "config": { "variables": { "aquaUrl": { "type": "string", "description": "This is the base URL of your Aqua instance. Can alternatively be sourced from the `AQUA_URL` environment variable.\n", "defaultInfo": { "environment": [ "AQUA_URL" ] } }, "caCertificatePath": { "type": "string", "description": "This is the file path for server CA certificates if they are not available on the host OS. Can alternatively be sourced\nfrom the `AQUA_CA_CERT_PATH` environment variable.\n", "defaultInfo": { "environment": [ "AQUA_CA_CERT_PATH" ] } }, "configPath": { "type": "string", "description": "This is the file path for Aqua provider configuration. The default configuration path is `~/.aqua/tf.config`. Can\nalternatively be sourced from the `AQUA_CONFIG` environment variable.\n", "defaultInfo": { "environment": [ "AQUA_CONFIG" ] } }, "password": { "type": "string", "description": "This is the password that should be used to make the connection. Can alternatively be sourced from the `AQUA_PASSWORD`\nenvironment variable.\n", "defaultInfo": { "environment": [ "AQUA_PASSWORD" ] }, "secret": true }, "username": { "type": "string", "description": "This is the user id that should be used to make the connection. Can alternatively be sourced from the `AQUA_USER`\nenvironment variable.\n", "defaultInfo": { "environment": [ "AQUA_USER" ] }, "secret": true }, "verifyTls": { "type": "boolean", "description": "If true, server tls certificates will be verified by the client before making a connection. Defaults to true. Can\nalternatively be sourced from the `AQUA_TLS_VERIFY` environment variable.\n", "default": true, "defaultInfo": { "environment": [ "AQUA_TLS_VERIFY" ] } } } }, "types": { "aquasec:index/AcknowledgeIssue:AcknowledgeIssue": { "properties": { "author": { "type": "string", "description": "The user who acknowledged the issue.\n" }, "date": { "type": "string", "description": "The date and time of the acknowledgment.\n" }, "dockerId": { "type": "string" }, "expirationConfiguredAt": { "type": "string", "description": "The current dat and time when the expiration was set\n" }, "expirationConfiguredBy": { "type": "string", "description": "The user who set the expiration of the issue.\n" }, "expirationDays": { "type": "integer", "description": "Number of days until expiration of the acknowledgement. The value must be integer from 1 to 999, inclusive.\n" }, "fixVersion": { "type": "string", "description": "The version of the package that having a fix for the issue.\n" }, "imageName": { "type": "string", "description": "Only acknowledge the issue in the context of the specified image (also requires 'registry_name')\n" }, "issueName": { "type": "string", "description": "The name of the security issue (the CVE or security advisory for vulnerabilities, name of malware or type of sensitive data)\n" }, "issueType": { "type": "string", "description": "The type of the security issue (either 'vulnerability', 'sensitive_data' or 'malware')\n" }, "os": { "type": "string", "description": "When the resource_type is 'package', the operating system is required (e.g., 'ubuntu', 'alpine').\n" }, "osVersion": { "type": "string", "description": "When the resource_type is 'package', the operating system version is required.\n" }, "permission": { "type": "string", "description": "The permissions of the user who acknowledged the issue.\n" }, "registryName": { "type": "string", "description": "Only acknowledge the issue in the context of the specified repository (also requires 'registry_name').\n" }, "resourceCpe": { "type": "string", "description": "The CPE of the resource as listed in the issue by the Aqua API. This is required for resources of type 'executable'. For packages and files, the next parameters can be specified instead.\n" }, "resourceFormat": { "type": "string", "description": "The format of the resource.\n" }, "resourceHash": { "type": "string", "description": "When the resource_type is 'file', the hash of the file is required\n" }, "resourceName": { "type": "string", "description": "When the resource_type is 'package', the name of the package is required.\n" }, "resourcePath": { "type": "string", "description": "The path of the resource. This is required for resources of type 'file' and 'executable'.\n" }, "resourceType": { "type": "string", "description": "The type of the resource where the issue was detected (either 'package', 'file' or 'executable')\n" }, "resourceVersion": { "type": "string", "description": "When the resource_type is 'package', the version of the package is required\n" } }, "type": "object", "required": [ "issueName", "issueType", "resourceType" ], "language": { "nodejs": { "requiredOutputs": [ "author", "date", "expirationConfiguredAt", "expirationConfiguredBy", "issueName", "issueType", "permission", "resourceType" ] } } }, "aquasec:index/ApplicationScopeCategory:ApplicationScopeCategory": { "properties": { "artifacts": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategoryArtifact:ApplicationScopeCategoryArtifact" }, "description": "An artifact is an application. It can be an image (for a container, not a CF application); a serverless function; or a Tanzu Application Service (TAS) droplet.\n" }, "entityScopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategoryEntityScope:ApplicationScopeCategoryEntityScope" } }, "infrastructures": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategoryInfrastructure:ApplicationScopeCategoryInfrastructure" }, "description": "An infrastructure resource is an element of a computing environment on which a workload is orchestrated and run. It can be a host (VM) or a Kubernetes cluster.\n" }, "workloads": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategoryWorkload:ApplicationScopeCategoryWorkload" }, "description": "A workload is a running container. It can run in a Kubernetes cluster, on a VM (no orchestrator), or under Tanzu Application Service (TAS).\n" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "entityScopes" ] } } }, "aquasec:index/ApplicationScopeCategoryArtifact:ApplicationScopeCategoryArtifact": { "properties": { "cfs": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategoryArtifactCf:ApplicationScopeCategoryArtifactCf" } }, "functions": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategoryArtifactFunction:ApplicationScopeCategoryArtifactFunction" }, "description": "Function name\n" }, "images": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategoryArtifactImage:ApplicationScopeCategoryArtifactImage" }, "description": "Name of a registry as defined in Aqua\n" } }, "type": "object" }, "aquasec:index/ApplicationScopeCategoryArtifactCf:ApplicationScopeCategoryArtifactCf": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategoryArtifactCfVariable:ApplicationScopeCategoryArtifactCfVariable" } } }, "type": "object" }, "aquasec:index/ApplicationScopeCategoryArtifactCfVariable:ApplicationScopeCategoryArtifactCfVariable": { "properties": { "attribute": { "type": "string" }, "value": { "type": "string" } }, "type": "object" }, "aquasec:index/ApplicationScopeCategoryArtifactFunction:ApplicationScopeCategoryArtifactFunction": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategoryArtifactFunctionVariable:ApplicationScopeCategoryArtifactFunctionVariable" } } }, "type": "object" }, "aquasec:index/ApplicationScopeCategoryArtifactFunctionVariable:ApplicationScopeCategoryArtifactFunctionVariable": { "properties": { "attribute": { "type": "string" }, "value": { "type": "string" } }, "type": "object" }, "aquasec:index/ApplicationScopeCategoryArtifactImage:ApplicationScopeCategoryArtifactImage": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategoryArtifactImageVariable:ApplicationScopeCategoryArtifactImageVariable" } } }, "type": "object" }, "aquasec:index/ApplicationScopeCategoryArtifactImageVariable:ApplicationScopeCategoryArtifactImageVariable": { "properties": { "attribute": { "type": "string" }, "value": { "type": "string" } }, "type": "object" }, "aquasec:index/ApplicationScopeCategoryEntityScope:ApplicationScopeCategoryEntityScope": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategoryEntityScopeVariable:ApplicationScopeCategoryEntityScopeVariable" } } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "expression", "variables" ] } } }, "aquasec:index/ApplicationScopeCategoryEntityScopeVariable:ApplicationScopeCategoryEntityScopeVariable": { "properties": { "attribute": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "attribute", "value" ] } } }, "aquasec:index/ApplicationScopeCategoryInfrastructure:ApplicationScopeCategoryInfrastructure": { "properties": { "kubernetes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategoryInfrastructureKubernete:ApplicationScopeCategoryInfrastructureKubernete" } }, "os": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategoryInfrastructureO:ApplicationScopeCategoryInfrastructureO" } } }, "type": "object" }, "aquasec:index/ApplicationScopeCategoryInfrastructureKubernete:ApplicationScopeCategoryInfrastructureKubernete": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategoryInfrastructureKuberneteVariable:ApplicationScopeCategoryInfrastructureKuberneteVariable" } } }, "type": "object" }, "aquasec:index/ApplicationScopeCategoryInfrastructureKuberneteVariable:ApplicationScopeCategoryInfrastructureKuberneteVariable": { "properties": { "attribute": { "type": "string" }, "value": { "type": "string" } }, "type": "object" }, "aquasec:index/ApplicationScopeCategoryInfrastructureO:ApplicationScopeCategoryInfrastructureO": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategoryInfrastructureOVariable:ApplicationScopeCategoryInfrastructureOVariable" } } }, "type": "object" }, "aquasec:index/ApplicationScopeCategoryInfrastructureOVariable:ApplicationScopeCategoryInfrastructureOVariable": { "properties": { "attribute": { "type": "string" }, "value": { "type": "string" } }, "type": "object" }, "aquasec:index/ApplicationScopeCategoryWorkload:ApplicationScopeCategoryWorkload": { "properties": { "cfs": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategoryWorkloadCf:ApplicationScopeCategoryWorkloadCf" } }, "kubernetes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategoryWorkloadKubernete:ApplicationScopeCategoryWorkloadKubernete" } }, "os": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategoryWorkloadO:ApplicationScopeCategoryWorkloadO" } } }, "type": "object" }, "aquasec:index/ApplicationScopeCategoryWorkloadCf:ApplicationScopeCategoryWorkloadCf": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategoryWorkloadCfVariable:ApplicationScopeCategoryWorkloadCfVariable" } } }, "type": "object" }, "aquasec:index/ApplicationScopeCategoryWorkloadCfVariable:ApplicationScopeCategoryWorkloadCfVariable": { "properties": { "attribute": { "type": "string" }, "value": { "type": "string" } }, "type": "object" }, "aquasec:index/ApplicationScopeCategoryWorkloadKubernete:ApplicationScopeCategoryWorkloadKubernete": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategoryWorkloadKuberneteVariable:ApplicationScopeCategoryWorkloadKuberneteVariable" } } }, "type": "object" }, "aquasec:index/ApplicationScopeCategoryWorkloadKuberneteVariable:ApplicationScopeCategoryWorkloadKuberneteVariable": { "properties": { "attribute": { "type": "string" }, "value": { "type": "string" } }, "type": "object" }, "aquasec:index/ApplicationScopeCategoryWorkloadO:ApplicationScopeCategoryWorkloadO": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategoryWorkloadOVariable:ApplicationScopeCategoryWorkloadOVariable" } } }, "type": "object" }, "aquasec:index/ApplicationScopeCategoryWorkloadOVariable:ApplicationScopeCategoryWorkloadOVariable": { "properties": { "attribute": { "type": "string" }, "value": { "type": "string" } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyAllowedExecutable:ContainerRuntimePolicyAllowedExecutable": { "properties": { "allowExecutables": { "type": "array", "items": { "type": "string" }, "description": "List of allowed executables.\n" }, "allowRootExecutables": { "type": "array", "items": { "type": "string" }, "description": "List of allowed root executables.\n" }, "enabled": { "type": "boolean", "description": "Whether allowed executables configuration is enabled.\n" }, "separateExecutables": { "type": "boolean", "description": "Whether to treat executables separately.\n" } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyAllowedRegistry:ContainerRuntimePolicyAllowedRegistry": { "properties": { "allowedRegistries": { "type": "array", "items": { "type": "string" }, "description": "List of allowed registries.\n" }, "enabled": { "type": "boolean", "description": "Whether allowed registries are enabled.\n" } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyAuditing:ContainerRuntimePolicyAuditing": { "properties": { "auditAllNetwork": { "type": "boolean" }, "auditAllProcesses": { "type": "boolean" }, "auditFailedLogin": { "type": "boolean" }, "auditOsUserActivity": { "type": "boolean" }, "auditProcessCmdline": { "type": "boolean" }, "auditSuccessLogin": { "type": "boolean" }, "auditUserAccountManagement": { "type": "boolean" }, "enabled": { "type": "boolean" } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyBlacklistedOsUsers:ContainerRuntimePolicyBlacklistedOsUsers": { "properties": { "enabled": { "type": "boolean" }, "groupBlackLists": { "type": "array", "items": { "type": "string" } }, "userBlackLists": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyBypassScope:ContainerRuntimePolicyBypassScope": { "properties": { "enabled": { "type": "boolean", "description": "Whether bypassing the scope is enabled.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyBypassScopeScope:ContainerRuntimePolicyBypassScopeScope" }, "description": "Scope configuration.\n" } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyBypassScopeScope:ContainerRuntimePolicyBypassScopeScope": { "properties": { "expression": { "type": "string", "description": "Scope expression.\n" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyBypassScopeScopeVariable:ContainerRuntimePolicyBypassScopeScopeVariable" }, "description": "List of variables in the scope.\n" } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyBypassScopeScopeVariable:ContainerRuntimePolicyBypassScopeScopeVariable": { "properties": { "attribute": { "type": "string", "description": "Variable attribute.\n" }, "value": { "type": "string", "description": "Variable value.\n" } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyContainerExec:ContainerRuntimePolicyContainerExec": { "properties": { "blockContainerExec": { "type": "boolean" }, "containerExecProcWhiteLists": { "type": "array", "items": { "type": "string" } }, "enabled": { "type": "boolean" }, "reverseShellIpWhiteLists": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyDriftPrevention:ContainerRuntimePolicyDriftPrevention": { "properties": { "enabled": { "type": "boolean", "description": "Whether drift prevention is enabled.\n" }, "execLockdown": { "type": "boolean", "description": "Whether to lockdown execution drift.\n" }, "execLockdownWhiteLists": { "type": "array", "items": { "type": "string" }, "description": "List of items in the execution lockdown white list.\n" }, "imageLockdown": { "type": "boolean", "description": "Whether to lockdown image drift.\n" } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyExecutableBlacklist:ContainerRuntimePolicyExecutableBlacklist": { "properties": { "enabled": { "type": "boolean", "description": "Whether the executable blacklist is enabled.\n" }, "executables": { "type": "array", "items": { "type": "string" }, "description": "List of blacklisted executables.\n" } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyFailedKubernetesChecks:ContainerRuntimePolicyFailedKubernetesChecks": { "properties": { "enabled": { "type": "boolean" }, "failedChecks": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyFileBlock:ContainerRuntimePolicyFileBlock": { "properties": { "blockFilesProcesses": { "type": "array", "items": { "type": "string" } }, "blockFilesUsers": { "type": "array", "items": { "type": "string" } }, "enabled": { "type": "boolean" }, "exceptionalBlockFiles": { "type": "array", "items": { "type": "string" } }, "exceptionalBlockFilesProcesses": { "type": "array", "items": { "type": "string" } }, "exceptionalBlockFilesUsers": { "type": "array", "items": { "type": "string" } }, "filenameBlockLists": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyFileIntegrityMonitoring:ContainerRuntimePolicyFileIntegrityMonitoring": { "properties": { "enabled": { "type": "boolean", "description": "If true, file integrity monitoring is enabled.\n" }, "exceptionalMonitoredFiles": { "type": "array", "items": { "type": "string" }, "description": "List of paths to be excluded from monitoring.\n" }, "exceptionalMonitoredFilesProcesses": { "type": "array", "items": { "type": "string" }, "description": "List of processes to be excluded from monitoring.\n" }, "exceptionalMonitoredFilesUsers": { "type": "array", "items": { "type": "string" }, "description": "List of users to be excluded from monitoring.\n" }, "monitoredFiles": { "type": "array", "items": { "type": "string" }, "description": "List of paths to be monitored.\n" }, "monitoredFilesAttributes": { "type": "boolean", "description": "Whether to monitor file attribute operations.\n" }, "monitoredFilesCreate": { "type": "boolean", "description": "Whether to monitor file create operations.\n" }, "monitoredFilesDelete": { "type": "boolean", "description": "Whether to monitor file delete operations.\n" }, "monitoredFilesModify": { "type": "boolean", "description": "Whether to monitor file modify operations.\n" }, "monitoredFilesProcesses": { "type": "array", "items": { "type": "string" }, "description": "List of processes associated with monitored files.\n" }, "monitoredFilesRead": { "type": "boolean", "description": "Whether to monitor file read operations.\n" }, "monitoredFilesUsers": { "type": "array", "items": { "type": "string" }, "description": "List of users associated with monitored files.\n" } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyLimitContainerPrivilege:ContainerRuntimePolicyLimitContainerPrivilege": { "properties": { "blockAddCapabilities": { "type": "boolean", "description": "Whether to block adding capabilities.\n" }, "enabled": { "type": "boolean", "description": "Whether container privilege limitations are enabled.\n" }, "ipcmode": { "type": "boolean", "description": "Whether to limit IPC-related capabilities.\n" }, "netmode": { "type": "boolean", "description": "Whether to limit network-related capabilities.\n" }, "pidmode": { "type": "boolean", "description": "Whether to limit process-related capabilities.\n" }, "preventLowPortBinding": { "type": "boolean", "description": "Whether to prevent low port binding.\n" }, "preventRootUser": { "type": "boolean", "description": "Whether to prevent the use of the root user.\n" }, "privileged": { "type": "boolean", "description": "Whether the container is run in privileged mode.\n" }, "useHostUser": { "type": "boolean", "description": "Whether to use the host user.\n" }, "usermode": { "type": "boolean", "description": "Whether to limit user-related capabilities.\n" }, "utsmode": { "type": "boolean", "description": "Whether to limit UTS-related capabilities.\n" } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyLinuxCapabilities:ContainerRuntimePolicyLinuxCapabilities": { "properties": { "enabled": { "type": "boolean" }, "removeLinuxCapabilities": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyMalwareScanOptions:ContainerRuntimePolicyMalwareScanOptions": { "properties": { "action": { "type": "string", "description": "Set Action, Defaults to 'Alert' when empty\n" }, "enabled": { "type": "boolean", "description": "Defines if enabled or not\n" }, "excludeDirectories": { "type": "array", "items": { "type": "string" }, "description": "List of registry paths to be excluded from being protected.\n" }, "excludeProcesses": { "type": "array", "items": { "type": "string" }, "description": "List of registry processes to be excluded from being protected.\n" }, "includeDirectories": { "type": "array", "items": { "type": "string" }, "description": "List of registry paths to be excluded from being protected.\n" } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyPackageBlock:ContainerRuntimePolicyPackageBlock": { "properties": { "blockPackagesProcesses": { "type": "array", "items": { "type": "string" } }, "blockPackagesUsers": { "type": "array", "items": { "type": "string" } }, "enabled": { "type": "boolean" }, "exceptionalBlockPackagesFiles": { "type": "array", "items": { "type": "string" } }, "exceptionalBlockPackagesProcesses": { "type": "array", "items": { "type": "string" } }, "exceptionalBlockPackagesUsers": { "type": "array", "items": { "type": "string" } }, "packagesBlackLists": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyPortBlock:ContainerRuntimePolicyPortBlock": { "properties": { "blockInboundPorts": { "type": "array", "items": { "type": "string" } }, "blockOutboundPorts": { "type": "array", "items": { "type": "string" } }, "enabled": { "type": "boolean" } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyReadonlyFiles:ContainerRuntimePolicyReadonlyFiles": { "properties": { "enabled": { "type": "boolean" }, "exceptionalReadonlyFiles": { "type": "array", "items": { "type": "string" } }, "exceptionalReadonlyFilesProcesses": { "type": "array", "items": { "type": "string" } }, "exceptionalReadonlyFilesUsers": { "type": "array", "items": { "type": "string" } }, "readonlyFiles": { "type": "array", "items": { "type": "string" } }, "readonlyFilesProcesses": { "type": "array", "items": { "type": "string" } }, "readonlyFilesUsers": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyReadonlyRegistry:ContainerRuntimePolicyReadonlyRegistry": { "properties": { "enabled": { "type": "boolean" }, "exceptionalReadonlyRegistryPaths": { "type": "array", "items": { "type": "string" } }, "exceptionalReadonlyRegistryProcesses": { "type": "array", "items": { "type": "string" } }, "exceptionalReadonlyRegistryUsers": { "type": "array", "items": { "type": "string" } }, "readonlyRegistryPaths": { "type": "array", "items": { "type": "string" } }, "readonlyRegistryProcesses": { "type": "array", "items": { "type": "string" } }, "readonlyRegistryUsers": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyRegistryAccessMonitoring:ContainerRuntimePolicyRegistryAccessMonitoring": { "properties": { "enabled": { "type": "boolean" }, "exceptionalMonitoredRegistryPaths": { "type": "array", "items": { "type": "string" } }, "exceptionalMonitoredRegistryProcesses": { "type": "array", "items": { "type": "string" } }, "exceptionalMonitoredRegistryUsers": { "type": "array", "items": { "type": "string" } }, "monitoredRegistryAttributes": { "type": "boolean" }, "monitoredRegistryCreate": { "type": "boolean" }, "monitoredRegistryDelete": { "type": "boolean" }, "monitoredRegistryModify": { "type": "boolean" }, "monitoredRegistryPaths": { "type": "array", "items": { "type": "string" } }, "monitoredRegistryProcesses": { "type": "array", "items": { "type": "string" } }, "monitoredRegistryRead": { "type": "boolean" }, "monitoredRegistryUsers": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyRestrictedVolume:ContainerRuntimePolicyRestrictedVolume": { "properties": { "enabled": { "type": "boolean", "description": "Whether restricted volumes are enabled.\n" }, "volumes": { "type": "array", "items": { "type": "string" }, "description": "List of restricted volumes.\n" } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyReverseShell:ContainerRuntimePolicyReverseShell": { "properties": { "blockReverseShell": { "type": "boolean" }, "enabled": { "type": "boolean" }, "reverseShellIpWhiteLists": { "type": "array", "items": { "type": "string" } }, "reverseShellProcWhiteLists": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyScope:ContainerRuntimePolicyScope": { "properties": { "expression": { "type": "string", "description": "Scope expression.\n" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyScopeVariable:ContainerRuntimePolicyScopeVariable" }, "description": "List of variables in the scope.\n" } }, "type": "object", "required": [ "expression", "variables" ] }, "aquasec:index/ContainerRuntimePolicyScopeVariable:ContainerRuntimePolicyScopeVariable": { "properties": { "attribute": { "type": "string", "description": "Class of supported scope.\n" }, "name": { "type": "string", "description": "Name assigned to the attribute.\n" }, "value": { "type": "string", "description": "Value assigned to the attribute.\n" } }, "type": "object", "required": [ "attribute", "value" ] }, "aquasec:index/ContainerRuntimePolicySystemIntegrityProtection:ContainerRuntimePolicySystemIntegrityProtection": { "properties": { "auditSystemtimeChange": { "type": "boolean" }, "enabled": { "type": "boolean" }, "monitorAuditLogIntegrity": { "type": "boolean" }, "windowsServicesMonitoring": { "type": "boolean" } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyTripwire:ContainerRuntimePolicyTripwire": { "properties": { "applyOns": { "type": "array", "items": { "type": "string" } }, "enabled": { "type": "boolean" }, "serverlessApp": { "type": "string" }, "userId": { "type": "string" }, "userPassword": { "type": "string" } }, "type": "object" }, "aquasec:index/ContainerRuntimePolicyWhitelistedOsUsers:ContainerRuntimePolicyWhitelistedOsUsers": { "properties": { "enabled": { "type": "boolean" }, "groupWhiteLists": { "type": "array", "items": { "type": "string" } }, "userWhiteLists": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/EnforcerGroupsCommand:EnforcerGroupsCommand": { "properties": { "default": { "type": "string" }, "kubernetes": { "type": "string" }, "swarm": { "type": "string" }, "windows": { "type": "string" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "default", "kubernetes", "swarm", "windows" ] } } }, "aquasec:index/EnforcerGroupsOrchestrator:EnforcerGroupsOrchestrator": { "properties": { "master": { "type": "boolean" }, "namespace": { "type": "string", "description": "May be specified for these orchestrators: Kubernetes, Kubernetes GKE, VMware Tanzu Kubernetes Grid Integrated Edition (PKS).\n" }, "serviceAccount": { "type": "string", "description": "May be specified for these orchestrators: Kubernetes, Kubernetes GKE, OpenShift, VMware Tanzu Kubernetes Grid Integrated Edition (PKS).\n" }, "type": { "type": "string" } }, "type": "object" }, "aquasec:index/FirewallPolicyInboundNetwork:FirewallPolicyInboundNetwork": { "properties": { "allow": { "type": "boolean", "description": "Indicates whether the specified resources are allowed to pass in data or requests.\n" }, "portRange": { "type": "string", "description": "Range of ports affected by firewall.\n" }, "resource": { "type": "string", "description": "Information of the resource.\n" }, "resourceType": { "type": "string", "description": "Type of the resource\n" } }, "type": "object", "required": [ "allow", "portRange", "resourceType" ], "language": { "nodejs": { "requiredOutputs": [ "allow", "portRange", "resource", "resourceType" ] } } }, "aquasec:index/FirewallPolicyOutboundNetwork:FirewallPolicyOutboundNetwork": { "properties": { "allow": { "type": "boolean", "description": "Indicates whether the specified resources are allowed to receive data or requests.\n" }, "portRange": { "type": "string", "description": "Range of ports affected by firewall.\n" }, "resource": { "type": "string", "description": "Information of the resource.\n" }, "resourceType": { "type": "string", "description": "Type of the resource.\n" } }, "type": "object", "required": [ "allow", "portRange", "resourceType" ], "language": { "nodejs": { "requiredOutputs": [ "allow", "portRange", "resource", "resourceType" ] } } }, "aquasec:index/FunctionAssurancePolicyAutoScanTime:FunctionAssurancePolicyAutoScanTime": { "properties": { "iteration": { "type": "integer" }, "iterationType": { "type": "string" }, "time": { "type": "string" }, "weekDays": { "type": "array", "items": { "type": "string" } } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "iteration", "weekDays" ] } } }, "aquasec:index/FunctionAssurancePolicyCustomCheck:FunctionAssurancePolicyCustomCheck": { "properties": { "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "description": { "type": "string" }, "engine": { "type": "string" }, "lastModified": { "type": "integer" }, "name": { "type": "string" }, "path": { "type": "string" }, "readOnly": { "type": "boolean" }, "scriptId": { "type": "string" }, "severity": { "type": "string" }, "snippet": { "type": "string" } }, "type": "object" }, "aquasec:index/FunctionAssurancePolicyForbiddenLabel:FunctionAssurancePolicyForbiddenLabel": { "properties": { "key": { "type": "string" }, "value": { "type": "string" } }, "type": "object" }, "aquasec:index/FunctionAssurancePolicyKubernetesControl:FunctionAssurancePolicyKubernetesControl": { "properties": { "avdId": { "type": "string" }, "description": { "type": "string" }, "enabled": { "type": "boolean" }, "kind": { "type": "string" }, "name": { "type": "string" }, "ootb": { "type": "boolean" }, "scriptId": { "type": "integer" }, "severity": { "type": "string" } }, "type": "object" }, "aquasec:index/FunctionAssurancePolicyPackagesBlackList:FunctionAssurancePolicyPackagesBlackList": { "properties": { "arch": { "type": "string" }, "display": { "type": "string" }, "epoch": { "type": "string" }, "format": { "type": "string" }, "license": { "type": "string" }, "name": { "type": "string" }, "release": { "type": "string" }, "version": { "type": "string" }, "versionRange": { "type": "string" } }, "type": "object" }, "aquasec:index/FunctionAssurancePolicyPackagesWhiteList:FunctionAssurancePolicyPackagesWhiteList": { "properties": { "arch": { "type": "string" }, "display": { "type": "string" }, "epoch": { "type": "string" }, "format": { "type": "string" }, "license": { "type": "string" }, "name": { "type": "string" }, "release": { "type": "string" }, "version": { "type": "string" }, "versionRange": { "type": "string" } }, "type": "object" }, "aquasec:index/FunctionAssurancePolicyPolicySettings:FunctionAssurancePolicyPolicySettings": { "properties": { "enforce": { "type": "boolean" }, "isAuditChecked": { "type": "boolean" }, "warn": { "type": "boolean" }, "warningMessage": { "type": "string" } }, "type": "object" }, "aquasec:index/FunctionAssurancePolicyRequiredLabel:FunctionAssurancePolicyRequiredLabel": { "properties": { "key": { "type": "string" }, "value": { "type": "string" } }, "type": "object" }, "aquasec:index/FunctionAssurancePolicyScope:FunctionAssurancePolicyScope": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyScopeVariable:FunctionAssurancePolicyScopeVariable" } } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "expression" ] } } }, "aquasec:index/FunctionAssurancePolicyScopeVariable:FunctionAssurancePolicyScopeVariable": { "properties": { "attribute": { "type": "string" }, "name": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "attribute", "value" ] } } }, "aquasec:index/FunctionAssurancePolicyTrustedBaseImage:FunctionAssurancePolicyTrustedBaseImage": { "properties": { "imagename": { "type": "string" }, "registry": { "type": "string" } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyAllowedExecutable:FunctionRuntimePolicyAllowedExecutable": { "properties": { "allowExecutables": { "type": "array", "items": { "type": "string" }, "description": "List of allowed executables.\n" }, "allowRootExecutables": { "type": "array", "items": { "type": "string" }, "description": "List of allowed root executables.\n" }, "enabled": { "type": "boolean", "description": "Whether allowed executables configuration is enabled.\n" }, "separateExecutables": { "type": "boolean", "description": "Whether to treat executables separately.\n" } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyAllowedRegistry:FunctionRuntimePolicyAllowedRegistry": { "properties": { "allowedRegistries": { "type": "array", "items": { "type": "string" }, "description": "List of allowed registries.\n" }, "enabled": { "type": "boolean", "description": "Whether allowed registries are enabled.\n" } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyAuditing:FunctionRuntimePolicyAuditing": { "properties": { "auditAllNetwork": { "type": "boolean" }, "auditAllProcesses": { "type": "boolean" }, "auditFailedLogin": { "type": "boolean" }, "auditOsUserActivity": { "type": "boolean" }, "auditProcessCmdline": { "type": "boolean" }, "auditSuccessLogin": { "type": "boolean" }, "auditUserAccountManagement": { "type": "boolean" }, "enabled": { "type": "boolean" } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyBlacklistedOsUsers:FunctionRuntimePolicyBlacklistedOsUsers": { "properties": { "enabled": { "type": "boolean" }, "groupBlackLists": { "type": "array", "items": { "type": "string" } }, "userBlackLists": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyBypassScope:FunctionRuntimePolicyBypassScope": { "properties": { "enabled": { "type": "boolean", "description": "Whether bypassing the scope is enabled.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyBypassScopeScope:FunctionRuntimePolicyBypassScopeScope" }, "description": "Scope configuration.\n" } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyBypassScopeScope:FunctionRuntimePolicyBypassScopeScope": { "properties": { "expression": { "type": "string", "description": "Scope expression.\n" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyBypassScopeScopeVariable:FunctionRuntimePolicyBypassScopeScopeVariable" }, "description": "List of variables in the scope.\n" } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyBypassScopeScopeVariable:FunctionRuntimePolicyBypassScopeScopeVariable": { "properties": { "attribute": { "type": "string", "description": "Variable attribute.\n" }, "value": { "type": "string", "description": "Variable value.\n" } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyContainerExec:FunctionRuntimePolicyContainerExec": { "properties": { "blockContainerExec": { "type": "boolean" }, "containerExecProcWhiteLists": { "type": "array", "items": { "type": "string" } }, "enabled": { "type": "boolean" }, "reverseShellIpWhiteLists": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyDriftPrevention:FunctionRuntimePolicyDriftPrevention": { "properties": { "enabled": { "type": "boolean", "description": "Whether drift prevention is enabled.\n" }, "execLockdown": { "type": "boolean", "description": "Whether to lockdown execution drift.\n" }, "execLockdownWhiteLists": { "type": "array", "items": { "type": "string" }, "description": "List of items in the execution lockdown white list.\n" }, "imageLockdown": { "type": "boolean", "description": "Whether to lockdown image drift.\n" } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyExecutableBlacklist:FunctionRuntimePolicyExecutableBlacklist": { "properties": { "enabled": { "type": "boolean", "description": "Whether the executable blacklist is enabled.\n" }, "executables": { "type": "array", "items": { "type": "string" }, "description": "List of blacklisted executables.\n" } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyFailedKubernetesChecks:FunctionRuntimePolicyFailedKubernetesChecks": { "properties": { "enabled": { "type": "boolean" }, "failedChecks": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyFileBlock:FunctionRuntimePolicyFileBlock": { "properties": { "blockFilesProcesses": { "type": "array", "items": { "type": "string" } }, "blockFilesUsers": { "type": "array", "items": { "type": "string" } }, "enabled": { "type": "boolean" }, "exceptionalBlockFiles": { "type": "array", "items": { "type": "string" } }, "exceptionalBlockFilesProcesses": { "type": "array", "items": { "type": "string" } }, "exceptionalBlockFilesUsers": { "type": "array", "items": { "type": "string" } }, "filenameBlockLists": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyFileIntegrityMonitoring:FunctionRuntimePolicyFileIntegrityMonitoring": { "properties": { "enabled": { "type": "boolean", "description": "If true, file integrity monitoring is enabled.\n" }, "exceptionalMonitoredFiles": { "type": "array", "items": { "type": "string" }, "description": "List of paths to be excluded from monitoring.\n" }, "exceptionalMonitoredFilesProcesses": { "type": "array", "items": { "type": "string" }, "description": "List of processes to be excluded from monitoring.\n" }, "exceptionalMonitoredFilesUsers": { "type": "array", "items": { "type": "string" }, "description": "List of users to be excluded from monitoring.\n" }, "monitoredFiles": { "type": "array", "items": { "type": "string" }, "description": "List of paths to be monitored.\n" }, "monitoredFilesAttributes": { "type": "boolean", "description": "Whether to monitor file attribute operations.\n" }, "monitoredFilesCreate": { "type": "boolean", "description": "Whether to monitor file create operations.\n" }, "monitoredFilesDelete": { "type": "boolean", "description": "Whether to monitor file delete operations.\n" }, "monitoredFilesModify": { "type": "boolean", "description": "Whether to monitor file modify operations.\n" }, "monitoredFilesProcesses": { "type": "array", "items": { "type": "string" }, "description": "List of processes associated with monitored files.\n" }, "monitoredFilesRead": { "type": "boolean", "description": "Whether to monitor file read operations.\n" }, "monitoredFilesUsers": { "type": "array", "items": { "type": "string" }, "description": "List of users associated with monitored files.\n" } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyLimitContainerPrivilege:FunctionRuntimePolicyLimitContainerPrivilege": { "properties": { "blockAddCapabilities": { "type": "boolean", "description": "Whether to block adding capabilities.\n" }, "enabled": { "type": "boolean", "description": "Whether container privilege limitations are enabled.\n" }, "ipcmode": { "type": "boolean", "description": "Whether to limit IPC-related capabilities.\n" }, "netmode": { "type": "boolean", "description": "Whether to limit network-related capabilities.\n" }, "pidmode": { "type": "boolean", "description": "Whether to limit process-related capabilities.\n" }, "preventLowPortBinding": { "type": "boolean", "description": "Whether to prevent low port binding.\n" }, "preventRootUser": { "type": "boolean", "description": "Whether to prevent the use of the root user.\n" }, "privileged": { "type": "boolean", "description": "Whether the container is run in privileged mode.\n" }, "useHostUser": { "type": "boolean", "description": "Whether to use the host user.\n" }, "usermode": { "type": "boolean", "description": "Whether to limit user-related capabilities.\n" }, "utsmode": { "type": "boolean", "description": "Whether to limit UTS-related capabilities.\n" } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyLinuxCapabilities:FunctionRuntimePolicyLinuxCapabilities": { "properties": { "enabled": { "type": "boolean" }, "removeLinuxCapabilities": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyMalwareScanOptions:FunctionRuntimePolicyMalwareScanOptions": { "properties": { "action": { "type": "string", "description": "Set Action, Defaults to 'Alert' when empty\n" }, "enabled": { "type": "boolean", "description": "Defines if enabled or not\n" }, "excludeDirectories": { "type": "array", "items": { "type": "string" }, "description": "List of registry paths to be excluded from being protected.\n" }, "excludeProcesses": { "type": "array", "items": { "type": "string" }, "description": "List of registry processes to be excluded from being protected.\n" }, "includeDirectories": { "type": "array", "items": { "type": "string" }, "description": "List of registry paths to be excluded from being protected.\n" } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyPackageBlock:FunctionRuntimePolicyPackageBlock": { "properties": { "blockPackagesProcesses": { "type": "array", "items": { "type": "string" } }, "blockPackagesUsers": { "type": "array", "items": { "type": "string" } }, "enabled": { "type": "boolean" }, "exceptionalBlockPackagesFiles": { "type": "array", "items": { "type": "string" } }, "exceptionalBlockPackagesProcesses": { "type": "array", "items": { "type": "string" } }, "exceptionalBlockPackagesUsers": { "type": "array", "items": { "type": "string" } }, "packagesBlackLists": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyPortBlock:FunctionRuntimePolicyPortBlock": { "properties": { "blockInboundPorts": { "type": "array", "items": { "type": "string" } }, "blockOutboundPorts": { "type": "array", "items": { "type": "string" } }, "enabled": { "type": "boolean" } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyReadonlyFiles:FunctionRuntimePolicyReadonlyFiles": { "properties": { "enabled": { "type": "boolean" }, "exceptionalReadonlyFiles": { "type": "array", "items": { "type": "string" } }, "exceptionalReadonlyFilesProcesses": { "type": "array", "items": { "type": "string" } }, "exceptionalReadonlyFilesUsers": { "type": "array", "items": { "type": "string" } }, "readonlyFiles": { "type": "array", "items": { "type": "string" } }, "readonlyFilesProcesses": { "type": "array", "items": { "type": "string" } }, "readonlyFilesUsers": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyReadonlyRegistry:FunctionRuntimePolicyReadonlyRegistry": { "properties": { "enabled": { "type": "boolean" }, "exceptionalReadonlyRegistryPaths": { "type": "array", "items": { "type": "string" } }, "exceptionalReadonlyRegistryProcesses": { "type": "array", "items": { "type": "string" } }, "exceptionalReadonlyRegistryUsers": { "type": "array", "items": { "type": "string" } }, "readonlyRegistryPaths": { "type": "array", "items": { "type": "string" } }, "readonlyRegistryProcesses": { "type": "array", "items": { "type": "string" } }, "readonlyRegistryUsers": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyRegistryAccessMonitoring:FunctionRuntimePolicyRegistryAccessMonitoring": { "properties": { "enabled": { "type": "boolean" }, "exceptionalMonitoredRegistryPaths": { "type": "array", "items": { "type": "string" } }, "exceptionalMonitoredRegistryProcesses": { "type": "array", "items": { "type": "string" } }, "exceptionalMonitoredRegistryUsers": { "type": "array", "items": { "type": "string" } }, "monitoredRegistryAttributes": { "type": "boolean" }, "monitoredRegistryCreate": { "type": "boolean" }, "monitoredRegistryDelete": { "type": "boolean" }, "monitoredRegistryModify": { "type": "boolean" }, "monitoredRegistryPaths": { "type": "array", "items": { "type": "string" } }, "monitoredRegistryProcesses": { "type": "array", "items": { "type": "string" } }, "monitoredRegistryRead": { "type": "boolean" }, "monitoredRegistryUsers": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyRestrictedVolume:FunctionRuntimePolicyRestrictedVolume": { "properties": { "enabled": { "type": "boolean", "description": "Whether restricted volumes are enabled.\n" }, "volumes": { "type": "array", "items": { "type": "string" }, "description": "List of restricted volumes.\n" } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyReverseShell:FunctionRuntimePolicyReverseShell": { "properties": { "blockReverseShell": { "type": "boolean" }, "enabled": { "type": "boolean" }, "reverseShellIpWhiteLists": { "type": "array", "items": { "type": "string" } }, "reverseShellProcWhiteLists": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyScope:FunctionRuntimePolicyScope": { "properties": { "expression": { "type": "string", "description": "Scope expression.\n" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyScopeVariable:FunctionRuntimePolicyScopeVariable" }, "description": "List of variables in the scope.\n" } }, "type": "object", "required": [ "expression", "variables" ] }, "aquasec:index/FunctionRuntimePolicyScopeVariable:FunctionRuntimePolicyScopeVariable": { "properties": { "attribute": { "type": "string", "description": "Class of supported scope.\n" }, "name": { "type": "string", "description": "Name assigned to the attribute.\n" }, "value": { "type": "string", "description": "Value assigned to the attribute.\n" } }, "type": "object", "required": [ "attribute", "value" ] }, "aquasec:index/FunctionRuntimePolicySystemIntegrityProtection:FunctionRuntimePolicySystemIntegrityProtection": { "properties": { "auditSystemtimeChange": { "type": "boolean" }, "enabled": { "type": "boolean" }, "monitorAuditLogIntegrity": { "type": "boolean" }, "windowsServicesMonitoring": { "type": "boolean" } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyTripwire:FunctionRuntimePolicyTripwire": { "properties": { "applyOns": { "type": "array", "items": { "type": "string" } }, "enabled": { "type": "boolean" }, "serverlessApp": { "type": "string" }, "userId": { "type": "string" }, "userPassword": { "type": "string" } }, "type": "object" }, "aquasec:index/FunctionRuntimePolicyWhitelistedOsUsers:FunctionRuntimePolicyWhitelistedOsUsers": { "properties": { "enabled": { "type": "boolean" }, "groupWhiteLists": { "type": "array", "items": { "type": "string" } }, "userWhiteLists": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/HostAssurancePolicyAutoScanTime:HostAssurancePolicyAutoScanTime": { "properties": { "iteration": { "type": "integer" }, "iterationType": { "type": "string" }, "time": { "type": "string" }, "weekDays": { "type": "array", "items": { "type": "string" } } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "iteration", "weekDays" ] } } }, "aquasec:index/HostAssurancePolicyCustomCheck:HostAssurancePolicyCustomCheck": { "properties": { "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "description": { "type": "string" }, "engine": { "type": "string" }, "lastModified": { "type": "integer" }, "name": { "type": "string" }, "path": { "type": "string" }, "readOnly": { "type": "boolean" }, "scriptId": { "type": "string" }, "severity": { "type": "string" }, "snippet": { "type": "string" } }, "type": "object" }, "aquasec:index/HostAssurancePolicyForbiddenLabel:HostAssurancePolicyForbiddenLabel": { "properties": { "key": { "type": "string" }, "value": { "type": "string" } }, "type": "object" }, "aquasec:index/HostAssurancePolicyPackagesBlackList:HostAssurancePolicyPackagesBlackList": { "properties": { "arch": { "type": "string" }, "display": { "type": "string" }, "epoch": { "type": "string" }, "format": { "type": "string" }, "license": { "type": "string" }, "name": { "type": "string" }, "release": { "type": "string" }, "version": { "type": "string" }, "versionRange": { "type": "string" } }, "type": "object" }, "aquasec:index/HostAssurancePolicyPackagesWhiteList:HostAssurancePolicyPackagesWhiteList": { "properties": { "arch": { "type": "string" }, "display": { "type": "string" }, "epoch": { "type": "string" }, "format": { "type": "string" }, "license": { "type": "string" }, "name": { "type": "string" }, "release": { "type": "string" }, "version": { "type": "string" }, "versionRange": { "type": "string" } }, "type": "object" }, "aquasec:index/HostAssurancePolicyPolicySettings:HostAssurancePolicyPolicySettings": { "properties": { "enforce": { "type": "boolean" }, "isAuditChecked": { "type": "boolean" }, "warn": { "type": "boolean" }, "warningMessage": { "type": "string" } }, "type": "object" }, "aquasec:index/HostAssurancePolicyRequiredLabel:HostAssurancePolicyRequiredLabel": { "properties": { "key": { "type": "string" }, "value": { "type": "string" } }, "type": "object" }, "aquasec:index/HostAssurancePolicyScope:HostAssurancePolicyScope": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyScopeVariable:HostAssurancePolicyScopeVariable" } } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "expression" ] } } }, "aquasec:index/HostAssurancePolicyScopeVariable:HostAssurancePolicyScopeVariable": { "properties": { "attribute": { "type": "string" }, "name": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "attribute", "value" ] } } }, "aquasec:index/HostAssurancePolicyTrustedBaseImage:HostAssurancePolicyTrustedBaseImage": { "properties": { "imagename": { "type": "string" }, "registry": { "type": "string" } }, "type": "object" }, "aquasec:index/HostRuntimePolicyAllowedExecutable:HostRuntimePolicyAllowedExecutable": { "properties": { "allowExecutables": { "type": "array", "items": { "type": "string" }, "description": "List of allowed executables.\n" }, "allowRootExecutables": { "type": "array", "items": { "type": "string" }, "description": "List of allowed root executables.\n" }, "enabled": { "type": "boolean", "description": "Whether allowed executables configuration is enabled.\n" }, "separateExecutables": { "type": "boolean", "description": "Whether to treat executables separately.\n" } }, "type": "object" }, "aquasec:index/HostRuntimePolicyAllowedRegistry:HostRuntimePolicyAllowedRegistry": { "properties": { "allowedRegistries": { "type": "array", "items": { "type": "string" }, "description": "List of allowed registries.\n" }, "enabled": { "type": "boolean", "description": "Whether allowed registries are enabled.\n" } }, "type": "object" }, "aquasec:index/HostRuntimePolicyAuditing:HostRuntimePolicyAuditing": { "properties": { "auditAllNetwork": { "type": "boolean" }, "auditAllProcesses": { "type": "boolean" }, "auditFailedLogin": { "type": "boolean" }, "auditOsUserActivity": { "type": "boolean" }, "auditProcessCmdline": { "type": "boolean" }, "auditSuccessLogin": { "type": "boolean" }, "auditUserAccountManagement": { "type": "boolean" }, "enabled": { "type": "boolean" } }, "type": "object" }, "aquasec:index/HostRuntimePolicyBlacklistedOsUsers:HostRuntimePolicyBlacklistedOsUsers": { "properties": { "enabled": { "type": "boolean" }, "groupBlackLists": { "type": "array", "items": { "type": "string" } }, "userBlackLists": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/HostRuntimePolicyBypassScope:HostRuntimePolicyBypassScope": { "properties": { "enabled": { "type": "boolean", "description": "Whether bypassing the scope is enabled.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyBypassScopeScope:HostRuntimePolicyBypassScopeScope" }, "description": "Scope configuration.\n" } }, "type": "object" }, "aquasec:index/HostRuntimePolicyBypassScopeScope:HostRuntimePolicyBypassScopeScope": { "properties": { "expression": { "type": "string", "description": "Scope expression.\n" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyBypassScopeScopeVariable:HostRuntimePolicyBypassScopeScopeVariable" }, "description": "List of variables in the scope.\n" } }, "type": "object" }, "aquasec:index/HostRuntimePolicyBypassScopeScopeVariable:HostRuntimePolicyBypassScopeScopeVariable": { "properties": { "attribute": { "type": "string", "description": "Variable attribute.\n" }, "value": { "type": "string", "description": "Variable value.\n" } }, "type": "object" }, "aquasec:index/HostRuntimePolicyContainerExec:HostRuntimePolicyContainerExec": { "properties": { "blockContainerExec": { "type": "boolean" }, "containerExecProcWhiteLists": { "type": "array", "items": { "type": "string" } }, "enabled": { "type": "boolean" }, "reverseShellIpWhiteLists": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/HostRuntimePolicyDriftPrevention:HostRuntimePolicyDriftPrevention": { "properties": { "enabled": { "type": "boolean", "description": "Whether drift prevention is enabled.\n" }, "execLockdown": { "type": "boolean", "description": "Whether to lockdown execution drift.\n" }, "execLockdownWhiteLists": { "type": "array", "items": { "type": "string" }, "description": "List of items in the execution lockdown white list.\n" }, "imageLockdown": { "type": "boolean", "description": "Whether to lockdown image drift.\n" } }, "type": "object" }, "aquasec:index/HostRuntimePolicyExecutableBlacklist:HostRuntimePolicyExecutableBlacklist": { "properties": { "enabled": { "type": "boolean", "description": "Whether the executable blacklist is enabled.\n" }, "executables": { "type": "array", "items": { "type": "string" }, "description": "List of blacklisted executables.\n" } }, "type": "object" }, "aquasec:index/HostRuntimePolicyFailedKubernetesChecks:HostRuntimePolicyFailedKubernetesChecks": { "properties": { "enabled": { "type": "boolean" }, "failedChecks": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/HostRuntimePolicyFileBlock:HostRuntimePolicyFileBlock": { "properties": { "blockFilesProcesses": { "type": "array", "items": { "type": "string" } }, "blockFilesUsers": { "type": "array", "items": { "type": "string" } }, "enabled": { "type": "boolean" }, "exceptionalBlockFiles": { "type": "array", "items": { "type": "string" } }, "exceptionalBlockFilesProcesses": { "type": "array", "items": { "type": "string" } }, "exceptionalBlockFilesUsers": { "type": "array", "items": { "type": "string" } }, "filenameBlockLists": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/HostRuntimePolicyFileIntegrityMonitoring:HostRuntimePolicyFileIntegrityMonitoring": { "properties": { "enabled": { "type": "boolean", "description": "If true, file integrity monitoring is enabled.\n" }, "exceptionalMonitoredFiles": { "type": "array", "items": { "type": "string" }, "description": "List of paths to be excluded from monitoring.\n" }, "exceptionalMonitoredFilesProcesses": { "type": "array", "items": { "type": "string" }, "description": "List of processes to be excluded from monitoring.\n" }, "exceptionalMonitoredFilesUsers": { "type": "array", "items": { "type": "string" }, "description": "List of users to be excluded from monitoring.\n" }, "monitoredFiles": { "type": "array", "items": { "type": "string" }, "description": "List of paths to be monitored.\n" }, "monitoredFilesAttributes": { "type": "boolean", "description": "Whether to monitor file attribute operations.\n" }, "monitoredFilesCreate": { "type": "boolean", "description": "Whether to monitor file create operations.\n" }, "monitoredFilesDelete": { "type": "boolean", "description": "Whether to monitor file delete operations.\n" }, "monitoredFilesModify": { "type": "boolean", "description": "Whether to monitor file modify operations.\n" }, "monitoredFilesProcesses": { "type": "array", "items": { "type": "string" }, "description": "List of processes associated with monitored files.\n" }, "monitoredFilesRead": { "type": "boolean", "description": "Whether to monitor file read operations.\n" }, "monitoredFilesUsers": { "type": "array", "items": { "type": "string" }, "description": "List of users associated with monitored files.\n" } }, "type": "object" }, "aquasec:index/HostRuntimePolicyLimitContainerPrivilege:HostRuntimePolicyLimitContainerPrivilege": { "properties": { "blockAddCapabilities": { "type": "boolean", "description": "Whether to block adding capabilities.\n" }, "enabled": { "type": "boolean", "description": "Whether container privilege limitations are enabled.\n" }, "ipcmode": { "type": "boolean", "description": "Whether to limit IPC-related capabilities.\n" }, "netmode": { "type": "boolean", "description": "Whether to limit network-related capabilities.\n" }, "pidmode": { "type": "boolean", "description": "Whether to limit process-related capabilities.\n" }, "preventLowPortBinding": { "type": "boolean", "description": "Whether to prevent low port binding.\n" }, "preventRootUser": { "type": "boolean", "description": "Whether to prevent the use of the root user.\n" }, "privileged": { "type": "boolean", "description": "Whether the container is run in privileged mode.\n" }, "useHostUser": { "type": "boolean", "description": "Whether to use the host user.\n" }, "usermode": { "type": "boolean", "description": "Whether to limit user-related capabilities.\n" }, "utsmode": { "type": "boolean", "description": "Whether to limit UTS-related capabilities.\n" } }, "type": "object" }, "aquasec:index/HostRuntimePolicyLinuxCapabilities:HostRuntimePolicyLinuxCapabilities": { "properties": { "enabled": { "type": "boolean" }, "removeLinuxCapabilities": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/HostRuntimePolicyMalwareScanOptions:HostRuntimePolicyMalwareScanOptions": { "properties": { "action": { "type": "string", "description": "Set Action, Defaults to 'Alert' when empty\n" }, "enabled": { "type": "boolean", "description": "Defines if enabled or not\n" }, "excludeDirectories": { "type": "array", "items": { "type": "string" }, "description": "List of registry paths to be excluded from being protected.\n" }, "excludeProcesses": { "type": "array", "items": { "type": "string" }, "description": "List of registry processes to be excluded from being protected.\n" }, "includeDirectories": { "type": "array", "items": { "type": "string" }, "description": "List of registry paths to be excluded from being protected.\n" } }, "type": "object" }, "aquasec:index/HostRuntimePolicyPackageBlock:HostRuntimePolicyPackageBlock": { "properties": { "blockPackagesProcesses": { "type": "array", "items": { "type": "string" } }, "blockPackagesUsers": { "type": "array", "items": { "type": "string" } }, "enabled": { "type": "boolean" }, "exceptionalBlockPackagesFiles": { "type": "array", "items": { "type": "string" } }, "exceptionalBlockPackagesProcesses": { "type": "array", "items": { "type": "string" } }, "exceptionalBlockPackagesUsers": { "type": "array", "items": { "type": "string" } }, "packagesBlackLists": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/HostRuntimePolicyPortBlock:HostRuntimePolicyPortBlock": { "properties": { "blockInboundPorts": { "type": "array", "items": { "type": "string" } }, "blockOutboundPorts": { "type": "array", "items": { "type": "string" } }, "enabled": { "type": "boolean" } }, "type": "object" }, "aquasec:index/HostRuntimePolicyReadonlyFiles:HostRuntimePolicyReadonlyFiles": { "properties": { "enabled": { "type": "boolean" }, "exceptionalReadonlyFiles": { "type": "array", "items": { "type": "string" } }, "exceptionalReadonlyFilesProcesses": { "type": "array", "items": { "type": "string" } }, "exceptionalReadonlyFilesUsers": { "type": "array", "items": { "type": "string" } }, "readonlyFiles": { "type": "array", "items": { "type": "string" } }, "readonlyFilesProcesses": { "type": "array", "items": { "type": "string" } }, "readonlyFilesUsers": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/HostRuntimePolicyReadonlyRegistry:HostRuntimePolicyReadonlyRegistry": { "properties": { "enabled": { "type": "boolean" }, "exceptionalReadonlyRegistryPaths": { "type": "array", "items": { "type": "string" } }, "exceptionalReadonlyRegistryProcesses": { "type": "array", "items": { "type": "string" } }, "exceptionalReadonlyRegistryUsers": { "type": "array", "items": { "type": "string" } }, "readonlyRegistryPaths": { "type": "array", "items": { "type": "string" } }, "readonlyRegistryProcesses": { "type": "array", "items": { "type": "string" } }, "readonlyRegistryUsers": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/HostRuntimePolicyRegistryAccessMonitoring:HostRuntimePolicyRegistryAccessMonitoring": { "properties": { "enabled": { "type": "boolean" }, "exceptionalMonitoredRegistryPaths": { "type": "array", "items": { "type": "string" } }, "exceptionalMonitoredRegistryProcesses": { "type": "array", "items": { "type": "string" } }, "exceptionalMonitoredRegistryUsers": { "type": "array", "items": { "type": "string" } }, "monitoredRegistryAttributes": { "type": "boolean" }, "monitoredRegistryCreate": { "type": "boolean" }, "monitoredRegistryDelete": { "type": "boolean" }, "monitoredRegistryModify": { "type": "boolean" }, "monitoredRegistryPaths": { "type": "array", "items": { "type": "string" } }, "monitoredRegistryProcesses": { "type": "array", "items": { "type": "string" } }, "monitoredRegistryRead": { "type": "boolean" }, "monitoredRegistryUsers": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/HostRuntimePolicyRestrictedVolume:HostRuntimePolicyRestrictedVolume": { "properties": { "enabled": { "type": "boolean", "description": "Whether restricted volumes are enabled.\n" }, "volumes": { "type": "array", "items": { "type": "string" }, "description": "List of restricted volumes.\n" } }, "type": "object" }, "aquasec:index/HostRuntimePolicyReverseShell:HostRuntimePolicyReverseShell": { "properties": { "blockReverseShell": { "type": "boolean" }, "enabled": { "type": "boolean" }, "reverseShellIpWhiteLists": { "type": "array", "items": { "type": "string" } }, "reverseShellProcWhiteLists": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/HostRuntimePolicyScope:HostRuntimePolicyScope": { "properties": { "expression": { "type": "string", "description": "Scope expression.\n" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyScopeVariable:HostRuntimePolicyScopeVariable" }, "description": "List of variables in the scope.\n" } }, "type": "object", "required": [ "expression", "variables" ] }, "aquasec:index/HostRuntimePolicyScopeVariable:HostRuntimePolicyScopeVariable": { "properties": { "attribute": { "type": "string", "description": "Class of supported scope.\n" }, "name": { "type": "string", "description": "Name assigned to the attribute.\n" }, "value": { "type": "string", "description": "Value assigned to the attribute.\n" } }, "type": "object", "required": [ "attribute", "value" ] }, "aquasec:index/HostRuntimePolicySystemIntegrityProtection:HostRuntimePolicySystemIntegrityProtection": { "properties": { "auditSystemtimeChange": { "type": "boolean" }, "enabled": { "type": "boolean" }, "monitorAuditLogIntegrity": { "type": "boolean" }, "windowsServicesMonitoring": { "type": "boolean" } }, "type": "object" }, "aquasec:index/HostRuntimePolicyTripwire:HostRuntimePolicyTripwire": { "properties": { "applyOns": { "type": "array", "items": { "type": "string" } }, "enabled": { "type": "boolean" }, "serverlessApp": { "type": "string" }, "userId": { "type": "string" }, "userPassword": { "type": "string" } }, "type": "object" }, "aquasec:index/HostRuntimePolicyWhitelistedOsUsers:HostRuntimePolicyWhitelistedOsUsers": { "properties": { "enabled": { "type": "boolean" }, "groupWhiteLists": { "type": "array", "items": { "type": "string" } }, "userWhiteLists": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/ImageAssuranceChecksPerformed:ImageAssuranceChecksPerformed": { "properties": { "assuranceType": { "type": "string", "description": "The type of the Assurance Policy the check originated from.\n" }, "blocking": { "type": "boolean", "description": "Whether the check is blocking (i.e. a failure should trigger a disallow).\n" }, "control": { "type": "string", "description": "The name of the image assurance control.\n" }, "dtaSkipped": { "type": "boolean", "description": "If DTA was skipped.\n" }, "dtaSkippedReason": { "type": "string", "description": "The reason why DTA was skipped.\n" }, "failed": { "type": "boolean", "description": "Whether the image failed the check.\n" }, "policyName": { "type": "string", "description": "The name of the Image Assurance Policy the check originated from.\n" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "assuranceType", "blocking", "control", "dtaSkipped", "dtaSkippedReason", "failed", "policyName" ] } } }, "aquasec:index/ImageAssurancePolicyAutoScanTime:ImageAssurancePolicyAutoScanTime": { "properties": { "iteration": { "type": "integer" }, "iterationType": { "type": "string" }, "time": { "type": "string" }, "weekDays": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/ImageAssurancePolicyCustomCheck:ImageAssurancePolicyCustomCheck": { "properties": { "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "description": { "type": "string" }, "engine": { "type": "string" }, "lastModified": { "type": "integer" }, "name": { "type": "string" }, "path": { "type": "string" }, "readOnly": { "type": "boolean" }, "scriptId": { "type": "string" }, "severity": { "type": "string" }, "snippet": { "type": "string" } }, "type": "object" }, "aquasec:index/ImageAssurancePolicyForbiddenLabel:ImageAssurancePolicyForbiddenLabel": { "properties": { "key": { "type": "string" }, "value": { "type": "string" } }, "type": "object" }, "aquasec:index/ImageAssurancePolicyKubernetesControls:ImageAssurancePolicyKubernetesControls": { "properties": { "avdId": { "type": "string" }, "description": { "type": "string" }, "enabled": { "type": "boolean" }, "kind": { "type": "string" }, "name": { "type": "string" }, "ootb": { "type": "boolean" }, "scriptId": { "type": "integer" }, "severity": { "type": "string" } }, "type": "object" }, "aquasec:index/ImageAssurancePolicyPackagesBlackList:ImageAssurancePolicyPackagesBlackList": { "properties": { "arch": { "type": "string" }, "display": { "type": "string" }, "epoch": { "type": "string" }, "format": { "type": "string" }, "license": { "type": "string" }, "name": { "type": "string" }, "release": { "type": "string" }, "version": { "type": "string" }, "versionRange": { "type": "string" } }, "type": "object" }, "aquasec:index/ImageAssurancePolicyPackagesWhiteList:ImageAssurancePolicyPackagesWhiteList": { "properties": { "arch": { "type": "string" }, "display": { "type": "string" }, "epoch": { "type": "string" }, "format": { "type": "string" }, "license": { "type": "string" }, "name": { "type": "string" }, "release": { "type": "string" }, "version": { "type": "string" }, "versionRange": { "type": "string" } }, "type": "object" }, "aquasec:index/ImageAssurancePolicyPolicySettings:ImageAssurancePolicyPolicySettings": { "properties": { "enforce": { "type": "boolean" }, "isAuditChecked": { "type": "boolean" }, "warn": { "type": "boolean" }, "warningMessage": { "type": "string" } }, "type": "object" }, "aquasec:index/ImageAssurancePolicyRequiredLabel:ImageAssurancePolicyRequiredLabel": { "properties": { "key": { "type": "string" }, "value": { "type": "string" } }, "type": "object" }, "aquasec:index/ImageAssurancePolicyScope:ImageAssurancePolicyScope": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyScopeVariable:ImageAssurancePolicyScopeVariable" } } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "expression" ] } } }, "aquasec:index/ImageAssurancePolicyScopeVariable:ImageAssurancePolicyScopeVariable": { "properties": { "attribute": { "type": "string" }, "name": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "attribute", "value" ] } } }, "aquasec:index/ImageAssurancePolicyTrustedBaseImage:ImageAssurancePolicyTrustedBaseImage": { "properties": { "imagename": { "type": "string" }, "registry": { "type": "string" } }, "type": "object" }, "aquasec:index/ImageHistory:ImageHistory": { "properties": { "comment": { "type": "string", "description": "The commit comment for the image, if any.\n" }, "created": { "type": "string", "description": "The date of creation of the layer.\n" }, "createdBy": { "type": "string", "description": "The command that generated the layer.\n" }, "id": { "type": "string", "description": "The image ID of the layer (if any).\n" }, "size": { "type": "integer", "description": "The size of the image.\n" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "comment", "created", "createdBy", "id", "size" ] } } }, "aquasec:index/ImageVulnerability:ImageVulnerability": { "properties": { "ackAuthor": { "type": "string" }, "ackComment": { "type": "string" }, "ackExpirationConfiguredAt": { "type": "string" }, "ackExpirationConfiguredBy": { "type": "string" }, "ackExpirationDays": { "type": "integer" }, "ackScope": { "type": "string" }, "acknowledgeDate": { "type": "string" }, "ancestorPkg": { "type": "string", "description": "The ancestor of this package.\n" }, "aquaScore": { "type": "number", "description": "The score generated for the vulnerability by Aqua.\n" }, "aquaScoreClassification": { "type": "string", "description": "Score classification by Aqua.\n" }, "aquaScoringSystem": { "type": "string", "description": "The score system for the vulnerability by Aqua\n" }, "aquaSeverity": { "type": "string", "description": "The severity generated for the vulnerability by Aqua.\n" }, "aquaSeverityClassification": { "type": "string", "description": "Classification of the severity defined by Aqua.\n" }, "aquaVectors": { "type": "string", "description": "The vectors generated for the vulnerability by Aqua\n" }, "auditEventsCount": { "type": "integer", "description": "Number of audit events.\n" }, "blockEventsCount": { "type": "integer", "description": "Number of blocked events.\n" }, "classification": { "type": "string", "description": "Classification of the vulnerability.\n" }, "description": { "type": "string", "description": "The description of the vulnerability.\n" }, "digest": { "type": "string", "description": "The content digest of the image.\n" }, "exploitReference": { "type": "string", "description": "Reference of the exploit.\n" }, "exploitType": { "type": "string", "description": "Type of the exploit.\n" }, "firstFoundDate": { "type": "string", "description": "The date when this vulnerability was first found.\n" }, "fixVersion": { "type": "string", "description": "Fixed version of the resource.\n" }, "imageName": { "type": "string", "description": "Name of the image.\n" }, "lastFoundDate": { "type": "string", "description": "The date when this vulnerability was last found.\n" }, "modificationDate": { "type": "string", "description": "Thhe date when this vulnerability was modified.\n" }, "name": { "type": "string", "description": "The name of the vulnerability.\n" }, "nvdCvss2Score": { "type": "number", "description": "CVSS2 score by NVD\n" }, "nvdCvss2Vectors": { "type": "string", "description": "CVSS2 vectors by NVD\n" }, "nvdCvss3Score": { "type": "number", "description": "CVSS3 score by NVD\n" }, "nvdCvss3Severity": { "type": "string", "description": "CVSS3 severity by NVD\n" }, "nvdCvss3Vectors": { "type": "string", "description": "CVSS3 vectors by NVD\n" }, "nvdSeverity": { "type": "string", "description": "Type of the severity identified by NVD.\n" }, "nvdUrl": { "type": "string", "description": "URL of the details of this vulnerability by NVD.\n" }, "os": { "type": "string", "description": "Name of the Operating System.\n" }, "osVersion": { "type": "string", "description": "The version of the OS.\n" }, "permission": { "type": "string", "description": "permission on the image\n" }, "publishDate": { "type": "string", "description": "The date this vulnerability was published.\n" }, "registry": { "type": "string", "description": "Registry of the image.\n" }, "repository": { "type": "string", "description": "Repository of the image.\n" }, "resourceArchitecture": { "type": "string", "description": "Architecture of the resource.\n" }, "resourceCpe": { "type": "string", "description": "Common Platform Enumeration (CPE) of the resource.\n" }, "resourceFormat": { "type": "string", "description": "Code format of the resource (java, apk etc.).\n" }, "resourceHash": { "type": "string", "description": "Hash of the resource.\n" }, "resourceLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of license supported by the resource.\n" }, "resourceName": { "type": "string", "description": "Name of the resource.\n" }, "resourcePath": { "type": "string", "description": "Path of the resource.\n" }, "resourceType": { "type": "string", "description": "Type of the resource\n" }, "resourceVersion": { "type": "string", "description": "Version of the resource.\n" }, "severityClassification": { "type": "string", "description": "Classification of the severity.\n" }, "solution": { "type": "string", "description": "Solution for the vulnerability.\n" }, "temporalVector": { "type": "string" }, "vPatchAppliedBy": { "type": "string" }, "vPatchAppliedOn": { "type": "string" }, "vPatchEnforcedBy": { "type": "string" }, "vPatchEnforcedOn": { "type": "string" }, "vPatchPolicyEnforce": { "type": "boolean" }, "vPatchPolicyName": { "type": "string" }, "vPatchRevertedBy": { "type": "string" }, "vPatchRevertedOn": { "type": "string" }, "vPatchStatus": { "type": "string" }, "vendorCvss2Score": { "type": "number" }, "vendorCvss2Vectors": { "type": "string" }, "vendorSeverity": { "type": "string" }, "vendorStatement": { "type": "string" }, "vendorUrl": { "type": "string" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "ackAuthor", "ackComment", "ackExpirationConfiguredAt", "ackExpirationConfiguredBy", "ackExpirationDays", "ackScope", "acknowledgeDate", "ancestorPkg", "aquaScore", "aquaScoreClassification", "aquaScoringSystem", "aquaSeverity", "aquaSeverityClassification", "aquaVectors", "auditEventsCount", "blockEventsCount", "classification", "description", "digest", "exploitReference", "exploitType", "firstFoundDate", "fixVersion", "imageName", "lastFoundDate", "modificationDate", "name", "nvdCvss2Score", "nvdCvss2Vectors", "nvdCvss3Score", "nvdCvss3Severity", "nvdCvss3Vectors", "nvdSeverity", "nvdUrl", "os", "osVersion", "permission", "publishDate", "registry", "repository", "resourceArchitecture", "resourceCpe", "resourceFormat", "resourceHash", "resourceLicenses", "resourceName", "resourcePath", "resourceType", "resourceVersion", "severityClassification", "solution", "temporalVector", "vPatchAppliedBy", "vPatchAppliedOn", "vPatchEnforcedBy", "vPatchEnforcedOn", "vPatchPolicyEnforce", "vPatchPolicyName", "vPatchRevertedBy", "vPatchRevertedOn", "vPatchStatus", "vendorCvss2Score", "vendorCvss2Vectors", "vendorSeverity", "vendorStatement", "vendorUrl" ] } } }, "aquasec:index/IntegrationRegistryOption:IntegrationRegistryOption": { "properties": { "option": { "type": "string" }, "value": { "type": "string" } }, "type": "object" }, "aquasec:index/IntegrationRegistryWebhook:IntegrationRegistryWebhook": { "properties": { "authToken": { "type": "string" }, "enabled": { "type": "boolean" }, "unQuarantine": { "type": "boolean" }, "url": { "type": "string" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "enabled", "unQuarantine" ] } } }, "aquasec:index/KubernetesAssurancePolicyAutoScanTime:KubernetesAssurancePolicyAutoScanTime": { "properties": { "iteration": { "type": "integer" }, "iterationType": { "type": "string" }, "time": { "type": "string" }, "weekDays": { "type": "array", "items": { "type": "string" } } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "iteration", "weekDays" ] } } }, "aquasec:index/KubernetesAssurancePolicyCustomCheck:KubernetesAssurancePolicyCustomCheck": { "properties": { "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "description": { "type": "string" }, "engine": { "type": "string" }, "lastModified": { "type": "integer" }, "name": { "type": "string" }, "path": { "type": "string" }, "readOnly": { "type": "boolean" }, "scriptId": { "type": "string" }, "severity": { "type": "string" }, "snippet": { "type": "string" } }, "type": "object" }, "aquasec:index/KubernetesAssurancePolicyForbiddenLabel:KubernetesAssurancePolicyForbiddenLabel": { "properties": { "key": { "type": "string" }, "value": { "type": "string" } }, "type": "object" }, "aquasec:index/KubernetesAssurancePolicyKubernetesControl:KubernetesAssurancePolicyKubernetesControl": { "properties": { "avdId": { "type": "string", "description": "AVD ID.\n" }, "description": { "type": "string", "description": "Description of the control.\n" }, "enabled": { "type": "boolean", "description": "Is the control enabled?\n" }, "kind": { "type": "string", "description": "Kind of the control.\n" }, "name": { "type": "string", "description": "Name of the control.\n" }, "ootb": { "type": "boolean", "description": "Out-of-the-box status of the control.\n" }, "scriptId": { "type": "integer", "description": "Script ID.\n" }, "severity": { "type": "string", "description": "Severity of the control.\n" } }, "type": "object" }, "aquasec:index/KubernetesAssurancePolicyPackagesBlackList:KubernetesAssurancePolicyPackagesBlackList": { "properties": { "arch": { "type": "string" }, "display": { "type": "string" }, "epoch": { "type": "string" }, "format": { "type": "string" }, "license": { "type": "string" }, "name": { "type": "string" }, "release": { "type": "string" }, "version": { "type": "string" }, "versionRange": { "type": "string" } }, "type": "object" }, "aquasec:index/KubernetesAssurancePolicyPackagesWhiteList:KubernetesAssurancePolicyPackagesWhiteList": { "properties": { "arch": { "type": "string" }, "display": { "type": "string" }, "epoch": { "type": "string" }, "format": { "type": "string" }, "license": { "type": "string" }, "name": { "type": "string" }, "release": { "type": "string" }, "version": { "type": "string" }, "versionRange": { "type": "string" } }, "type": "object" }, "aquasec:index/KubernetesAssurancePolicyPolicySettings:KubernetesAssurancePolicyPolicySettings": { "properties": { "enforce": { "type": "boolean" }, "isAuditChecked": { "type": "boolean" }, "warn": { "type": "boolean" }, "warningMessage": { "type": "string" } }, "type": "object" }, "aquasec:index/KubernetesAssurancePolicyRequiredLabel:KubernetesAssurancePolicyRequiredLabel": { "properties": { "key": { "type": "string" }, "value": { "type": "string" } }, "type": "object" }, "aquasec:index/KubernetesAssurancePolicyScope:KubernetesAssurancePolicyScope": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyScopeVariable:KubernetesAssurancePolicyScopeVariable" } } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "expression" ] } } }, "aquasec:index/KubernetesAssurancePolicyScopeVariable:KubernetesAssurancePolicyScopeVariable": { "properties": { "attribute": { "type": "string" }, "name": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "attribute", "value" ] } } }, "aquasec:index/KubernetesAssurancePolicyTrustedBaseImage:KubernetesAssurancePolicyTrustedBaseImage": { "properties": { "imagename": { "type": "string" }, "registry": { "type": "string" } }, "type": "object" }, "aquasec:index/RoleMappingLdap:RoleMappingLdap": { "properties": { "roleMapping": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles.\n", "willReplaceOnChanges": true } }, "type": "object", "required": [ "roleMapping" ] }, "aquasec:index/RoleMappingOauth2:RoleMappingOauth2": { "properties": { "roleMapping": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles.\n", "willReplaceOnChanges": true } }, "type": "object", "required": [ "roleMapping" ] }, "aquasec:index/RoleMappingOpenid:RoleMappingOpenid": { "properties": { "roleMapping": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles.\n", "willReplaceOnChanges": true } }, "type": "object", "required": [ "roleMapping" ] }, "aquasec:index/RoleMappingSaml:RoleMappingSaml": { "properties": { "roleMapping": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles.\n", "willReplaceOnChanges": true } }, "type": "object", "required": [ "roleMapping" ] }, "aquasec:index/ServiceScopeVariable:ServiceScopeVariable": { "properties": { "attribute": { "type": "string", "description": "Class of supported scope.\n" }, "name": { "type": "string", "description": "Name assigned to the attribute.\n" }, "value": { "type": "string", "description": "Value assigned to the attribute.\n" } }, "type": "object" }, "aquasec:index/UserSaasGroup:UserSaasGroup": { "properties": { "groupAdmin": { "type": "boolean" }, "name": { "type": "string" } }, "type": "object" }, "aquasec:index/UserSaasLogin:UserSaasLogin": { "properties": { "created": { "type": "string" }, "id": { "type": "integer" }, "ipAddress": { "type": "string" }, "userId": { "type": "integer" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "created", "id", "ipAddress", "userId" ] } } }, "aquasec:index/VmwareAssurancePolicyAutoScanTime:VmwareAssurancePolicyAutoScanTime": { "properties": { "iteration": { "type": "integer" }, "iterationType": { "type": "string" }, "time": { "type": "string" }, "weekDays": { "type": "array", "items": { "type": "string" } } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "iteration", "weekDays" ] } } }, "aquasec:index/VmwareAssurancePolicyCustomCheck:VmwareAssurancePolicyCustomCheck": { "properties": { "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "description": { "type": "string" }, "engine": { "type": "string" }, "lastModified": { "type": "integer" }, "name": { "type": "string" }, "path": { "type": "string" }, "readOnly": { "type": "boolean" }, "scriptId": { "type": "string" }, "severity": { "type": "string" }, "snippet": { "type": "string" } }, "type": "object" }, "aquasec:index/VmwareAssurancePolicyForbiddenLabel:VmwareAssurancePolicyForbiddenLabel": { "properties": { "key": { "type": "string" }, "value": { "type": "string" } }, "type": "object" }, "aquasec:index/VmwareAssurancePolicyKubernetesControl:VmwareAssurancePolicyKubernetesControl": { "properties": { "avdId": { "type": "string" }, "description": { "type": "string" }, "enabled": { "type": "boolean" }, "kind": { "type": "string" }, "name": { "type": "string" }, "ootb": { "type": "boolean" }, "scriptId": { "type": "integer" }, "severity": { "type": "string" } }, "type": "object" }, "aquasec:index/VmwareAssurancePolicyPackagesBlackList:VmwareAssurancePolicyPackagesBlackList": { "properties": { "arch": { "type": "string" }, "display": { "type": "string" }, "epoch": { "type": "string" }, "format": { "type": "string" }, "license": { "type": "string" }, "name": { "type": "string" }, "release": { "type": "string" }, "version": { "type": "string" }, "versionRange": { "type": "string" } }, "type": "object" }, "aquasec:index/VmwareAssurancePolicyPackagesWhiteList:VmwareAssurancePolicyPackagesWhiteList": { "properties": { "arch": { "type": "string" }, "display": { "type": "string" }, "epoch": { "type": "string" }, "format": { "type": "string" }, "license": { "type": "string" }, "name": { "type": "string" }, "release": { "type": "string" }, "version": { "type": "string" }, "versionRange": { "type": "string" } }, "type": "object" }, "aquasec:index/VmwareAssurancePolicyPolicySettings:VmwareAssurancePolicyPolicySettings": { "properties": { "enforce": { "type": "boolean" }, "isAuditChecked": { "type": "boolean" }, "warn": { "type": "boolean" }, "warningMessage": { "type": "string" } }, "type": "object" }, "aquasec:index/VmwareAssurancePolicyRequiredLabel:VmwareAssurancePolicyRequiredLabel": { "properties": { "key": { "type": "string" }, "value": { "type": "string" } }, "type": "object" }, "aquasec:index/VmwareAssurancePolicyScope:VmwareAssurancePolicyScope": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyScopeVariable:VmwareAssurancePolicyScopeVariable" } } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "expression" ] } } }, "aquasec:index/VmwareAssurancePolicyScopeVariable:VmwareAssurancePolicyScopeVariable": { "properties": { "attribute": { "type": "string" }, "name": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "attribute", "value" ] } } }, "aquasec:index/VmwareAssurancePolicyTrustedBaseImage:VmwareAssurancePolicyTrustedBaseImage": { "properties": { "imagename": { "type": "string" }, "registry": { "type": "string" } }, "type": "object" }, "aquasec:index/getAcknowledgesAcknowledge:getAcknowledgesAcknowledge": { "properties": { "author": { "type": "string", "description": "The user who acknowledged the issue.\n" }, "comment": { "type": "string", "description": "A comment describing the reason for the acknowledgment\n" }, "date": { "type": "string", "description": "The date and time of the acknowledgment.\n" }, "dockerId": { "type": "string" }, "expirationConfiguredAt": { "type": "string", "description": "The current dat and time when the expiration was set\n" }, "expirationConfiguredBy": { "type": "string", "description": "The user who set the expiration of the issue.\n" }, "expirationDays": { "type": "integer", "description": "Number of days until expiration of the acknowledgement. The value must be integer from 1 to 999, inclusive.\n" }, "fixVersion": { "type": "string", "description": "The version of the package that having a fix for the issue.\n" }, "imageName": { "type": "string", "description": "Only acknowledge the issue in the context of the specified image (also requires 'registry_name')\n" }, "issueName": { "type": "string", "description": "The name of the security issue (the CVE or security advisory for vulnerabilities, name of malware or type of sensitive data)\n" }, "issueType": { "type": "string", "description": "The type of the security issue (either 'vulnerability', 'sensitive_data' or 'malware')\n" }, "os": { "type": "string", "description": "When the resource_type is 'package', the operating system is required (e.g., 'ubuntu', 'alpine').\n" }, "osVersion": { "type": "string", "description": "When the resource_type is 'package', the operating system version is required.\n" }, "permission": { "type": "string", "description": "The permissions of the user who acknowledged the issue.\n" }, "registryName": { "type": "string", "description": "Only acknowledge the issue in the context of the specified repository (also requires 'registry_name').\n" }, "resourceCpe": { "type": "string", "description": "The CPE of the resource as listed in the issue by the Aqua API. This is required for resources of type 'executable'. For packages and files, the next parameters can be specified instead.\n" }, "resourceFormat": { "type": "string", "description": "The format of the resource.\n" }, "resourceHash": { "type": "string", "description": "When the resource_type is 'file', the hash of the file is required\n" }, "resourceName": { "type": "string", "description": "When the resource_type is 'package', the name of the package is required.\n" }, "resourcePath": { "type": "string", "description": "The path of the resource. This is required for resources of type 'file' and 'executable'.\n" }, "resourceType": { "type": "string", "description": "The type of the resource where the issue was detected (either 'package', 'file' or 'executable')\n" }, "resourceVersion": { "type": "string", "description": "When the resource_type is 'package', the version of the package is required\n" } }, "type": "object", "required": [ "author", "comment", "date", "dockerId", "expirationConfiguredAt", "expirationConfiguredBy", "expirationDays", "fixVersion", "imageName", "issueName", "issueType", "os", "osVersion", "permission", "registryName", "resourceCpe", "resourceFormat", "resourceHash", "resourceName", "resourcePath", "resourceType", "resourceVersion" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getApplicationScopeCategory:getApplicationScopeCategory": { "properties": { "artifacts": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetApplicationScopeCategoryArtifact:getApplicationScopeCategoryArtifact" } }, "entityScopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetApplicationScopeCategoryEntityScope:getApplicationScopeCategoryEntityScope" } }, "infrastructures": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetApplicationScopeCategoryInfrastructure:getApplicationScopeCategoryInfrastructure" } }, "workloads": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetApplicationScopeCategoryWorkload:getApplicationScopeCategoryWorkload" } } }, "type": "object" }, "aquasec:index/getApplicationScopeCategoryArtifact:getApplicationScopeCategoryArtifact": { "properties": { "cfs": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetApplicationScopeCategoryArtifactCf:getApplicationScopeCategoryArtifactCf" } }, "functions": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetApplicationScopeCategoryArtifactFunction:getApplicationScopeCategoryArtifactFunction" } }, "images": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetApplicationScopeCategoryArtifactImage:getApplicationScopeCategoryArtifactImage" } } }, "type": "object" }, "aquasec:index/getApplicationScopeCategoryArtifactCf:getApplicationScopeCategoryArtifactCf": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetApplicationScopeCategoryArtifactCfVariable:getApplicationScopeCategoryArtifactCfVariable" } } }, "type": "object", "required": [ "expression" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getApplicationScopeCategoryArtifactCfVariable:getApplicationScopeCategoryArtifactCfVariable": { "properties": { "attribute": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "required": [ "attribute" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getApplicationScopeCategoryArtifactFunction:getApplicationScopeCategoryArtifactFunction": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetApplicationScopeCategoryArtifactFunctionVariable:getApplicationScopeCategoryArtifactFunctionVariable" } } }, "type": "object", "required": [ "expression" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getApplicationScopeCategoryArtifactFunctionVariable:getApplicationScopeCategoryArtifactFunctionVariable": { "properties": { "attribute": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "required": [ "attribute" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getApplicationScopeCategoryArtifactImage:getApplicationScopeCategoryArtifactImage": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetApplicationScopeCategoryArtifactImageVariable:getApplicationScopeCategoryArtifactImageVariable" } } }, "type": "object", "required": [ "expression" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getApplicationScopeCategoryArtifactImageVariable:getApplicationScopeCategoryArtifactImageVariable": { "properties": { "attribute": { "type": "string" }, "value": { "type": "string" } }, "type": "object" }, "aquasec:index/getApplicationScopeCategoryEntityScope:getApplicationScopeCategoryEntityScope": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetApplicationScopeCategoryEntityScopeVariable:getApplicationScopeCategoryEntityScopeVariable" } } }, "type": "object", "required": [ "expression" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getApplicationScopeCategoryEntityScopeVariable:getApplicationScopeCategoryEntityScopeVariable": { "properties": { "attribute": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "required": [ "attribute", "value" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getApplicationScopeCategoryInfrastructure:getApplicationScopeCategoryInfrastructure": { "properties": { "kubernetes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetApplicationScopeCategoryInfrastructureKubernete:getApplicationScopeCategoryInfrastructureKubernete" } }, "os": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetApplicationScopeCategoryInfrastructureO:getApplicationScopeCategoryInfrastructureO" } } }, "type": "object" }, "aquasec:index/getApplicationScopeCategoryInfrastructureKubernete:getApplicationScopeCategoryInfrastructureKubernete": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetApplicationScopeCategoryInfrastructureKuberneteVariable:getApplicationScopeCategoryInfrastructureKuberneteVariable" } } }, "type": "object", "required": [ "expression" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getApplicationScopeCategoryInfrastructureKuberneteVariable:getApplicationScopeCategoryInfrastructureKuberneteVariable": { "properties": { "attribute": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "required": [ "attribute" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getApplicationScopeCategoryInfrastructureO:getApplicationScopeCategoryInfrastructureO": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetApplicationScopeCategoryInfrastructureOVariable:getApplicationScopeCategoryInfrastructureOVariable" } } }, "type": "object", "required": [ "expression" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getApplicationScopeCategoryInfrastructureOVariable:getApplicationScopeCategoryInfrastructureOVariable": { "properties": { "attribute": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "required": [ "attribute" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getApplicationScopeCategoryWorkload:getApplicationScopeCategoryWorkload": { "properties": { "cfs": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetApplicationScopeCategoryWorkloadCf:getApplicationScopeCategoryWorkloadCf" } }, "kubernetes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetApplicationScopeCategoryWorkloadKubernete:getApplicationScopeCategoryWorkloadKubernete" } }, "os": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetApplicationScopeCategoryWorkloadO:getApplicationScopeCategoryWorkloadO" } } }, "type": "object" }, "aquasec:index/getApplicationScopeCategoryWorkloadCf:getApplicationScopeCategoryWorkloadCf": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetApplicationScopeCategoryWorkloadCfVariable:getApplicationScopeCategoryWorkloadCfVariable" } } }, "type": "object", "required": [ "expression" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getApplicationScopeCategoryWorkloadCfVariable:getApplicationScopeCategoryWorkloadCfVariable": { "properties": { "attribute": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "required": [ "attribute" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getApplicationScopeCategoryWorkloadKubernete:getApplicationScopeCategoryWorkloadKubernete": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetApplicationScopeCategoryWorkloadKuberneteVariable:getApplicationScopeCategoryWorkloadKuberneteVariable" } } }, "type": "object", "required": [ "expression" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getApplicationScopeCategoryWorkloadKuberneteVariable:getApplicationScopeCategoryWorkloadKuberneteVariable": { "properties": { "attribute": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "required": [ "attribute" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getApplicationScopeCategoryWorkloadO:getApplicationScopeCategoryWorkloadO": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetApplicationScopeCategoryWorkloadOVariable:getApplicationScopeCategoryWorkloadOVariable" } } }, "type": "object", "required": [ "expression" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getApplicationScopeCategoryWorkloadOVariable:getApplicationScopeCategoryWorkloadOVariable": { "properties": { "attribute": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "required": [ "attribute" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getAquaLabelsAquaLabel:getAquaLabelsAquaLabel": { "properties": { "author": { "type": "string", "description": "The name of the user who created the Aqua label.\n" }, "created": { "type": "string", "description": "The creation date of the Aqua label.\n" }, "description": { "type": "string", "description": "Aqua label description.\n" }, "name": { "type": "string", "description": "Aqua label name.\n" } }, "type": "object", "required": [ "author", "created", "description", "name" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getContainerRuntimePolicyAllowedExecutable:getContainerRuntimePolicyAllowedExecutable": { "properties": { "allowExecutables": { "type": "array", "items": { "type": "string" }, "description": "List of allowed executables.\n" }, "allowRootExecutables": { "type": "array", "items": { "type": "string" }, "description": "List of allowed root executables.\n" }, "enabled": { "type": "boolean", "description": "Whether allowed executables configuration is enabled.\n" }, "separateExecutables": { "type": "boolean", "description": "Whether to treat executables separately.\n" } }, "type": "object" }, "aquasec:index/getContainerRuntimePolicyAllowedRegistry:getContainerRuntimePolicyAllowedRegistry": { "properties": { "allowedRegistries": { "type": "array", "items": { "type": "string" }, "description": "List of allowed registries.\n" }, "enabled": { "type": "boolean", "description": "Whether allowed registries are enabled.\n" } }, "type": "object" }, "aquasec:index/getContainerRuntimePolicyAuditing:getContainerRuntimePolicyAuditing": { "properties": { "auditAllNetwork": { "type": "boolean" }, "auditAllProcesses": { "type": "boolean" }, "auditFailedLogin": { "type": "boolean" }, "auditOsUserActivity": { "type": "boolean" }, "auditProcessCmdline": { "type": "boolean" }, "auditSuccessLogin": { "type": "boolean" }, "auditUserAccountManagement": { "type": "boolean" }, "enabled": { "type": "boolean" } }, "type": "object" }, "aquasec:index/getContainerRuntimePolicyContainerExec:getContainerRuntimePolicyContainerExec": { "properties": { "blockContainerExec": { "type": "boolean" }, "containerExecProcWhiteLists": { "type": "array", "items": { "type": "string" } }, "enabled": { "type": "boolean" }, "reverseShellIpWhiteLists": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/getContainerRuntimePolicyFileBlock:getContainerRuntimePolicyFileBlock": { "properties": { "blockFilesProcesses": { "type": "array", "items": { "type": "string" } }, "blockFilesUsers": { "type": "array", "items": { "type": "string" } }, "enabled": { "type": "boolean" }, "exceptionalBlockFiles": { "type": "array", "items": { "type": "string" } }, "exceptionalBlockFilesProcesses": { "type": "array", "items": { "type": "string" } }, "exceptionalBlockFilesUsers": { "type": "array", "items": { "type": "string" } }, "filenameBlockLists": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/getContainerRuntimePolicyFileIntegrityMonitoring:getContainerRuntimePolicyFileIntegrityMonitoring": { "properties": { "enabled": { "type": "boolean", "description": "If true, file integrity monitoring is enabled.\n" }, "exceptionalMonitoredFiles": { "type": "array", "items": { "type": "string" }, "description": "List of paths to be excluded from monitoring.\n" }, "exceptionalMonitoredFilesProcesses": { "type": "array", "items": { "type": "string" }, "description": "List of processes to be excluded from monitoring.\n" }, "exceptionalMonitoredFilesUsers": { "type": "array", "items": { "type": "string" }, "description": "List of users to be excluded from monitoring.\n" }, "monitoredFiles": { "type": "array", "items": { "type": "string" }, "description": "List of paths to be monitored.\n" }, "monitoredFilesAttributes": { "type": "boolean", "description": "Whether to monitor file attribute operations.\n" }, "monitoredFilesCreate": { "type": "boolean", "description": "Whether to monitor file create operations.\n" }, "monitoredFilesDelete": { "type": "boolean", "description": "Whether to monitor file delete operations.\n" }, "monitoredFilesModify": { "type": "boolean", "description": "Whether to monitor file modify operations.\n" }, "monitoredFilesProcesses": { "type": "array", "items": { "type": "string" }, "description": "List of processes associated with monitored files.\n" }, "monitoredFilesRead": { "type": "boolean", "description": "Whether to monitor file read operations.\n" }, "monitoredFilesUsers": { "type": "array", "items": { "type": "string" }, "description": "List of users associated with monitored files.\n" } }, "type": "object" }, "aquasec:index/getContainerRuntimePolicyLimitContainerPrivilege:getContainerRuntimePolicyLimitContainerPrivilege": { "properties": { "blockAddCapabilities": { "type": "boolean", "description": "Whether to block adding capabilities.\n" }, "enabled": { "type": "boolean", "description": "Whether container privilege limitations are enabled.\n" }, "ipcmode": { "type": "boolean", "description": "Whether to limit IPC-related capabilities.\n" }, "netmode": { "type": "boolean", "description": "Whether to limit network-related capabilities.\n" }, "pidmode": { "type": "boolean", "description": "Whether to limit process-related capabilities.\n" }, "preventLowPortBinding": { "type": "boolean", "description": "Whether to prevent low port binding.\n" }, "preventRootUser": { "type": "boolean", "description": "Whether to prevent the use of the root user.\n" }, "privileged": { "type": "boolean", "description": "Whether the container is run in privileged mode.\n" }, "useHostUser": { "type": "boolean", "description": "Whether to use the host user.\n" }, "usermode": { "type": "boolean", "description": "Whether to limit user-related capabilities.\n" }, "utsmode": { "type": "boolean", "description": "Whether to limit UTS-related capabilities.\n" } }, "type": "object" }, "aquasec:index/getContainerRuntimePolicyMalwareScanOption:getContainerRuntimePolicyMalwareScanOption": { "properties": { "action": { "type": "string", "description": "Set Action, Defaults to 'Alert' when empty\n" }, "enabled": { "type": "boolean", "description": "Defines if enabled or not\n" }, "excludeDirectories": { "type": "array", "items": { "type": "string" }, "description": "List of registry paths to be excluded from being protected.\n" }, "excludeProcesses": { "type": "array", "items": { "type": "string" }, "description": "List of registry processes to be excluded from being protected.\n" }, "includeDirectories": { "type": "array", "items": { "type": "string" }, "description": "List of registry paths to be excluded from being protected.\n" } }, "type": "object" }, "aquasec:index/getContainerRuntimePolicyPortBlock:getContainerRuntimePolicyPortBlock": { "properties": { "blockInboundPorts": { "type": "array", "items": { "type": "string" } }, "blockOutboundPorts": { "type": "array", "items": { "type": "string" } }, "enabled": { "type": "boolean" } }, "type": "object" }, "aquasec:index/getContainerRuntimePolicyReadonlyFiles:getContainerRuntimePolicyReadonlyFiles": { "properties": { "enabled": { "type": "boolean" }, "exceptionalReadonlyFiles": { "type": "array", "items": { "type": "string" } }, "exceptionalReadonlyFilesProcesses": { "type": "array", "items": { "type": "string" } }, "exceptionalReadonlyFilesUsers": { "type": "array", "items": { "type": "string" } }, "readonlyFiles": { "type": "array", "items": { "type": "string" } }, "readonlyFilesProcesses": { "type": "array", "items": { "type": "string" } }, "readonlyFilesUsers": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/getContainerRuntimePolicyRestrictedVolume:getContainerRuntimePolicyRestrictedVolume": { "properties": { "enabled": { "type": "boolean", "description": "Whether restricted volumes are enabled.\n" }, "volumes": { "type": "array", "items": { "type": "string" }, "description": "List of restricted volumes.\n" } }, "type": "object" }, "aquasec:index/getContainerRuntimePolicyScopeVariable:getContainerRuntimePolicyScopeVariable": { "properties": { "attribute": { "type": "string", "description": "Class of supported scope.\n" }, "name": { "type": "string", "description": "Name assigned to the attribute.\n" }, "value": { "type": "string", "description": "Value assigned to the attribute.\n" } }, "type": "object", "required": [ "attribute", "name", "value" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getEnforcerGroupsCommand:getEnforcerGroupsCommand": { "properties": { "default": { "type": "string" }, "kubernetes": { "type": "string" }, "swarm": { "type": "string" }, "windows": { "type": "string" } }, "type": "object", "required": [ "default", "kubernetes", "swarm", "windows" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getEnforcerGroupsOrchestrator:getEnforcerGroupsOrchestrator": { "properties": { "master": { "type": "boolean" }, "namespace": { "type": "string", "description": "May be specified for these orchestrators: Kubernetes, Kubernetes GKE, VMware Tanzu Kubernetes Grid Integrated Edition (PKS).\n" }, "serviceAccount": { "type": "string", "description": "May be specified for these orchestrators: Kubernetes, Kubernetes GKE, OpenShift, VMware Tanzu Kubernetes Grid Integrated Edition (PKS).\n" }, "type": { "type": "string" } }, "type": "object", "required": [ "master", "namespace", "serviceAccount", "type" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getFirewallPolicyInboundNetwork:getFirewallPolicyInboundNetwork": { "properties": { "allow": { "type": "boolean", "description": "Indicates whether the specified resources are allowed to pass in data or requests.\n" }, "portRange": { "type": "string", "description": "Range of ports affected by firewall.\n" }, "resource": { "type": "string", "description": "Information of the resource.\n" }, "resourceType": { "type": "string", "description": "Type of the resource\n" } }, "type": "object", "required": [ "allow", "portRange", "resource", "resourceType" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getFirewallPolicyOutboundNetwork:getFirewallPolicyOutboundNetwork": { "properties": { "allow": { "type": "boolean", "description": "Indicates whether the specified resources are allowed to receive data or requests.\n" }, "portRange": { "type": "string", "description": "Range of ports affected by firewall.\n" }, "resource": { "type": "string", "description": "Information of the resource.\n" }, "resourceType": { "type": "string", "description": "Type of the resource.\n" } }, "type": "object", "required": [ "allow", "portRange", "resource", "resourceType" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getFunctionAssurancePolicyAutoScanTime:getFunctionAssurancePolicyAutoScanTime": { "properties": { "iteration": { "type": "integer" }, "iterationType": { "type": "string" }, "time": { "type": "string" }, "weekDays": { "type": "array", "items": { "type": "string" } } }, "type": "object", "required": [ "iteration", "iterationType", "time", "weekDays" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getFunctionAssurancePolicyCustomCheck:getFunctionAssurancePolicyCustomCheck": { "properties": { "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "description": { "type": "string" }, "engine": { "type": "string" }, "lastModified": { "type": "integer" }, "name": { "type": "string" }, "path": { "type": "string" }, "readOnly": { "type": "boolean" }, "scriptId": { "type": "string" }, "severity": { "type": "string" }, "snippet": { "type": "string" } }, "type": "object", "required": [ "author", "description", "engine", "lastModified", "name", "path", "readOnly", "scriptId", "severity", "snippet" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getFunctionAssurancePolicyForbiddenLabel:getFunctionAssurancePolicyForbiddenLabel": { "properties": { "key": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "required": [ "key", "value" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getFunctionAssurancePolicyPackagesBlackList:getFunctionAssurancePolicyPackagesBlackList": { "properties": { "arch": { "type": "string" }, "display": { "type": "string" }, "epoch": { "type": "string" }, "format": { "type": "string" }, "license": { "type": "string" }, "name": { "type": "string" }, "release": { "type": "string" }, "version": { "type": "string" }, "versionRange": { "type": "string" } }, "type": "object", "required": [ "arch", "display", "epoch", "format", "license", "name", "release", "version", "versionRange" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getFunctionAssurancePolicyPackagesWhiteList:getFunctionAssurancePolicyPackagesWhiteList": { "properties": { "arch": { "type": "string" }, "display": { "type": "string" }, "epoch": { "type": "string" }, "format": { "type": "string" }, "license": { "type": "string" }, "name": { "type": "string" }, "release": { "type": "string" }, "version": { "type": "string" }, "versionRange": { "type": "string" } }, "type": "object", "required": [ "arch", "display", "epoch", "format", "license", "name", "release", "version", "versionRange" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getFunctionAssurancePolicyRequiredLabel:getFunctionAssurancePolicyRequiredLabel": { "properties": { "key": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "required": [ "key", "value" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getFunctionAssurancePolicyScope:getFunctionAssurancePolicyScope": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetFunctionAssurancePolicyScopeVariable:getFunctionAssurancePolicyScopeVariable" } } }, "type": "object", "required": [ "expression" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getFunctionAssurancePolicyScopeVariable:getFunctionAssurancePolicyScopeVariable": { "properties": { "attribute": { "type": "string" }, "name": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "required": [ "attribute", "name", "value" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getFunctionAssurancePolicyTrustedBaseImage:getFunctionAssurancePolicyTrustedBaseImage": { "properties": { "imagename": { "type": "string" }, "registry": { "type": "string" } }, "type": "object", "required": [ "imagename", "registry" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getFunctionRuntimePolicyDriftPrevention:getFunctionRuntimePolicyDriftPrevention": { "properties": { "enabled": { "type": "boolean", "description": "Whether drift prevention is enabled.\n" }, "execLockdown": { "type": "boolean", "description": "Whether to lockdown execution drift.\n" }, "execLockdownWhiteLists": { "type": "array", "items": { "type": "string" }, "description": "List of items in the execution lockdown white list.\n" }, "imageLockdown": { "type": "boolean", "description": "Whether to lockdown image drift.\n" } }, "type": "object" }, "aquasec:index/getFunctionRuntimePolicyExecutableBlacklist:getFunctionRuntimePolicyExecutableBlacklist": { "properties": { "enabled": { "type": "boolean", "description": "Whether the executable blacklist is enabled.\n" }, "executables": { "type": "array", "items": { "type": "string" }, "description": "List of blacklisted executables.\n" } }, "type": "object" }, "aquasec:index/getFunctionRuntimePolicyScopeVariable:getFunctionRuntimePolicyScopeVariable": { "properties": { "attribute": { "type": "string", "description": "Class of supported scope.\n" }, "name": { "type": "string", "description": "Name assigned to the attribute.\n" }, "value": { "type": "string", "description": "Value assigned to the attribute.\n" } }, "type": "object", "required": [ "attribute", "name", "value" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getGatewaysGateway:getGatewaysGateway": { "properties": { "description": { "type": "string", "description": "The description of the gateway.\n" }, "grpcAddress": { "type": "string", "description": "The GRPC address of the gateway.\n" }, "hostname": { "type": "string", "description": "The name of the gateway's host.\n" }, "id": { "type": "string", "description": "The ID of the gateway (for example: 8522744b25e2_gateway)\n" }, "logicalname": { "type": "string", "description": "The logical name of the gateway (for example: 8522744b25e2)\n" }, "publicAddress": { "type": "string", "description": "The public IP address of the gateway.\n" }, "status": { "type": "string", "description": "The status of the gateway.\n" }, "version": { "type": "string", "description": "The version of the gateway.\n" } }, "type": "object", "required": [ "description", "grpcAddress", "hostname", "id", "logicalname", "publicAddress", "status", "version" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getGroupsGroup:getGroupsGroup": { "properties": { "created": { "type": "string", "description": "The creation date of the group.\n" }, "groupId": { "type": "string", "description": "The ID of the created group.\n" }, "name": { "type": "string", "description": "The desired name of the group.\n" } }, "type": "object", "required": [ "created", "groupId", "name" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getHostAssurancePolicyAutoScanTime:getHostAssurancePolicyAutoScanTime": { "properties": { "iteration": { "type": "integer" }, "iterationType": { "type": "string" }, "time": { "type": "string" }, "weekDays": { "type": "array", "items": { "type": "string" } } }, "type": "object", "required": [ "iteration", "iterationType", "time", "weekDays" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getHostAssurancePolicyCustomCheck:getHostAssurancePolicyCustomCheck": { "properties": { "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "description": { "type": "string" }, "engine": { "type": "string" }, "lastModified": { "type": "integer" }, "name": { "type": "string" }, "path": { "type": "string" }, "readOnly": { "type": "boolean" }, "scriptId": { "type": "string" }, "severity": { "type": "string" }, "snippet": { "type": "string" } }, "type": "object", "required": [ "author", "description", "engine", "lastModified", "name", "path", "readOnly", "scriptId", "severity", "snippet" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getHostAssurancePolicyForbiddenLabel:getHostAssurancePolicyForbiddenLabel": { "properties": { "key": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "required": [ "key", "value" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getHostAssurancePolicyPackagesBlackList:getHostAssurancePolicyPackagesBlackList": { "properties": { "arch": { "type": "string" }, "display": { "type": "string" }, "epoch": { "type": "string" }, "format": { "type": "string" }, "license": { "type": "string" }, "name": { "type": "string" }, "release": { "type": "string" }, "version": { "type": "string" }, "versionRange": { "type": "string" } }, "type": "object", "required": [ "arch", "display", "epoch", "format", "license", "name", "release", "version", "versionRange" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getHostAssurancePolicyPackagesWhiteList:getHostAssurancePolicyPackagesWhiteList": { "properties": { "arch": { "type": "string" }, "display": { "type": "string" }, "epoch": { "type": "string" }, "format": { "type": "string" }, "license": { "type": "string" }, "name": { "type": "string" }, "release": { "type": "string" }, "version": { "type": "string" }, "versionRange": { "type": "string" } }, "type": "object", "required": [ "arch", "display", "epoch", "format", "license", "name", "release", "version", "versionRange" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getHostAssurancePolicyRequiredLabel:getHostAssurancePolicyRequiredLabel": { "properties": { "key": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "required": [ "key", "value" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getHostAssurancePolicyScope:getHostAssurancePolicyScope": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetHostAssurancePolicyScopeVariable:getHostAssurancePolicyScopeVariable" } } }, "type": "object", "required": [ "expression" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getHostAssurancePolicyScopeVariable:getHostAssurancePolicyScopeVariable": { "properties": { "attribute": { "type": "string" }, "name": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "required": [ "attribute", "name", "value" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getHostAssurancePolicyTrustedBaseImage:getHostAssurancePolicyTrustedBaseImage": { "properties": { "imagename": { "type": "string" }, "registry": { "type": "string" } }, "type": "object", "required": [ "imagename", "registry" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getHostRuntimePolicyAuditing:getHostRuntimePolicyAuditing": { "properties": { "auditAllNetwork": { "type": "boolean" }, "auditAllProcesses": { "type": "boolean" }, "auditFailedLogin": { "type": "boolean" }, "auditOsUserActivity": { "type": "boolean" }, "auditProcessCmdline": { "type": "boolean" }, "auditSuccessLogin": { "type": "boolean" }, "auditUserAccountManagement": { "type": "boolean" }, "enabled": { "type": "boolean" } }, "type": "object" }, "aquasec:index/getHostRuntimePolicyFileIntegrityMonitoring:getHostRuntimePolicyFileIntegrityMonitoring": { "properties": { "enabled": { "type": "boolean", "description": "If true, file integrity monitoring is enabled.\n" }, "exceptionalMonitoredFiles": { "type": "array", "items": { "type": "string" }, "description": "List of paths to be excluded from monitoring.\n" }, "exceptionalMonitoredFilesProcesses": { "type": "array", "items": { "type": "string" }, "description": "List of processes to be excluded from monitoring.\n" }, "exceptionalMonitoredFilesUsers": { "type": "array", "items": { "type": "string" }, "description": "List of users to be excluded from monitoring.\n" }, "monitoredFiles": { "type": "array", "items": { "type": "string" }, "description": "List of paths to be monitored.\n" }, "monitoredFilesAttributes": { "type": "boolean", "description": "Whether to monitor file attribute operations.\n" }, "monitoredFilesCreate": { "type": "boolean", "description": "Whether to monitor file create operations.\n" }, "monitoredFilesDelete": { "type": "boolean", "description": "Whether to monitor file delete operations.\n" }, "monitoredFilesModify": { "type": "boolean", "description": "Whether to monitor file modify operations.\n" }, "monitoredFilesProcesses": { "type": "array", "items": { "type": "string" }, "description": "List of processes associated with monitored files.\n" }, "monitoredFilesRead": { "type": "boolean", "description": "Whether to monitor file read operations.\n" }, "monitoredFilesUsers": { "type": "array", "items": { "type": "string" }, "description": "List of users associated with monitored files.\n" } }, "type": "object" }, "aquasec:index/getHostRuntimePolicyMalwareScanOption:getHostRuntimePolicyMalwareScanOption": { "properties": { "action": { "type": "string", "description": "Set Action, Defaults to 'Alert' when empty\n" }, "enabled": { "type": "boolean", "description": "Defines if enabled or not\n" }, "excludeDirectories": { "type": "array", "items": { "type": "string" }, "description": "List of registry paths to be excluded from being protected.\n" }, "excludeProcesses": { "type": "array", "items": { "type": "string" }, "description": "List of registry processes to be excluded from being protected.\n" }, "includeDirectories": { "type": "array", "items": { "type": "string" }, "description": "List of registry paths to be excluded from being protected.\n" } }, "type": "object" }, "aquasec:index/getHostRuntimePolicyPackageBlock:getHostRuntimePolicyPackageBlock": { "properties": { "blockPackagesProcesses": { "type": "array", "items": { "type": "string" } }, "blockPackagesUsers": { "type": "array", "items": { "type": "string" } }, "enabled": { "type": "boolean" }, "exceptionalBlockPackagesFiles": { "type": "array", "items": { "type": "string" } }, "exceptionalBlockPackagesProcesses": { "type": "array", "items": { "type": "string" } }, "exceptionalBlockPackagesUsers": { "type": "array", "items": { "type": "string" } }, "packagesBlackLists": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "aquasec:index/getHostRuntimePolicyScopeVariable:getHostRuntimePolicyScopeVariable": { "properties": { "attribute": { "type": "string", "description": "Class of supported scope.\n" }, "name": { "type": "string", "description": "Name assigned to the attribute.\n" }, "value": { "type": "string", "description": "Value assigned to the attribute.\n" } }, "type": "object", "required": [ "attribute", "name", "value" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getHostRuntimePolicyWindowsRegistryMonitoring:getHostRuntimePolicyWindowsRegistryMonitoring": { "properties": { "excludedPaths": { "type": "array", "items": { "type": "string" }, "description": "List of paths to be excluded from being monitored.\n" }, "excludedProcesses": { "type": "array", "items": { "type": "string" }, "description": "List of registry processes to be excluded from being monitored.\n" }, "excludedUsers": { "type": "array", "items": { "type": "string" }, "description": "List of registry users to be excluded from being monitored.\n" }, "monitorAttributes": { "type": "boolean", "description": "If true, add attributes operations will be monitored.\n" }, "monitorCreate": { "type": "boolean", "description": "If true, create operations will be monitored.\n" }, "monitorDelete": { "type": "boolean", "description": "If true, deletion operations will be monitored.\n" }, "monitorModify": { "type": "boolean", "description": "If true, modification operations will be monitored.\n" }, "monitorRead": { "type": "boolean", "description": "If true, read operations will be monitored.\n" }, "monitoredPaths": { "type": "array", "items": { "type": "string" }, "description": "List of paths to be monitored.\n" }, "monitoredProcesses": { "type": "array", "items": { "type": "string" }, "description": "List of registry processes to be monitored.\n" }, "monitoredUsers": { "type": "array", "items": { "type": "string" }, "description": "List of registry users to be monitored.\n" } }, "type": "object", "required": [ "excludedPaths", "excludedProcesses", "excludedUsers", "monitorAttributes", "monitorCreate", "monitorDelete", "monitorModify", "monitorRead", "monitoredPaths", "monitoredProcesses", "monitoredUsers" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getHostRuntimePolicyWindowsRegistryProtection:getHostRuntimePolicyWindowsRegistryProtection": { "properties": { "excludedPaths": { "type": "array", "items": { "type": "string" }, "description": "List of registry paths to be excluded from being protected.\n" }, "excludedProcesses": { "type": "array", "items": { "type": "string" }, "description": "List of registry processes to be excluded from being protected.\n" }, "excludedUsers": { "type": "array", "items": { "type": "string" }, "description": "List of registry paths to be users from being protected.\n" }, "protectedPaths": { "type": "array", "items": { "type": "string" }, "description": "List of registry paths to be protected.\n" }, "protectedProcesses": { "type": "array", "items": { "type": "string" }, "description": "List of registry processes to be protected.\n" }, "protectedUsers": { "type": "array", "items": { "type": "string" }, "description": "List of registry users to be protected.\n" } }, "type": "object", "required": [ "excludedPaths", "excludedProcesses", "excludedUsers", "protectedPaths", "protectedProcesses", "protectedUsers" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getImageAssuranceChecksPerformed:getImageAssuranceChecksPerformed": { "properties": { "assuranceType": { "type": "string", "description": "The type of the Assurance Policy the check originated from.\n" }, "blocking": { "type": "boolean", "description": "Whether the check is blocking (i.e. a failure should trigger a disallow).\n" }, "control": { "type": "string", "description": "The name of the image assurance control.\n" }, "dtaSkipped": { "type": "boolean", "description": "If DTA was skipped.\n" }, "dtaSkippedReason": { "type": "string", "description": "The reason why DTA was skipped.\n" }, "failed": { "type": "boolean", "description": "Whether the image failed the check.\n" }, "policyName": { "type": "string", "description": "The name of the Image Assurance Policy the check originated from.\n" } }, "type": "object", "required": [ "assuranceType", "blocking", "control", "dtaSkipped", "dtaSkippedReason", "failed", "policyName" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getImageAssurancePolicyAutoScanTime:getImageAssurancePolicyAutoScanTime": { "properties": { "iteration": { "type": "integer" }, "iterationType": { "type": "string" }, "time": { "type": "string" }, "weekDays": { "type": "array", "items": { "type": "string" } } }, "type": "object", "required": [ "iteration", "iterationType", "time", "weekDays" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getImageAssurancePolicyCustomCheck:getImageAssurancePolicyCustomCheck": { "properties": { "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "description": { "type": "string" }, "engine": { "type": "string" }, "lastModified": { "type": "integer" }, "name": { "type": "string" }, "path": { "type": "string" }, "readOnly": { "type": "boolean" }, "scriptId": { "type": "string" }, "severity": { "type": "string" }, "snippet": { "type": "string" } }, "type": "object", "required": [ "author", "description", "engine", "lastModified", "name", "path", "readOnly", "scriptId", "severity", "snippet" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getImageAssurancePolicyForbiddenLabel:getImageAssurancePolicyForbiddenLabel": { "properties": { "key": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "required": [ "key", "value" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getImageAssurancePolicyPackagesBlackList:getImageAssurancePolicyPackagesBlackList": { "properties": { "arch": { "type": "string" }, "display": { "type": "string" }, "epoch": { "type": "string" }, "format": { "type": "string" }, "license": { "type": "string" }, "name": { "type": "string" }, "release": { "type": "string" }, "version": { "type": "string" }, "versionRange": { "type": "string" } }, "type": "object", "required": [ "arch", "display", "epoch", "format", "license", "name", "release", "version", "versionRange" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getImageAssurancePolicyPackagesWhiteList:getImageAssurancePolicyPackagesWhiteList": { "properties": { "arch": { "type": "string" }, "display": { "type": "string" }, "epoch": { "type": "string" }, "format": { "type": "string" }, "license": { "type": "string" }, "name": { "type": "string" }, "release": { "type": "string" }, "version": { "type": "string" }, "versionRange": { "type": "string" } }, "type": "object", "required": [ "arch", "display", "epoch", "format", "license", "name", "release", "version", "versionRange" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getImageAssurancePolicyRequiredLabel:getImageAssurancePolicyRequiredLabel": { "properties": { "key": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "required": [ "key", "value" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getImageAssurancePolicyScope:getImageAssurancePolicyScope": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetImageAssurancePolicyScopeVariable:getImageAssurancePolicyScopeVariable" } } }, "type": "object", "required": [ "expression" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getImageAssurancePolicyScopeVariable:getImageAssurancePolicyScopeVariable": { "properties": { "attribute": { "type": "string" }, "name": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "required": [ "attribute", "name", "value" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getImageAssurancePolicyTrustedBaseImage:getImageAssurancePolicyTrustedBaseImage": { "properties": { "imagename": { "type": "string" }, "registry": { "type": "string" } }, "type": "object", "required": [ "imagename", "registry" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getImageHistory:getImageHistory": { "properties": { "comment": { "type": "string", "description": "The commit comment for the image, if any.\n" }, "created": { "type": "string", "description": "The date of creation of the layer.\n" }, "createdBy": { "type": "string", "description": "The command that generated the layer.\n" }, "id": { "type": "string", "description": "The image ID of the layer (if any).\n" }, "size": { "type": "integer", "description": "The size of the image.\n" } }, "type": "object", "required": [ "comment", "created", "createdBy", "id", "size" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getImageVulnerability:getImageVulnerability": { "properties": { "ackAuthor": { "type": "string" }, "ackComment": { "type": "string" }, "ackExpirationConfiguredAt": { "type": "string" }, "ackExpirationConfiguredBy": { "type": "string" }, "ackExpirationDays": { "type": "integer" }, "ackScope": { "type": "string" }, "acknowledgeDate": { "type": "string" }, "ancestorPkg": { "type": "string", "description": "The ancestor of this package.\n" }, "aquaScore": { "type": "number", "description": "The score generated for the vulnerability by Aqua.\n" }, "aquaScoreClassification": { "type": "string", "description": "Score classification by Aqua.\n" }, "aquaScoringSystem": { "type": "string", "description": "The score system for the vulnerability by Aqua\n" }, "aquaSeverity": { "type": "string", "description": "The severity generated for the vulnerability by Aqua.\n" }, "aquaSeverityClassification": { "type": "string", "description": "Classification of the severity defined by Aqua.\n" }, "aquaVectors": { "type": "string", "description": "The vectors generated for the vulnerability by Aqua\n" }, "auditEventsCount": { "type": "integer", "description": "Number of audit events.\n" }, "blockEventsCount": { "type": "integer", "description": "Number of blocked events.\n" }, "classification": { "type": "string", "description": "Classification of the vulnerability.\n" }, "description": { "type": "string", "description": "The description of the vulnerability.\n" }, "digest": { "type": "string", "description": "The content digest of the image.\n" }, "exploitReference": { "type": "string", "description": "Reference of the exploit.\n" }, "exploitType": { "type": "string", "description": "Type of the exploit.\n" }, "firstFoundDate": { "type": "string", "description": "The date when this vulnerability was first found.\n" }, "fixVersion": { "type": "string", "description": "Fixed version of the resource.\n" }, "imageName": { "type": "string", "description": "Name of the image.\n" }, "lastFoundDate": { "type": "string", "description": "The date when this vulnerability was last found.\n" }, "modificationDate": { "type": "string", "description": "Thhe date when this vulnerability was modified.\n" }, "name": { "type": "string", "description": "The name of the vulnerability.\n" }, "nvdCvss2Score": { "type": "number", "description": "CVSS2 score by NVD\n" }, "nvdCvss2Vectors": { "type": "string", "description": "CVSS2 vectors by NVD\n" }, "nvdCvss3Score": { "type": "number", "description": "CVSS3 score by NVD\n" }, "nvdCvss3Severity": { "type": "string", "description": "CVSS3 severity by NVD\n" }, "nvdCvss3Vectors": { "type": "string", "description": "CVSS3 vectors by NVD\n" }, "nvdSeverity": { "type": "string", "description": "Type of the severity identified by NVD.\n" }, "nvdUrl": { "type": "string", "description": "URL of the details of this vulnerability by NVD.\n" }, "os": { "type": "string", "description": "Name of the Operating System.\n" }, "osVersion": { "type": "string", "description": "The version of the OS.\n" }, "permission": { "type": "string", "description": "permission on the image\n" }, "publishDate": { "type": "string", "description": "The date this vulnerability was published.\n" }, "registry": { "type": "string", "description": "Registry of the image.\n" }, "repository": { "type": "string", "description": "Repository of the image.\n" }, "resourceArchitecture": { "type": "string", "description": "Architecture of the resource.\n" }, "resourceCpe": { "type": "string", "description": "Common Platform Enumeration (CPE) of the resource.\n" }, "resourceFormat": { "type": "string", "description": "Code format of the resource (java, apk etc.).\n" }, "resourceHash": { "type": "string", "description": "Hash of the resource.\n" }, "resourceLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of license supported by the resource.\n" }, "resourceName": { "type": "string", "description": "Name of the resource.\n" }, "resourcePath": { "type": "string", "description": "Path of the resource.\n" }, "resourceType": { "type": "string", "description": "Type of the resource\n" }, "resourceVersion": { "type": "string", "description": "Version of the resource.\n" }, "severityClassification": { "type": "string", "description": "Classification of the severity.\n" }, "solution": { "type": "string", "description": "Solution for the vulnerability.\n" }, "temporalVector": { "type": "string" }, "vPatchAppliedBy": { "type": "string" }, "vPatchAppliedOn": { "type": "string" }, "vPatchEnforcedBy": { "type": "string" }, "vPatchEnforcedOn": { "type": "string" }, "vPatchPolicyEnforce": { "type": "boolean" }, "vPatchPolicyName": { "type": "string" }, "vPatchRevertedBy": { "type": "string" }, "vPatchRevertedOn": { "type": "string" }, "vPatchStatus": { "type": "string" }, "vendorCvss2Score": { "type": "number" }, "vendorCvss2Vectors": { "type": "string" }, "vendorSeverity": { "type": "string" }, "vendorStatement": { "type": "string" }, "vendorUrl": { "type": "string" } }, "type": "object", "required": [ "ackAuthor", "ackComment", "ackExpirationConfiguredAt", "ackExpirationConfiguredBy", "ackExpirationDays", "ackScope", "acknowledgeDate", "ancestorPkg", "aquaScore", "aquaScoreClassification", "aquaScoringSystem", "aquaSeverity", "aquaSeverityClassification", "aquaVectors", "auditEventsCount", "blockEventsCount", "classification", "description", "digest", "exploitReference", "exploitType", "firstFoundDate", "fixVersion", "imageName", "lastFoundDate", "modificationDate", "name", "nvdCvss2Score", "nvdCvss2Vectors", "nvdCvss3Score", "nvdCvss3Severity", "nvdCvss3Vectors", "nvdSeverity", "nvdUrl", "os", "osVersion", "permission", "publishDate", "registry", "repository", "resourceArchitecture", "resourceCpe", "resourceFormat", "resourceHash", "resourceLicenses", "resourceName", "resourcePath", "resourceType", "resourceVersion", "severityClassification", "solution", "temporalVector", "vPatchAppliedBy", "vPatchAppliedOn", "vPatchEnforcedBy", "vPatchEnforcedOn", "vPatchPolicyEnforce", "vPatchPolicyName", "vPatchRevertedBy", "vPatchRevertedOn", "vPatchStatus", "vendorCvss2Score", "vendorCvss2Vectors", "vendorSeverity", "vendorStatement", "vendorUrl" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getIntegrationRegistriesOption:getIntegrationRegistriesOption": { "properties": { "option": { "type": "string" }, "value": { "type": "string" } }, "type": "object" }, "aquasec:index/getIntegrationRegistriesWebhook:getIntegrationRegistriesWebhook": { "properties": { "authToken": { "type": "string" }, "enabled": { "type": "boolean" }, "unQuarantine": { "type": "boolean" }, "url": { "type": "string" } }, "type": "object" }, "aquasec:index/getIntegrationRegistryOption:getIntegrationRegistryOption": { "properties": { "option": { "type": "string" }, "value": { "type": "string" } }, "type": "object" }, "aquasec:index/getIntegrationRegistryWebhook:getIntegrationRegistryWebhook": { "properties": { "authToken": { "type": "string" }, "enabled": { "type": "boolean" }, "unQuarantine": { "type": "boolean" }, "url": { "type": "string" } }, "type": "object" }, "aquasec:index/getKubernetesAssurancePolicyAutoScanTime:getKubernetesAssurancePolicyAutoScanTime": { "properties": { "iteration": { "type": "integer" }, "iterationType": { "type": "string" }, "time": { "type": "string" }, "weekDays": { "type": "array", "items": { "type": "string" } } }, "type": "object", "required": [ "iteration", "iterationType", "time", "weekDays" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getKubernetesAssurancePolicyCustomCheck:getKubernetesAssurancePolicyCustomCheck": { "properties": { "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "description": { "type": "string" }, "engine": { "type": "string" }, "lastModified": { "type": "integer" }, "name": { "type": "string" }, "path": { "type": "string" }, "readOnly": { "type": "boolean" }, "scriptId": { "type": "string" }, "severity": { "type": "string" }, "snippet": { "type": "string" } }, "type": "object", "required": [ "author", "description", "engine", "lastModified", "name", "path", "readOnly", "scriptId", "severity", "snippet" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getKubernetesAssurancePolicyForbiddenLabel:getKubernetesAssurancePolicyForbiddenLabel": { "properties": { "key": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "required": [ "key", "value" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getKubernetesAssurancePolicyPackagesBlackList:getKubernetesAssurancePolicyPackagesBlackList": { "properties": { "arch": { "type": "string" }, "display": { "type": "string" }, "epoch": { "type": "string" }, "format": { "type": "string" }, "license": { "type": "string" }, "name": { "type": "string" }, "release": { "type": "string" }, "version": { "type": "string" }, "versionRange": { "type": "string" } }, "type": "object", "required": [ "arch", "display", "epoch", "format", "license", "name", "release", "version", "versionRange" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getKubernetesAssurancePolicyPackagesWhiteList:getKubernetesAssurancePolicyPackagesWhiteList": { "properties": { "arch": { "type": "string" }, "display": { "type": "string" }, "epoch": { "type": "string" }, "format": { "type": "string" }, "license": { "type": "string" }, "name": { "type": "string" }, "release": { "type": "string" }, "version": { "type": "string" }, "versionRange": { "type": "string" } }, "type": "object", "required": [ "arch", "display", "epoch", "format", "license", "name", "release", "version", "versionRange" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getKubernetesAssurancePolicyRequiredLabel:getKubernetesAssurancePolicyRequiredLabel": { "properties": { "key": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "required": [ "key", "value" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getKubernetesAssurancePolicyScope:getKubernetesAssurancePolicyScope": { "properties": { "expression": { "type": "string" }, "variables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetKubernetesAssurancePolicyScopeVariable:getKubernetesAssurancePolicyScopeVariable" } } }, "type": "object", "required": [ "expression" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getKubernetesAssurancePolicyScopeVariable:getKubernetesAssurancePolicyScopeVariable": { "properties": { "attribute": { "type": "string" }, "name": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "required": [ "attribute", "name", "value" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getKubernetesAssurancePolicyTrustedBaseImage:getKubernetesAssurancePolicyTrustedBaseImage": { "properties": { "imagename": { "type": "string" }, "registry": { "type": "string" } }, "type": "object", "required": [ "imagename", "registry" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getNotificationsEmail:getNotificationsEmail": { "properties": { "author": { "type": "string" }, "id": { "type": "integer" }, "lastUpdated": { "type": "string" }, "name": { "type": "string" }, "properties": { "type": "object", "additionalProperties": { "type": "string" } }, "template": { "type": "object", "additionalProperties": { "type": "string" } }, "type": { "type": "string" } }, "type": "object", "required": [ "author", "id", "lastUpdated", "name", "properties", "template", "type" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getNotificationsJira:getNotificationsJira": { "properties": { "author": { "type": "string" }, "id": { "type": "integer" }, "lastUpdated": { "type": "string" }, "name": { "type": "string" }, "properties": { "type": "object", "additionalProperties": { "type": "string" } }, "template": { "type": "object", "additionalProperties": { "type": "string" } }, "type": { "type": "string" } }, "type": "object", "required": [ "author", "id", "lastUpdated", "name", "properties", "template", "type" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getNotificationsServicenow:getNotificationsServicenow": { "properties": { "author": { "type": "string" }, "id": { "type": "integer" }, "lastUpdated": { "type": "string" }, "name": { "type": "string" }, "properties": { "type": "object", "additionalProperties": { "type": "string" } }, "template": { "type": "object", "additionalProperties": { "type": "string" } }, "type": { "type": "string" } }, "type": "object", "required": [ "author", "id", "lastUpdated", "name", "properties", "template", "type" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getNotificationsSlack:getNotificationsSlack": { "properties": { "author": { "type": "string" }, "id": { "type": "integer" }, "lastUpdated": { "type": "string" }, "name": { "type": "string" }, "properties": { "type": "object", "additionalProperties": { "type": "string" } }, "template": { "type": "object", "additionalProperties": { "type": "string" } }, "type": { "type": "string" } }, "type": "object", "required": [ "author", "id", "lastUpdated", "name", "properties", "template", "type" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getNotificationsSplunk:getNotificationsSplunk": { "properties": { "author": { "type": "string" }, "id": { "type": "integer" }, "lastUpdated": { "type": "string" }, "name": { "type": "string" }, "properties": { "type": "object", "additionalProperties": { "type": "string" } }, "template": { "type": "object", "additionalProperties": { "type": "string" } }, "type": { "type": "string" } }, "type": "object", "required": [ "author", "id", "lastUpdated", "name", "properties", "template", "type" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getNotificationsTeam:getNotificationsTeam": { "properties": { "author": { "type": "string" }, "id": { "type": "integer" }, "lastUpdated": { "type": "string" }, "name": { "type": "string" }, "properties": { "type": "object", "additionalProperties": { "type": "string" } }, "template": { "type": "object", "additionalProperties": { "type": "string" } }, "type": { "type": "string" } }, "type": "object", "required": [ "author", "id", "lastUpdated", "name", "properties", "template", "type" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getNotificationsWebhook:getNotificationsWebhook": { "properties": { "author": { "type": "string" }, "id": { "type": "integer" }, "lastUpdated": { "type": "string" }, "name": { "type": "string" }, "properties": { "type": "object", "additionalProperties": { "type": "string" } }, "template": { "type": "object", "additionalProperties": { "type": "string" } }, "type": { "type": "string" } }, "type": "object", "required": [ "author", "id", "lastUpdated", "name", "properties", "template", "type" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getPermissionsSetsPermissionsSet:getPermissionsSetsPermissionsSet": { "properties": { "actions": { "type": "array", "items": { "type": "string" }, "description": "List of allowed actions for the Permission Set (not relevant if 'is_super' is true).\n" }, "author": { "type": "string", "description": "The name of the user who created the Permission Set.\n" }, "description": { "type": "string", "description": "Free text description for the Permission Set.\n" }, "isSuper": { "type": "boolean", "description": "Give the Permission Set full access, meaning all actions are allowed without restriction.\n" }, "name": { "type": "string", "description": "The name of the Permission Set, comprised of alphanumeric characters and '-', '_', ' ', ':', '.', '@', '!', '^'.\n" }, "uiAccess": { "type": "boolean", "description": "Whether to allow UI access for users with this Permission Set.\n" }, "updatedAt": { "type": "string", "description": "The date of the last modification of the Role.\n" } }, "type": "object", "required": [ "actions", "author", "description", "isSuper", "name", "uiAccess", "updatedAt" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getRolesMappingLdap:getRolesMappingLdap": { "properties": { "roleMapping": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Role Mapping is used to define the IdP role that the user will assume in Aqua\n" } }, "type": "object", "required": [ "roleMapping" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getRolesMappingOauth2:getRolesMappingOauth2": { "properties": { "roleMapping": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Role Mapping is used to define the IdP role that the user will assume in Aqua\n" } }, "type": "object", "required": [ "roleMapping" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getRolesMappingOpenid:getRolesMappingOpenid": { "properties": { "roleMapping": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Role Mapping is used to define the IdP role that the user will assume in Aqua\n" } }, "type": "object", "required": [ "roleMapping" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getRolesMappingSaasRolesMapping:getRolesMappingSaasRolesMapping": { "properties": { "accountId": { "type": "integer" }, "created": { "type": "string" }, "cspRole": { "type": "string" }, "id": { "type": "integer" }, "samlGroups": { "type": "array", "items": { "type": "string" } } }, "type": "object", "required": [ "accountId", "created", "cspRole", "id", "samlGroups" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getRolesMappingSaml:getRolesMappingSaml": { "properties": { "roleMapping": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Role Mapping is used to define the IdP role that the user will assume in Aqua\n" } }, "type": "object", "required": [ "roleMapping" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getRolesRole:getRolesRole": { "properties": { "description": { "type": "string", "description": "Free text description for the role.\n" }, "name": { "type": "string", "description": "The name of the role, comprised of alphanumeric characters and '-', '_', ' ', ':', '.', '@', '!', '^'.\n" }, "permission": { "type": "string", "description": "The name of the Permission Set that will affect the users assigned to this specific Role.\n" }, "scopes": { "type": "array", "items": { "type": "string" }, "description": "List of Application Scopes that will affect the users assigned to this specific Role.\n" }, "updatedAt": { "type": "string", "description": "The date of the last modification of the role.\n" } }, "type": "object", "required": [ "description", "name", "permission", "scopes", "updatedAt" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getServiceScopeVariable:getServiceScopeVariable": { "properties": { "attribute": { "type": "string", "description": "Class of supported scope.\n" }, "name": { "type": "string", "description": "Name assigned to the attribute.\n" }, "value": { "type": "string", "description": "Value assigned to the attribute.\n" } }, "type": "object", "required": [ "attribute", "name", "value" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getUsersSaasUser:getUsersSaasUser": { "properties": { "accountAdmin": { "type": "boolean" }, "confirmed": { "type": "boolean" }, "created": { "type": "string" }, "cspRoles": { "type": "array", "items": { "type": "string" } }, "dashboard": { "type": "boolean" }, "email": { "type": "string" }, "groups": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetUsersSaasUserGroup:getUsersSaasUserGroup" } }, "logins": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetUsersSaasUserLogin:getUsersSaasUserLogin" } }, "multiaccount": { "type": "boolean" }, "passwordReset": { "type": "boolean" }, "provider": { "type": "string" }, "sendAnnouncements": { "type": "boolean" }, "sendNewPlugins": { "type": "boolean" }, "sendNewRisks": { "type": "boolean" }, "sendScanResults": { "type": "boolean" }, "userId": { "type": "string" } }, "type": "object", "required": [ "accountAdmin", "confirmed", "created", "cspRoles", "dashboard", "email", "groups", "logins", "multiaccount", "passwordReset", "provider", "sendAnnouncements", "sendNewPlugins", "sendNewRisks", "sendScanResults", "userId" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getUsersSaasUserGroup:getUsersSaasUserGroup": { "properties": { "created": { "type": "string" }, "id": { "type": "integer" }, "name": { "type": "string" } }, "type": "object", "required": [ "created", "id", "name" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getUsersSaasUserLogin:getUsersSaasUserLogin": { "properties": { "created": { "type": "string" }, "id": { "type": "integer" }, "ipAddress": { "type": "string" }, "userId": { "type": "integer" } }, "type": "object", "required": [ "created", "id", "ipAddress", "userId" ], "language": { "nodejs": { "requiredInputs": [] } } }, "aquasec:index/getUsersUser:getUsersUser": { "properties": { "email": { "type": "string", "description": "The user Email.\n" }, "firstTime": { "type": "boolean", "description": "If the user must change password at next login.\n" }, "isSuper": { "type": "boolean", "description": "Give the Permission Set full access, meaning all actions are allowed without restriction.\n" }, "name": { "type": "string", "description": "The user name.\n" }, "plan": { "type": "string", "description": "User's Aqua plan (Developer / Team / Advanced).\n" }, "role": { "type": "string", "description": "The first role that assigned to the user for backward compatibility.\n" }, "roles": { "type": "array", "items": { "type": "string" }, "description": "The roles that will be assigned to the user.\n" }, "type": { "type": "string", "description": "The user type (Aqua, LDAP, SAML, OAuth2, OpenID, Tenant Manager).\n" }, "uiAccess": { "type": "boolean", "description": "Whether to allow UI access for users with this Permission Set.\n" }, "userId": { "type": "string", "description": "The user ID.\n" } }, "type": "object", "required": [ "email", "firstTime", "isSuper", "name", "plan", "role", "roles", "type", "uiAccess", "userId" ], "language": { "nodejs": { "requiredInputs": [] } } } }, "provider": { "description": "The provider type for the aquasec package. By default, resources use package-wide configuration\nsettings, however an explicit `Provider` instance may be created and passed during resource\nconstruction to achieve fine-grained programmatic control over provider settings. See the\n[documentation](https://www.pulumi.com/docs/reference/programming-model/#providers) for more information.\n", "properties": { "aquaUrl": { "type": "string", "description": "This is the base URL of your Aqua instance. Can alternatively be sourced from the `AQUA_URL` environment variable.\n" }, "caCertificatePath": { "type": "string", "description": "This is the file path for server CA certificates if they are not available on the host OS. Can alternatively be sourced\nfrom the `AQUA_CA_CERT_PATH` environment variable.\n" }, "configPath": { "type": "string", "description": "This is the file path for Aqua provider configuration. The default configuration path is `~/.aqua/tf.config`. Can\nalternatively be sourced from the `AQUA_CONFIG` environment variable.\n" }, "password": { "type": "string", "description": "This is the password that should be used to make the connection. Can alternatively be sourced from the `AQUA_PASSWORD`\nenvironment variable.\n", "secret": true }, "username": { "type": "string", "description": "This is the user id that should be used to make the connection. Can alternatively be sourced from the `AQUA_USER`\nenvironment variable.\n", "secret": true } }, "type": "object", "inputProperties": { "aquaUrl": { "type": "string", "description": "This is the base URL of your Aqua instance. Can alternatively be sourced from the `AQUA_URL` environment variable.\n", "defaultInfo": { "environment": [ "AQUA_URL" ] } }, "caCertificatePath": { "type": "string", "description": "This is the file path for server CA certificates if they are not available on the host OS. Can alternatively be sourced\nfrom the `AQUA_CA_CERT_PATH` environment variable.\n", "defaultInfo": { "environment": [ "AQUA_CA_CERT_PATH" ] } }, "configPath": { "type": "string", "description": "This is the file path for Aqua provider configuration. The default configuration path is `~/.aqua/tf.config`. Can\nalternatively be sourced from the `AQUA_CONFIG` environment variable.\n", "defaultInfo": { "environment": [ "AQUA_CONFIG" ] } }, "password": { "type": "string", "description": "This is the password that should be used to make the connection. Can alternatively be sourced from the `AQUA_PASSWORD`\nenvironment variable.\n", "defaultInfo": { "environment": [ "AQUA_PASSWORD" ] }, "secret": true }, "username": { "type": "string", "description": "This is the user id that should be used to make the connection. Can alternatively be sourced from the `AQUA_USER`\nenvironment variable.\n", "defaultInfo": { "environment": [ "AQUA_USER" ] }, "secret": true }, "verifyTls": { "type": "boolean", "description": "If true, server tls certificates will be verified by the client before making a connection. Defaults to true. Can\nalternatively be sourced from the `AQUA_TLS_VERIFY` environment variable.\n", "default": true, "defaultInfo": { "environment": [ "AQUA_TLS_VERIFY" ] } } } }, "resources": { "aquasec:index/acknowledge:Acknowledge": { "description": "## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst acknowledge = new aquasec.Acknowledge(\"acknowledge\", {\n comment: \"comment\",\n issues: [\n {\n dockerId: \"\",\n imageName: \"image:latest\",\n issueName: \"CVE-2022-1271\",\n issueType: \"vulnerability\",\n registryName: \"registry\",\n resourceCpe: \"cpe:/a:gnu:gzip:1.10\",\n resourceName: \"gzip\",\n resourcePath: \"/usr/bin/gzip\",\n resourceType: \"executable\",\n resourceVersion: \"1.10\",\n },\n {\n dockerId: \"docker-id\",\n imageName: \"image-name\",\n issueName: \"ALAS2-2021-1722\",\n issueType: \"vulnerability\",\n registryName: \"registry-name\",\n resourceCpe: \"pkg:/amzn:2:nss-softokn:3.44.0-8.amzn2\",\n resourceName: \"nss-softokn\",\n resourcePath: \"\",\n resourceType: \"package\",\n resourceVersion: \"3.44.0-8.amzn2\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nacknowledge = aquasec.Acknowledge(\"acknowledge\",\n comment=\"comment\",\n issues=[\n aquasec.AcknowledgeIssueArgs(\n docker_id=\"\",\n image_name=\"image:latest\",\n issue_name=\"CVE-2022-1271\",\n issue_type=\"vulnerability\",\n registry_name=\"registry\",\n resource_cpe=\"cpe:/a:gnu:gzip:1.10\",\n resource_name=\"gzip\",\n resource_path=\"/usr/bin/gzip\",\n resource_type=\"executable\",\n resource_version=\"1.10\",\n ),\n aquasec.AcknowledgeIssueArgs(\n docker_id=\"docker-id\",\n image_name=\"image-name\",\n issue_name=\"ALAS2-2021-1722\",\n issue_type=\"vulnerability\",\n registry_name=\"registry-name\",\n resource_cpe=\"pkg:/amzn:2:nss-softokn:3.44.0-8.amzn2\",\n resource_name=\"nss-softokn\",\n resource_path=\"\",\n resource_type=\"package\",\n resource_version=\"3.44.0-8.amzn2\",\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() => \n{\n var acknowledge = new Aquasec.Acknowledge(\"acknowledge\", new()\n {\n Comment = \"comment\",\n Issues = new[]\n {\n new Aquasec.Inputs.AcknowledgeIssueArgs\n {\n DockerId = \"\",\n ImageName = \"image:latest\",\n IssueName = \"CVE-2022-1271\",\n IssueType = \"vulnerability\",\n RegistryName = \"registry\",\n ResourceCpe = \"cpe:/a:gnu:gzip:1.10\",\n ResourceName = \"gzip\",\n ResourcePath = \"/usr/bin/gzip\",\n ResourceType = \"executable\",\n ResourceVersion = \"1.10\",\n },\n new Aquasec.Inputs.AcknowledgeIssueArgs\n {\n DockerId = \"docker-id\",\n ImageName = \"image-name\",\n IssueName = \"ALAS2-2021-1722\",\n IssueType = \"vulnerability\",\n RegistryName = \"registry-name\",\n ResourceCpe = \"pkg:/amzn:2:nss-softokn:3.44.0-8.amzn2\",\n ResourceName = \"nss-softokn\",\n ResourcePath = \"\",\n ResourceType = \"package\",\n ResourceVersion = \"3.44.0-8.amzn2\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewAcknowledge(ctx, \"acknowledge\", &aquasec.AcknowledgeArgs{\n\t\t\tComment: pulumi.String(\"comment\"),\n\t\t\tIssues: aquasec.AcknowledgeIssueArray{\n\t\t\t\t&aquasec.AcknowledgeIssueArgs{\n\t\t\t\t\tDockerId: pulumi.String(\"\"),\n\t\t\t\t\tImageName: pulumi.String(\"image:latest\"),\n\t\t\t\t\tIssueName: pulumi.String(\"CVE-2022-1271\"),\n\t\t\t\t\tIssueType: pulumi.String(\"vulnerability\"),\n\t\t\t\t\tRegistryName: pulumi.String(\"registry\"),\n\t\t\t\t\tResourceCpe: pulumi.String(\"cpe:/a:gnu:gzip:1.10\"),\n\t\t\t\t\tResourceName: pulumi.String(\"gzip\"),\n\t\t\t\t\tResourcePath: pulumi.String(\"/usr/bin/gzip\"),\n\t\t\t\t\tResourceType: pulumi.String(\"executable\"),\n\t\t\t\t\tResourceVersion: pulumi.String(\"1.10\"),\n\t\t\t\t},\n\t\t\t\t&aquasec.AcknowledgeIssueArgs{\n\t\t\t\t\tDockerId: pulumi.String(\"docker-id\"),\n\t\t\t\t\tImageName: pulumi.String(\"image-name\"),\n\t\t\t\t\tIssueName: pulumi.String(\"ALAS2-2021-1722\"),\n\t\t\t\t\tIssueType: pulumi.String(\"vulnerability\"),\n\t\t\t\t\tRegistryName: pulumi.String(\"registry-name\"),\n\t\t\t\t\tResourceCpe: pulumi.String(\"pkg:/amzn:2:nss-softokn:3.44.0-8.amzn2\"),\n\t\t\t\t\tResourceName: pulumi.String(\"nss-softokn\"),\n\t\t\t\t\tResourcePath: pulumi.String(\"\"),\n\t\t\t\t\tResourceType: pulumi.String(\"package\"),\n\t\t\t\t\tResourceVersion: pulumi.String(\"3.44.0-8.amzn2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.Acknowledge;\nimport com.pulumi.aquasec.AcknowledgeArgs;\nimport com.pulumi.aquasec.inputs.AcknowledgeIssueArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var acknowledge = new Acknowledge(\"acknowledge\", AcknowledgeArgs.builder()\n .comment(\"comment\")\n .issues( \n AcknowledgeIssueArgs.builder()\n .dockerId(\"\")\n .imageName(\"image:latest\")\n .issueName(\"CVE-2022-1271\")\n .issueType(\"vulnerability\")\n .registryName(\"registry\")\n .resourceCpe(\"cpe:/a:gnu:gzip:1.10\")\n .resourceName(\"gzip\")\n .resourcePath(\"/usr/bin/gzip\")\n .resourceType(\"executable\")\n .resourceVersion(\"1.10\")\n .build(),\n AcknowledgeIssueArgs.builder()\n .dockerId(\"docker-id\")\n .imageName(\"image-name\")\n .issueName(\"ALAS2-2021-1722\")\n .issueType(\"vulnerability\")\n .registryName(\"registry-name\")\n .resourceCpe(\"pkg:/amzn:2:nss-softokn:3.44.0-8.amzn2\")\n .resourceName(\"nss-softokn\")\n .resourcePath(\"\")\n .resourceType(\"package\")\n .resourceVersion(\"3.44.0-8.amzn2\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n acknowledge:\n type: aquasec:Acknowledge\n properties:\n comment: comment\n issues:\n - dockerId:\n imageName: image:latest\n issueName: CVE-2022-1271\n issueType: vulnerability\n registryName: registry\n resourceCpe: cpe:/a:gnu:gzip:1.10\n resourceName: gzip\n resourcePath: /usr/bin/gzip\n resourceType: executable\n resourceVersion: '1.10'\n - dockerId: docker-id\n imageName: image-name\n issueName: ALAS2-2021-1722\n issueType: vulnerability\n registryName: registry-name\n resourceCpe: pkg:/amzn:2:nss-softokn:3.44.0-8.amzn2\n resourceName: nss-softokn\n resourcePath:\n resourceType: package\n resourceVersion: 3.44.0-8.amzn2\n```\n\n", "properties": { "comment": { "type": "string", "description": "A comment describing the reason for the acknowledgment\n" }, "issues": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FAcknowledgeIssue:AcknowledgeIssue" }, "description": "A list of existing security acknowledges.\n" } }, "type": "object", "required": [ "comment", "issues" ], "inputProperties": { "comment": { "type": "string", "description": "A comment describing the reason for the acknowledgment\n" }, "issues": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FAcknowledgeIssue:AcknowledgeIssue" }, "description": "A list of existing security acknowledges.\n" } }, "requiredInputs": [ "comment", "issues" ], "stateInputs": { "description": "Input properties used for looking up and filtering Acknowledge resources.\n", "properties": { "comment": { "type": "string", "description": "A comment describing the reason for the acknowledgment\n" }, "issues": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FAcknowledgeIssue:AcknowledgeIssue" }, "description": "A list of existing security acknowledges.\n" } }, "type": "object" } }, "aquasec:index/applicationScope:ApplicationScope": { "description": "## Example Usage\n\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.ApplicationScope;\nimport com.pulumi.aquasec.ApplicationScopeArgs;\nimport com.pulumi.aquasec.inputs.ApplicationScopeCategoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var terraformiap = new ApplicationScope(\"terraformiap\", ApplicationScopeArgs.builder()\n .categories(ApplicationScopeCategoryArgs.builder()\n .artifacts(ApplicationScopeCategoryArtifactArgs.builder()\n .image(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))\n .build())\n .infrastructures(ApplicationScopeCategoryInfrastructureArgs.builder()\n .kubernetes(ApplicationScopeCategoryInfrastructureKuberneteArgs.builder()\n .expression(\"v1\")\n .variables(ApplicationScopeCategoryInfrastructureKuberneteVariableArgs.builder()\n .attribute(\"kubernetes.cluster\")\n .value(\"aqua\")\n .build())\n .build())\n .build())\n .workloads(ApplicationScopeCategoryWorkloadArgs.builder()\n .kubernetes(ApplicationScopeCategoryWorkloadKuberneteArgs.builder()\n .expression(\"v1 && v2\")\n .variables( \n ApplicationScopeCategoryWorkloadKuberneteVariableArgs.builder()\n .attribute(\"kubernetes.cluster\")\n .value(\"aqua\")\n .build(),\n ApplicationScopeCategoryWorkloadKuberneteVariableArgs.builder()\n .attribute(\"kubernetes.namespace\")\n .value(\"aqua\")\n .build())\n .build())\n .build())\n .build())\n .description(\"test123\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n terraformiap:\n type: aquasec:ApplicationScope\n properties:\n # Categories is a nested block of artifacts, workloads and infrastructure\n categories:\n - artifacts:\n - image:\n - expression: v1 && v2\n variables:\n - attribute: aqua.registry\n value: test-registry\n - attribute: image.repo\n value: nginx\n infrastructures:\n - kubernetes:\n - expression: v1\n variables:\n - attribute: kubernetes.cluster\n value: aqua\n workloads:\n - kubernetes:\n - expression: v1 && v2\n variables:\n - attribute: kubernetes.cluster\n value: aqua\n - attribute: kubernetes.namespace\n value: aqua\n description: test123\n```\n\n", "properties": { "author": { "type": "string", "description": "Username of the account that created the service.\n" }, "categories": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategory:ApplicationScopeCategory" }, "description": "Artifacts (of applications) / Workloads (containers) / Infrastructure (elements).\n" }, "description": { "type": "string", "description": "Description of the application scope.\n" }, "name": { "type": "string", "description": "Name of an application scope.\n" }, "ownerEmail": { "type": "string", "description": "Name of an application scope.\n" } }, "type": "object", "required": [ "author", "categories", "name" ], "inputProperties": { "categories": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategory:ApplicationScopeCategory" }, "description": "Artifacts (of applications) / Workloads (containers) / Infrastructure (elements).\n" }, "description": { "type": "string", "description": "Description of the application scope.\n" }, "name": { "type": "string", "description": "Name of an application scope.\n", "willReplaceOnChanges": true }, "ownerEmail": { "type": "string", "description": "Name of an application scope.\n" } }, "stateInputs": { "description": "Input properties used for looking up and filtering ApplicationScope resources.\n", "properties": { "author": { "type": "string", "description": "Username of the account that created the service.\n" }, "categories": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FApplicationScopeCategory:ApplicationScopeCategory" }, "description": "Artifacts (of applications) / Workloads (containers) / Infrastructure (elements).\n" }, "description": { "type": "string", "description": "Description of the application scope.\n" }, "name": { "type": "string", "description": "Name of an application scope.\n", "willReplaceOnChanges": true }, "ownerEmail": { "type": "string", "description": "Name of an application scope.\n" } }, "type": "object" } }, "aquasec:index/aquaLabel:AquaLabel": { "properties": { "author": { "type": "string", "description": "The name of the user who created the Aqua label.\n" }, "created": { "type": "string", "description": "The creation date of the Aqua label.\n" }, "description": { "type": "string", "description": "Aqua label description.\n" }, "name": { "type": "string", "description": "Aqua label name.\n" } }, "type": "object", "required": [ "author", "created", "name" ], "inputProperties": { "description": { "type": "string", "description": "Aqua label description.\n" }, "name": { "type": "string", "description": "Aqua label name.\n" } }, "stateInputs": { "description": "Input properties used for looking up and filtering AquaLabel resources.\n", "properties": { "author": { "type": "string", "description": "The name of the user who created the Aqua label.\n" }, "created": { "type": "string", "description": "The creation date of the Aqua label.\n" }, "description": { "type": "string", "description": "Aqua label description.\n" }, "name": { "type": "string", "description": "Aqua label name.\n" } }, "type": "object" } }, "aquasec:index/containerRuntimePolicy:ContainerRuntimePolicy": { "description": "## Example Usage\n\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.ContainerRuntimePolicy;\nimport com.pulumi.aquasec.ContainerRuntimePolicyArgs;\nimport com.pulumi.aquasec.inputs.ContainerRuntimePolicyFileIntegrityMonitoringArgs;\nimport com.pulumi.aquasec.inputs.ContainerRuntimePolicyMalwareScanOptionsArgs;\nimport com.pulumi.aquasec.inputs.ContainerRuntimePolicyScopeVariableArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var containerRuntimePolicy = new ContainerRuntimePolicy(\"containerRuntimePolicy\", ContainerRuntimePolicyArgs.builder()\n .allowedExecutables( \n \"exe\",\n \"bin\")\n .allowedRegistries( \n \"registry1\",\n \"registry2\")\n .applicationScopes(\"Global\")\n .auditAllNetworkActivity(true)\n .auditAllProcessesActivity(true)\n .auditFullCommandArguments(true)\n .blockAccessHostNetwork(true)\n .blockAddingCapabilities(true)\n .blockContainerExec(true)\n .blockCryptocurrencyMining(true)\n .blockFilelessExec(true)\n .blockLowPortBinding(true)\n .blockNonCompliantWorkloads(true)\n .blockNonK8sContainers(true)\n .blockPrivilegedContainers(true)\n .blockRootUser(true)\n .blockUseIpcNamespace(true)\n .blockUsePidNamespace(true)\n .blockUseUserNamespace(true)\n .blockUseUtsNamespace(true)\n .blockedCapabilities( \n \"AUDIT_CONTROL\",\n \"AUDIT_WRITE\")\n .blockedExecutables( \n \"exe1\",\n \"exe2\")\n .blockedFiles( \n \"test1\",\n \"test2\")\n .blockedInboundPorts( \n \"80\",\n \"8080\")\n .blockedOutboundPorts( \n \"90\",\n \"9090\")\n .blockedPackages( \n \"pkg\",\n \"pkg2\")\n .blockedVolumes( \n \"blocked\",\n \"vol\")\n .containerExecAllowedProcesses( \n \"proc1\",\n \"proc2\")\n .description(\"container_runtime_policy\")\n .enableForkGuard(true)\n .enabled(true)\n .enforce(false)\n .fileIntegrityMonitoring(ContainerRuntimePolicyFileIntegrityMonitoringArgs.builder()\n .excludedPaths(\"expaths\")\n .excludedProcesses(\"exprocess\")\n .excludedUsers(\"expuser\")\n .monitorAttributes(true)\n .monitorCreate(true)\n .monitorDelete(true)\n .monitorModify(true)\n .monitorRead(true)\n .monitoredPaths(\"paths\")\n .monitoredProcesses(\"process\")\n .monitoredUsers(\"user\")\n .build())\n .forkGuardProcessLimit(13)\n .limitNewPrivileges(true)\n .malwareScanOptions(ContainerRuntimePolicyMalwareScanOptionsArgs.builder()\n .action(\"alert\")\n .enabled(true)\n .build())\n .monitorSystemTimeChanges(\"true\")\n .scopeExpression(\"v1 || v2\")\n .scopeVariables( \n ContainerRuntimePolicyScopeVariableArgs.builder()\n .attribute(\"kubernetes.cluster\")\n .value(\"default\")\n .build(),\n ContainerRuntimePolicyScopeVariableArgs.builder()\n .attribute(\"kubernetes.label\")\n .name(\"app\")\n .value(\"aqua\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n containerRuntimePolicy:\n type: aquasec:ContainerRuntimePolicy\n properties:\n allowedExecutables:\n - exe\n - bin\n allowedRegistries:\n - registry1\n - registry2\n applicationScopes:\n - Global\n auditAllNetworkActivity: true\n auditAllProcessesActivity: true\n auditFullCommandArguments: true\n blockAccessHostNetwork: true\n blockAddingCapabilities: true\n blockContainerExec: true\n blockCryptocurrencyMining: true\n blockFilelessExec: true\n blockLowPortBinding: true\n blockNonCompliantWorkloads: true\n blockNonK8sContainers: true\n blockPrivilegedContainers: true\n blockRootUser: true\n blockUseIpcNamespace: true\n blockUsePidNamespace: true\n blockUseUserNamespace: true\n blockUseUtsNamespace: true\n blockedCapabilities:\n - AUDIT_CONTROL\n - AUDIT_WRITE\n blockedExecutables:\n - exe1\n - exe2\n blockedFiles:\n - test1\n - test2\n blockedInboundPorts:\n - '80'\n - '8080'\n blockedOutboundPorts:\n - '90'\n - '9090'\n blockedPackages:\n - pkg\n - pkg2\n blockedVolumes:\n - blocked\n - vol\n containerExecAllowedProcesses:\n - proc1\n - proc2\n description: container_runtime_policy\n enableForkGuard: true\n enabled: true\n enforce: false\n fileIntegrityMonitoring:\n excludedPaths:\n - expaths\n excludedProcesses:\n - exprocess\n excludedUsers:\n - expuser\n monitorAttributes: true\n monitorCreate: true\n monitorDelete: true\n monitorModify: true\n monitorRead: true\n monitoredPaths:\n - paths\n monitoredProcesses:\n - process\n monitoredUsers:\n - user\n forkGuardProcessLimit: 13\n limitNewPrivileges: true\n malwareScanOptions:\n action: alert\n enabled: true\n monitorSystemTimeChanges: 'true'\n scopeExpression: v1 || v2\n scopeVariables:\n - attribute: kubernetes.cluster\n value: default\n - attribute: kubernetes.label\n name: app\n value: aqua\n```\n\n", "properties": { "allowedExecutables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyAllowedExecutable:ContainerRuntimePolicyAllowedExecutable" }, "description": "Allowed executables configuration.\n" }, "allowedRegistries": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyAllowedRegistry:ContainerRuntimePolicyAllowedRegistry" }, "description": "Allowed registries configuration.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" }, "description": "Indicates the application scope of the service.\n" }, "auditAllNetworkActivity": { "type": "boolean", "description": "If true, all network activity will be audited.\n" }, "auditAllProcessesActivity": { "type": "boolean", "description": "If true, all process activity will be audited.\n" }, "auditBruteForceLogin": { "type": "boolean", "description": "Detects brute force login attempts\n" }, "auditFullCommandArguments": { "type": "boolean", "description": "If true, full command arguments will be audited.\n" }, "auditing": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyAuditing:ContainerRuntimePolicyAuditing" }, "author": { "type": "string", "description": "Username of the account that created the service.\n" }, "blacklistedOsUsers": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyBlacklistedOsUsers:ContainerRuntimePolicyBlacklistedOsUsers" }, "blockAccessHostNetwork": { "type": "boolean", "description": "If true, prevent containers from running with access to host network.\n" }, "blockAddingCapabilities": { "type": "boolean", "description": "If true, prevent containers from running with adding capabilities with `--cap-add` privilege.\n" }, "blockContainerExec": { "type": "boolean", "description": "If true, exec into a container is prevented.\n" }, "blockCryptocurrencyMining": { "type": "boolean", "description": "Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining\n" }, "blockDisallowedImages": { "type": "boolean" }, "blockFilelessExec": { "type": "boolean", "description": "Detect and prevent running in-memory execution\n" }, "blockLowPortBinding": { "type": "boolean", "description": "If true, prevent containers from running with the capability to bind in port lower than 1024.\n" }, "blockNonCompliantWorkloads": { "type": "boolean", "description": "If true, running containers in non-compliant pods is prevented.\n" }, "blockNonK8sContainers": { "type": "boolean", "description": "If true, running non-kubernetes containers is prevented.\n" }, "blockPrivilegedContainers": { "type": "boolean", "description": "If true, prevent containers from running with privileged container capability.\n" }, "blockRootUser": { "type": "boolean", "description": "If true, prevent containers from running with root user.\n" }, "blockUseIpcNamespace": { "type": "boolean", "description": "If true, prevent containers from running with the privilege to use the IPC namespace.\n" }, "blockUsePidNamespace": { "type": "boolean", "description": "If true, prevent containers from running with the privilege to use the PID namespace.\n" }, "blockUseUserNamespace": { "type": "boolean", "description": "If true, prevent containers from running with the privilege to use the user namespace.\n" }, "blockUseUtsNamespace": { "type": "boolean", "description": "If true, prevent containers from running with the privilege to use the UTS namespace.\n" }, "blockedCapabilities": { "type": "array", "items": { "type": "string" }, "description": "If true, prevents containers from using specific Unix capabilities.\n" }, "blockedExecutables": { "type": "array", "items": { "type": "string" }, "description": "List of executables that are prevented from running in containers.\n" }, "blockedFiles": { "type": "array", "items": { "type": "string" }, "description": "List of files that are prevented from being read, modified and executed in the containers.\n" }, "blockedInboundPorts": { "type": "array", "items": { "type": "string" }, "description": "List of blocked inbound ports.\n" }, "blockedOutboundPorts": { "type": "array", "items": { "type": "string" }, "description": "List of blocked outbound ports.\n" }, "blockedPackages": { "type": "array", "items": { "type": "string" }, "description": "Prevent containers from reading, writing, or executing all files in the list of packages.\n" }, "blockedVolumes": { "type": "array", "items": { "type": "string" }, "description": "List of volumes that are prevented from being mounted in the containers.\n" }, "bypassScopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyBypassScope:ContainerRuntimePolicyBypassScope" }, "description": "Bypass scope configuration.\n" }, "containerExec": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyContainerExec:ContainerRuntimePolicyContainerExec" }, "containerExecAllowedProcesses": { "type": "array", "items": { "type": "string" }, "description": "List of processes that will be allowed.\n" }, "created": { "type": "string" }, "cve": { "type": "string" }, "defaultSecurityProfile": { "type": "string" }, "description": { "type": "string", "description": "The description of the container runtime policy\n" }, "digest": { "type": "string" }, "driftPreventions": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyDriftPrevention:ContainerRuntimePolicyDriftPrevention" }, "description": "Drift prevention configuration.\n" }, "enableCryptoMiningDns": { "type": "boolean" }, "enableForkGuard": { "type": "boolean", "description": "If true, fork bombs are prevented in the containers.\n" }, "enableIpReputation": { "type": "boolean" }, "enablePortScanProtection": { "type": "boolean" }, "enabled": { "type": "boolean", "description": "Indicates if the runtime policy is enabled or not.\n" }, "enforce": { "type": "boolean", "description": "Indicates that policy should effect container execution (not just for audit).\n" }, "enforceAfterDays": { "type": "integer", "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" }, "enforceSchedulerAddedOn": { "type": "integer" }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" }, "description": "List of excluded application scopes.\n" }, "executableBlacklists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyExecutableBlacklist:ContainerRuntimePolicyExecutableBlacklist" }, "description": "Executable blacklist configuration.\n" }, "failedKubernetesChecks": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyFailedKubernetesChecks:ContainerRuntimePolicyFailedKubernetesChecks" }, "fileBlock": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyFileBlock:ContainerRuntimePolicyFileBlock" }, "fileIntegrityMonitoring": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyFileIntegrityMonitoring:ContainerRuntimePolicyFileIntegrityMonitoring", "description": "Configuration for file integrity monitoring.\n" }, "forkGuardProcessLimit": { "type": "integer", "description": "Process limit for the fork guard.\n" }, "imageName": { "type": "string" }, "isAuditChecked": { "type": "boolean" }, "isAutoGenerated": { "type": "boolean" }, "isOotbPolicy": { "type": "boolean" }, "lastupdate": { "type": "integer" }, "limitContainerPrivileges": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyLimitContainerPrivilege:ContainerRuntimePolicyLimitContainerPrivilege" }, "description": "Container privileges configuration.\n" }, "limitNewPrivileges": { "type": "boolean", "description": "If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode)\n" }, "linuxCapabilities": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyLinuxCapabilities:ContainerRuntimePolicyLinuxCapabilities" }, "malwareScanOptions": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyMalwareScanOptions:ContainerRuntimePolicyMalwareScanOptions", "description": "Configuration for Real-Time Malware Protection.\n" }, "monitorSystemTimeChanges": { "type": "boolean", "description": "If true, system time changes will be monitored.\n" }, "name": { "type": "string", "description": "Name of the container runtime policy\n" }, "noNewPrivileges": { "type": "boolean" }, "onlyRegisteredImages": { "type": "boolean" }, "packageBlock": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyPackageBlock:ContainerRuntimePolicyPackageBlock" }, "permission": { "type": "string" }, "portBlock": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyPortBlock:ContainerRuntimePolicyPortBlock" }, "readonlyFiles": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyReadonlyFiles:ContainerRuntimePolicyReadonlyFiles" }, "readonlyRegistry": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyReadonlyRegistry:ContainerRuntimePolicyReadonlyRegistry" }, "registry": { "type": "string" }, "registryAccessMonitoring": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyRegistryAccessMonitoring:ContainerRuntimePolicyRegistryAccessMonitoring" }, "repoName": { "type": "string" }, "resourceName": { "type": "string" }, "resourceType": { "type": "string" }, "restrictedVolumes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyRestrictedVolume:ContainerRuntimePolicyRestrictedVolume" }, "description": "Restricted volumes configuration.\n" }, "reverseShell": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyReverseShell:ContainerRuntimePolicyReverseShell" }, "runtimeMode": { "type": "integer" }, "runtimeType": { "type": "string" }, "scopeExpression": { "type": "string", "description": "Logical expression of how to compute the dependency of the scope variables.\n" }, "scopeVariables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyScopeVariable:ContainerRuntimePolicyScopeVariable" }, "description": "List of scope attributes.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyScope:ContainerRuntimePolicyScope" }, "description": "Scope configuration.\n" }, "systemIntegrityProtection": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicySystemIntegrityProtection:ContainerRuntimePolicySystemIntegrityProtection" }, "tripwire": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyTripwire:ContainerRuntimePolicyTripwire" }, "type": { "type": "string" }, "updated": { "type": "string" }, "version": { "type": "string" }, "vpatchVersion": { "type": "string" }, "whitelistedOsUsers": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyWhitelistedOsUsers:ContainerRuntimePolicyWhitelistedOsUsers" } }, "type": "object", "required": [ "allowedExecutables", "allowedRegistries", "applicationScopes", "auditing", "author", "blacklistedOsUsers", "containerExec", "created", "driftPreventions", "enforceSchedulerAddedOn", "executableBlacklists", "failedKubernetesChecks", "fileBlock", "fileIntegrityMonitoring", "lastupdate", "limitContainerPrivileges", "linuxCapabilities", "malwareScanOptions", "name", "packageBlock", "portBlock", "readonlyFiles", "readonlyRegistry", "registryAccessMonitoring", "restrictedVolumes", "reverseShell", "scopeExpression", "scopeVariables", "systemIntegrityProtection", "tripwire", "updated", "whitelistedOsUsers" ], "inputProperties": { "allowedExecutables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyAllowedExecutable:ContainerRuntimePolicyAllowedExecutable" }, "description": "Allowed executables configuration.\n" }, "allowedRegistries": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyAllowedRegistry:ContainerRuntimePolicyAllowedRegistry" }, "description": "Allowed registries configuration.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" }, "description": "Indicates the application scope of the service.\n" }, "auditAllNetworkActivity": { "type": "boolean", "description": "If true, all network activity will be audited.\n" }, "auditAllProcessesActivity": { "type": "boolean", "description": "If true, all process activity will be audited.\n" }, "auditBruteForceLogin": { "type": "boolean", "description": "Detects brute force login attempts\n" }, "auditFullCommandArguments": { "type": "boolean", "description": "If true, full command arguments will be audited.\n" }, "auditing": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyAuditing:ContainerRuntimePolicyAuditing" }, "author": { "type": "string", "description": "Username of the account that created the service.\n" }, "blacklistedOsUsers": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyBlacklistedOsUsers:ContainerRuntimePolicyBlacklistedOsUsers" }, "blockAccessHostNetwork": { "type": "boolean", "description": "If true, prevent containers from running with access to host network.\n" }, "blockAddingCapabilities": { "type": "boolean", "description": "If true, prevent containers from running with adding capabilities with `--cap-add` privilege.\n" }, "blockContainerExec": { "type": "boolean", "description": "If true, exec into a container is prevented.\n" }, "blockCryptocurrencyMining": { "type": "boolean", "description": "Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining\n" }, "blockDisallowedImages": { "type": "boolean" }, "blockFilelessExec": { "type": "boolean", "description": "Detect and prevent running in-memory execution\n" }, "blockLowPortBinding": { "type": "boolean", "description": "If true, prevent containers from running with the capability to bind in port lower than 1024.\n" }, "blockNonCompliantWorkloads": { "type": "boolean", "description": "If true, running containers in non-compliant pods is prevented.\n" }, "blockNonK8sContainers": { "type": "boolean", "description": "If true, running non-kubernetes containers is prevented.\n" }, "blockPrivilegedContainers": { "type": "boolean", "description": "If true, prevent containers from running with privileged container capability.\n" }, "blockRootUser": { "type": "boolean", "description": "If true, prevent containers from running with root user.\n" }, "blockUseIpcNamespace": { "type": "boolean", "description": "If true, prevent containers from running with the privilege to use the IPC namespace.\n" }, "blockUsePidNamespace": { "type": "boolean", "description": "If true, prevent containers from running with the privilege to use the PID namespace.\n" }, "blockUseUserNamespace": { "type": "boolean", "description": "If true, prevent containers from running with the privilege to use the user namespace.\n" }, "blockUseUtsNamespace": { "type": "boolean", "description": "If true, prevent containers from running with the privilege to use the UTS namespace.\n" }, "blockedCapabilities": { "type": "array", "items": { "type": "string" }, "description": "If true, prevents containers from using specific Unix capabilities.\n" }, "blockedExecutables": { "type": "array", "items": { "type": "string" }, "description": "List of executables that are prevented from running in containers.\n" }, "blockedFiles": { "type": "array", "items": { "type": "string" }, "description": "List of files that are prevented from being read, modified and executed in the containers.\n" }, "blockedInboundPorts": { "type": "array", "items": { "type": "string" }, "description": "List of blocked inbound ports.\n" }, "blockedOutboundPorts": { "type": "array", "items": { "type": "string" }, "description": "List of blocked outbound ports.\n" }, "blockedPackages": { "type": "array", "items": { "type": "string" }, "description": "Prevent containers from reading, writing, or executing all files in the list of packages.\n" }, "blockedVolumes": { "type": "array", "items": { "type": "string" }, "description": "List of volumes that are prevented from being mounted in the containers.\n" }, "bypassScopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyBypassScope:ContainerRuntimePolicyBypassScope" }, "description": "Bypass scope configuration.\n" }, "containerExec": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyContainerExec:ContainerRuntimePolicyContainerExec" }, "containerExecAllowedProcesses": { "type": "array", "items": { "type": "string" }, "description": "List of processes that will be allowed.\n" }, "created": { "type": "string" }, "cve": { "type": "string" }, "defaultSecurityProfile": { "type": "string" }, "description": { "type": "string", "description": "The description of the container runtime policy\n" }, "digest": { "type": "string" }, "driftPreventions": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyDriftPrevention:ContainerRuntimePolicyDriftPrevention" }, "description": "Drift prevention configuration.\n" }, "enableCryptoMiningDns": { "type": "boolean" }, "enableForkGuard": { "type": "boolean", "description": "If true, fork bombs are prevented in the containers.\n" }, "enableIpReputation": { "type": "boolean" }, "enablePortScanProtection": { "type": "boolean" }, "enabled": { "type": "boolean", "description": "Indicates if the runtime policy is enabled or not.\n" }, "enforce": { "type": "boolean", "description": "Indicates that policy should effect container execution (not just for audit).\n" }, "enforceAfterDays": { "type": "integer", "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" }, "enforceSchedulerAddedOn": { "type": "integer" }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" }, "description": "List of excluded application scopes.\n" }, "executableBlacklists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyExecutableBlacklist:ContainerRuntimePolicyExecutableBlacklist" }, "description": "Executable blacklist configuration.\n" }, "failedKubernetesChecks": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyFailedKubernetesChecks:ContainerRuntimePolicyFailedKubernetesChecks" }, "fileBlock": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyFileBlock:ContainerRuntimePolicyFileBlock" }, "fileIntegrityMonitoring": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyFileIntegrityMonitoring:ContainerRuntimePolicyFileIntegrityMonitoring", "description": "Configuration for file integrity monitoring.\n" }, "forkGuardProcessLimit": { "type": "integer", "description": "Process limit for the fork guard.\n" }, "imageName": { "type": "string" }, "isAuditChecked": { "type": "boolean" }, "isAutoGenerated": { "type": "boolean" }, "isOotbPolicy": { "type": "boolean" }, "lastupdate": { "type": "integer" }, "limitContainerPrivileges": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyLimitContainerPrivilege:ContainerRuntimePolicyLimitContainerPrivilege" }, "description": "Container privileges configuration.\n" }, "limitNewPrivileges": { "type": "boolean", "description": "If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode)\n" }, "linuxCapabilities": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyLinuxCapabilities:ContainerRuntimePolicyLinuxCapabilities" }, "malwareScanOptions": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyMalwareScanOptions:ContainerRuntimePolicyMalwareScanOptions", "description": "Configuration for Real-Time Malware Protection.\n" }, "monitorSystemTimeChanges": { "type": "boolean", "description": "If true, system time changes will be monitored.\n" }, "name": { "type": "string", "description": "Name of the container runtime policy\n", "willReplaceOnChanges": true }, "noNewPrivileges": { "type": "boolean" }, "onlyRegisteredImages": { "type": "boolean" }, "packageBlock": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyPackageBlock:ContainerRuntimePolicyPackageBlock" }, "permission": { "type": "string" }, "portBlock": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyPortBlock:ContainerRuntimePolicyPortBlock" }, "readonlyFiles": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyReadonlyFiles:ContainerRuntimePolicyReadonlyFiles" }, "readonlyRegistry": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyReadonlyRegistry:ContainerRuntimePolicyReadonlyRegistry" }, "registry": { "type": "string" }, "registryAccessMonitoring": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyRegistryAccessMonitoring:ContainerRuntimePolicyRegistryAccessMonitoring" }, "repoName": { "type": "string" }, "resourceName": { "type": "string" }, "resourceType": { "type": "string" }, "restrictedVolumes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyRestrictedVolume:ContainerRuntimePolicyRestrictedVolume" }, "description": "Restricted volumes configuration.\n" }, "reverseShell": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyReverseShell:ContainerRuntimePolicyReverseShell" }, "runtimeMode": { "type": "integer" }, "runtimeType": { "type": "string" }, "scopeExpression": { "type": "string", "description": "Logical expression of how to compute the dependency of the scope variables.\n" }, "scopeVariables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyScopeVariable:ContainerRuntimePolicyScopeVariable" }, "description": "List of scope attributes.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyScope:ContainerRuntimePolicyScope" }, "description": "Scope configuration.\n" }, "systemIntegrityProtection": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicySystemIntegrityProtection:ContainerRuntimePolicySystemIntegrityProtection" }, "tripwire": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyTripwire:ContainerRuntimePolicyTripwire" }, "type": { "type": "string" }, "updated": { "type": "string" }, "version": { "type": "string" }, "vpatchVersion": { "type": "string" }, "whitelistedOsUsers": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyWhitelistedOsUsers:ContainerRuntimePolicyWhitelistedOsUsers" } }, "stateInputs": { "description": "Input properties used for looking up and filtering ContainerRuntimePolicy resources.\n", "properties": { "allowedExecutables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyAllowedExecutable:ContainerRuntimePolicyAllowedExecutable" }, "description": "Allowed executables configuration.\n" }, "allowedRegistries": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyAllowedRegistry:ContainerRuntimePolicyAllowedRegistry" }, "description": "Allowed registries configuration.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" }, "description": "Indicates the application scope of the service.\n" }, "auditAllNetworkActivity": { "type": "boolean", "description": "If true, all network activity will be audited.\n" }, "auditAllProcessesActivity": { "type": "boolean", "description": "If true, all process activity will be audited.\n" }, "auditBruteForceLogin": { "type": "boolean", "description": "Detects brute force login attempts\n" }, "auditFullCommandArguments": { "type": "boolean", "description": "If true, full command arguments will be audited.\n" }, "auditing": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyAuditing:ContainerRuntimePolicyAuditing" }, "author": { "type": "string", "description": "Username of the account that created the service.\n" }, "blacklistedOsUsers": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyBlacklistedOsUsers:ContainerRuntimePolicyBlacklistedOsUsers" }, "blockAccessHostNetwork": { "type": "boolean", "description": "If true, prevent containers from running with access to host network.\n" }, "blockAddingCapabilities": { "type": "boolean", "description": "If true, prevent containers from running with adding capabilities with `--cap-add` privilege.\n" }, "blockContainerExec": { "type": "boolean", "description": "If true, exec into a container is prevented.\n" }, "blockCryptocurrencyMining": { "type": "boolean", "description": "Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining\n" }, "blockDisallowedImages": { "type": "boolean" }, "blockFilelessExec": { "type": "boolean", "description": "Detect and prevent running in-memory execution\n" }, "blockLowPortBinding": { "type": "boolean", "description": "If true, prevent containers from running with the capability to bind in port lower than 1024.\n" }, "blockNonCompliantWorkloads": { "type": "boolean", "description": "If true, running containers in non-compliant pods is prevented.\n" }, "blockNonK8sContainers": { "type": "boolean", "description": "If true, running non-kubernetes containers is prevented.\n" }, "blockPrivilegedContainers": { "type": "boolean", "description": "If true, prevent containers from running with privileged container capability.\n" }, "blockRootUser": { "type": "boolean", "description": "If true, prevent containers from running with root user.\n" }, "blockUseIpcNamespace": { "type": "boolean", "description": "If true, prevent containers from running with the privilege to use the IPC namespace.\n" }, "blockUsePidNamespace": { "type": "boolean", "description": "If true, prevent containers from running with the privilege to use the PID namespace.\n" }, "blockUseUserNamespace": { "type": "boolean", "description": "If true, prevent containers from running with the privilege to use the user namespace.\n" }, "blockUseUtsNamespace": { "type": "boolean", "description": "If true, prevent containers from running with the privilege to use the UTS namespace.\n" }, "blockedCapabilities": { "type": "array", "items": { "type": "string" }, "description": "If true, prevents containers from using specific Unix capabilities.\n" }, "blockedExecutables": { "type": "array", "items": { "type": "string" }, "description": "List of executables that are prevented from running in containers.\n" }, "blockedFiles": { "type": "array", "items": { "type": "string" }, "description": "List of files that are prevented from being read, modified and executed in the containers.\n" }, "blockedInboundPorts": { "type": "array", "items": { "type": "string" }, "description": "List of blocked inbound ports.\n" }, "blockedOutboundPorts": { "type": "array", "items": { "type": "string" }, "description": "List of blocked outbound ports.\n" }, "blockedPackages": { "type": "array", "items": { "type": "string" }, "description": "Prevent containers from reading, writing, or executing all files in the list of packages.\n" }, "blockedVolumes": { "type": "array", "items": { "type": "string" }, "description": "List of volumes that are prevented from being mounted in the containers.\n" }, "bypassScopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyBypassScope:ContainerRuntimePolicyBypassScope" }, "description": "Bypass scope configuration.\n" }, "containerExec": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyContainerExec:ContainerRuntimePolicyContainerExec" }, "containerExecAllowedProcesses": { "type": "array", "items": { "type": "string" }, "description": "List of processes that will be allowed.\n" }, "created": { "type": "string" }, "cve": { "type": "string" }, "defaultSecurityProfile": { "type": "string" }, "description": { "type": "string", "description": "The description of the container runtime policy\n" }, "digest": { "type": "string" }, "driftPreventions": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyDriftPrevention:ContainerRuntimePolicyDriftPrevention" }, "description": "Drift prevention configuration.\n" }, "enableCryptoMiningDns": { "type": "boolean" }, "enableForkGuard": { "type": "boolean", "description": "If true, fork bombs are prevented in the containers.\n" }, "enableIpReputation": { "type": "boolean" }, "enablePortScanProtection": { "type": "boolean" }, "enabled": { "type": "boolean", "description": "Indicates if the runtime policy is enabled or not.\n" }, "enforce": { "type": "boolean", "description": "Indicates that policy should effect container execution (not just for audit).\n" }, "enforceAfterDays": { "type": "integer", "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" }, "enforceSchedulerAddedOn": { "type": "integer" }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" }, "description": "List of excluded application scopes.\n" }, "executableBlacklists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyExecutableBlacklist:ContainerRuntimePolicyExecutableBlacklist" }, "description": "Executable blacklist configuration.\n" }, "failedKubernetesChecks": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyFailedKubernetesChecks:ContainerRuntimePolicyFailedKubernetesChecks" }, "fileBlock": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyFileBlock:ContainerRuntimePolicyFileBlock" }, "fileIntegrityMonitoring": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyFileIntegrityMonitoring:ContainerRuntimePolicyFileIntegrityMonitoring", "description": "Configuration for file integrity monitoring.\n" }, "forkGuardProcessLimit": { "type": "integer", "description": "Process limit for the fork guard.\n" }, "imageName": { "type": "string" }, "isAuditChecked": { "type": "boolean" }, "isAutoGenerated": { "type": "boolean" }, "isOotbPolicy": { "type": "boolean" }, "lastupdate": { "type": "integer" }, "limitContainerPrivileges": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyLimitContainerPrivilege:ContainerRuntimePolicyLimitContainerPrivilege" }, "description": "Container privileges configuration.\n" }, "limitNewPrivileges": { "type": "boolean", "description": "If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode)\n" }, "linuxCapabilities": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyLinuxCapabilities:ContainerRuntimePolicyLinuxCapabilities" }, "malwareScanOptions": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyMalwareScanOptions:ContainerRuntimePolicyMalwareScanOptions", "description": "Configuration for Real-Time Malware Protection.\n" }, "monitorSystemTimeChanges": { "type": "boolean", "description": "If true, system time changes will be monitored.\n" }, "name": { "type": "string", "description": "Name of the container runtime policy\n", "willReplaceOnChanges": true }, "noNewPrivileges": { "type": "boolean" }, "onlyRegisteredImages": { "type": "boolean" }, "packageBlock": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyPackageBlock:ContainerRuntimePolicyPackageBlock" }, "permission": { "type": "string" }, "portBlock": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyPortBlock:ContainerRuntimePolicyPortBlock" }, "readonlyFiles": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyReadonlyFiles:ContainerRuntimePolicyReadonlyFiles" }, "readonlyRegistry": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyReadonlyRegistry:ContainerRuntimePolicyReadonlyRegistry" }, "registry": { "type": "string" }, "registryAccessMonitoring": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyRegistryAccessMonitoring:ContainerRuntimePolicyRegistryAccessMonitoring" }, "repoName": { "type": "string" }, "resourceName": { "type": "string" }, "resourceType": { "type": "string" }, "restrictedVolumes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyRestrictedVolume:ContainerRuntimePolicyRestrictedVolume" }, "description": "Restricted volumes configuration.\n" }, "reverseShell": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyReverseShell:ContainerRuntimePolicyReverseShell" }, "runtimeMode": { "type": "integer" }, "runtimeType": { "type": "string" }, "scopeExpression": { "type": "string", "description": "Logical expression of how to compute the dependency of the scope variables.\n" }, "scopeVariables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyScopeVariable:ContainerRuntimePolicyScopeVariable" }, "description": "List of scope attributes.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyScope:ContainerRuntimePolicyScope" }, "description": "Scope configuration.\n" }, "systemIntegrityProtection": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicySystemIntegrityProtection:ContainerRuntimePolicySystemIntegrityProtection" }, "tripwire": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyTripwire:ContainerRuntimePolicyTripwire" }, "type": { "type": "string" }, "updated": { "type": "string" }, "version": { "type": "string" }, "vpatchVersion": { "type": "string" }, "whitelistedOsUsers": { "$ref": "#/types/aquasec:index%2FContainerRuntimePolicyWhitelistedOsUsers:ContainerRuntimePolicyWhitelistedOsUsers" } }, "type": "object" } }, "aquasec:index/enforcerGroups:EnforcerGroups": { "description": "## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst group = new aquasec.EnforcerGroups(\"group\", {\n antivirusProtection: true,\n containerActivityProtection: true,\n containerAntivirusProtection: true,\n enforce: true,\n forensics: true,\n groupId: \"tf-test-enforcer\",\n hostAssurance: true,\n hostForensics: true,\n hostNetworkProtection: true,\n hostProtection: true,\n imageAssurance: true,\n networkProtection: true,\n orchestrators: [{}],\n riskExplorerAutoDiscovery: true,\n syncHostImages: true,\n type: \"agent\",\n});\nconst group_kubeEnforcer = new aquasec.EnforcerGroups(\"group-kubeEnforcer\", {\n admissionControl: true,\n autoCopySecrets: true,\n autoDiscoverConfigureRegistries: true,\n autoDiscoveryEnabled: true,\n autoScanDiscoveredImagesRunningContainers: true,\n blockAdmissionControl: true,\n enforce: true,\n groupId: \"tf-test-kube_enforcer\",\n kubeBenchImageName: \"registry.aquasec.com/kube-bench:v0.6.5\",\n microEnforcerSecretsName: \"aqua-registry\",\n orchestrators: [{\n namespace: \"aqua\",\n type: \"kubernetes\",\n }],\n type: \"kube_enforcer\",\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\ngroup = aquasec.EnforcerGroups(\"group\",\n antivirus_protection=True,\n container_activity_protection=True,\n container_antivirus_protection=True,\n enforce=True,\n forensics=True,\n group_id=\"tf-test-enforcer\",\n host_assurance=True,\n host_forensics=True,\n host_network_protection=True,\n host_protection=True,\n image_assurance=True,\n network_protection=True,\n orchestrators=[aquasec.EnforcerGroupsOrchestratorArgs()],\n risk_explorer_auto_discovery=True,\n sync_host_images=True,\n type=\"agent\")\ngroup_kube_enforcer = aquasec.EnforcerGroups(\"group-kubeEnforcer\",\n admission_control=True,\n auto_copy_secrets=True,\n auto_discover_configure_registries=True,\n auto_discovery_enabled=True,\n auto_scan_discovered_images_running_containers=True,\n block_admission_control=True,\n enforce=True,\n group_id=\"tf-test-kube_enforcer\",\n kube_bench_image_name=\"registry.aquasec.com/kube-bench:v0.6.5\",\n micro_enforcer_secrets_name=\"aqua-registry\",\n orchestrators=[aquasec.EnforcerGroupsOrchestratorArgs(\n namespace=\"aqua\",\n type=\"kubernetes\",\n )],\n type=\"kube_enforcer\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() => \n{\n var @group = new Aquasec.EnforcerGroups(\"group\", new()\n {\n AntivirusProtection = true,\n ContainerActivityProtection = true,\n ContainerAntivirusProtection = true,\n Enforce = true,\n Forensics = true,\n GroupId = \"tf-test-enforcer\",\n HostAssurance = true,\n HostForensics = true,\n HostNetworkProtection = true,\n HostProtection = true,\n ImageAssurance = true,\n NetworkProtection = true,\n Orchestrators = new[]\n {\n null,\n },\n RiskExplorerAutoDiscovery = true,\n SyncHostImages = true,\n Type = \"agent\",\n });\n\n var group_kubeEnforcer = new Aquasec.EnforcerGroups(\"group-kubeEnforcer\", new()\n {\n AdmissionControl = true,\n AutoCopySecrets = true,\n AutoDiscoverConfigureRegistries = true,\n AutoDiscoveryEnabled = true,\n AutoScanDiscoveredImagesRunningContainers = true,\n BlockAdmissionControl = true,\n Enforce = true,\n GroupId = \"tf-test-kube_enforcer\",\n KubeBenchImageName = \"registry.aquasec.com/kube-bench:v0.6.5\",\n MicroEnforcerSecretsName = \"aqua-registry\",\n Orchestrators = new[]\n {\n new Aquasec.Inputs.EnforcerGroupsOrchestratorArgs\n {\n Namespace = \"aqua\",\n Type = \"kubernetes\",\n },\n },\n Type = \"kube_enforcer\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewEnforcerGroups(ctx, \"group\", &aquasec.EnforcerGroupsArgs{\n\t\t\tAntivirusProtection: pulumi.Bool(true),\n\t\t\tContainerActivityProtection: pulumi.Bool(true),\n\t\t\tContainerAntivirusProtection: pulumi.Bool(true),\n\t\t\tEnforce: pulumi.Bool(true),\n\t\t\tForensics: pulumi.Bool(true),\n\t\t\tGroupId: pulumi.String(\"tf-test-enforcer\"),\n\t\t\tHostAssurance: pulumi.Bool(true),\n\t\t\tHostForensics: pulumi.Bool(true),\n\t\t\tHostNetworkProtection: pulumi.Bool(true),\n\t\t\tHostProtection: pulumi.Bool(true),\n\t\t\tImageAssurance: pulumi.Bool(true),\n\t\t\tNetworkProtection: pulumi.Bool(true),\n\t\t\tOrchestrators: aquasec.EnforcerGroupsOrchestratorArray{\n\t\t\t\tnil,\n\t\t\t},\n\t\t\tRiskExplorerAutoDiscovery: pulumi.Bool(true),\n\t\t\tSyncHostImages: pulumi.Bool(true),\n\t\t\tType: pulumi.String(\"agent\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewEnforcerGroups(ctx, \"group-kubeEnforcer\", &aquasec.EnforcerGroupsArgs{\n\t\t\tAdmissionControl: pulumi.Bool(true),\n\t\t\tAutoCopySecrets: pulumi.Bool(true),\n\t\t\tAutoDiscoverConfigureRegistries: pulumi.Bool(true),\n\t\t\tAutoDiscoveryEnabled: pulumi.Bool(true),\n\t\t\tAutoScanDiscoveredImagesRunningContainers: pulumi.Bool(true),\n\t\t\tBlockAdmissionControl: pulumi.Bool(true),\n\t\t\tEnforce: pulumi.Bool(true),\n\t\t\tGroupId: pulumi.String(\"tf-test-kube_enforcer\"),\n\t\t\tKubeBenchImageName: pulumi.String(\"registry.aquasec.com/kube-bench:v0.6.5\"),\n\t\t\tMicroEnforcerSecretsName: pulumi.String(\"aqua-registry\"),\n\t\t\tOrchestrators: aquasec.EnforcerGroupsOrchestratorArray{\n\t\t\t\t&aquasec.EnforcerGroupsOrchestratorArgs{\n\t\t\t\t\tNamespace: pulumi.String(\"aqua\"),\n\t\t\t\t\tType: pulumi.String(\"kubernetes\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tType: pulumi.String(\"kube_enforcer\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.EnforcerGroups;\nimport com.pulumi.aquasec.EnforcerGroupsArgs;\nimport com.pulumi.aquasec.inputs.EnforcerGroupsOrchestratorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var group = new EnforcerGroups(\"group\", EnforcerGroupsArgs.builder()\n .antivirusProtection(true)\n .containerActivityProtection(true)\n .containerAntivirusProtection(true)\n .enforce(true)\n .forensics(true)\n .groupId(\"tf-test-enforcer\")\n .hostAssurance(true)\n .hostForensics(true)\n .hostNetworkProtection(true)\n .hostProtection(true)\n .imageAssurance(true)\n .networkProtection(true)\n .orchestrators()\n .riskExplorerAutoDiscovery(true)\n .syncHostImages(true)\n .type(\"agent\")\n .build());\n\n var group_kubeEnforcer = new EnforcerGroups(\"group-kubeEnforcer\", EnforcerGroupsArgs.builder()\n .admissionControl(true)\n .autoCopySecrets(true)\n .autoDiscoverConfigureRegistries(true)\n .autoDiscoveryEnabled(true)\n .autoScanDiscoveredImagesRunningContainers(true)\n .blockAdmissionControl(true)\n .enforce(true)\n .groupId(\"tf-test-kube_enforcer\")\n .kubeBenchImageName(\"registry.aquasec.com/kube-bench:v0.6.5\")\n .microEnforcerSecretsName(\"aqua-registry\")\n .orchestrators(EnforcerGroupsOrchestratorArgs.builder()\n .namespace(\"aqua\")\n .type(\"kubernetes\")\n .build())\n .type(\"kube_enforcer\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n group:\n type: aquasec:EnforcerGroups\n properties:\n # Advanced Malware Protection (Host Protection)\n antivirusProtection: true\n # Runtime Controls\n containerActivityProtection: true\n # Advanced Malware Protection (Container Protection)\n containerAntivirusProtection: true\n enforce: true\n # forensics\n forensics: true\n groupId: tf-test-enforcer\n # Host Assurance\n hostAssurance: true\n # host_forensics\n hostForensics: true\n # Network Firewall (Host Protection)\n hostNetworkProtection: true\n # Runtime Controls\n hostProtection: true\n # Image Assurance\n imageAssurance: true\n # Network Firewall (Container Protection)\n networkProtection: true\n orchestrators:\n - {}\n # Risk Explorer\n riskExplorerAutoDiscovery: true\n # Host Images\n syncHostImages: true\n type: agent\n group-kubeEnforcer:\n type: aquasec:EnforcerGroups\n properties:\n # Enable admission control\n admissionControl: true\n # Auto copy these secrets to the Pod Enforcer namespace and container\n autoCopySecrets: true\n # Add discovered registries\n autoDiscoverConfigureRegistries: true\n # Enable workload discovery\n autoDiscoveryEnabled: true\n # Register discovered pod images\n autoScanDiscoveredImagesRunningContainers: true\n # Perform admission control if not connected to a gateway\n blockAdmissionControl: true\n enforce: true\n groupId: tf-test-kube_enforcer\n # Kube-bench image path\n kubeBenchImageName: registry.aquasec.com/kube-bench:v0.6.5\n # Secret that holds the registry credentials for the Pod Enforcer and kube-bench\n microEnforcerSecretsName: aqua-registry\n orchestrators:\n - namespace: aqua\n type: kubernetes\n type: kube_enforcer\n```\n\n", "properties": { "admissionControl": { "type": "boolean", "description": "Selecting this option will allow the KubeEnforcer to block the deployment of container images that have failed any of these Container Runtime Policy controls:\\\n\t\t\t* Block Non-Compliant Images\\\n\t\t\t* Block Non-Compliant Workloads\\\n\t\t\t* Block Unregistered Images\\\n\t\t\tThis functionality can work only when the KubeEnforcer is deployed in Enforce mode.\n" }, "allowKubeEnforcerAudit": { "type": "boolean", "description": "Allow kube enforcer audit.\n" }, "allowedApplications": { "type": "array", "items": { "type": "string" }, "description": "List of application names to allow on the hosts. if provided, only containers of the listed applications will be allowed to run.\n" }, "allowedLabels": { "type": "array", "items": { "type": "string" }, "description": "List of label names to allow on the hosts.\n" }, "allowedRegistries": { "type": "array", "items": { "type": "string" }, "description": "List of registry names to allow on the hosts.\n" }, "antivirusProtection": { "type": "boolean", "description": "This setting is available only when you have license for `Advanced Malware Protection`. Send true to make use of the license and enable the `Real-time Malware Protection` control in the Host Runtime policies.\n" }, "aquaVersion": { "type": "string", "description": "Aqua server version\n" }, "auditAll": { "type": "boolean", "description": "Agent will send extra audit messages to the server for success operations from inside the container (runtime).\n" }, "autoCopySecrets": { "type": "boolean", "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected. Select this option if you want Aqua Enterprise to copy the secrets defined above to the Pod Enforcer namespace and container. Otherwise, you can choose to copy these secrets by other means.\n" }, "autoDiscoverConfigureRegistries": { "type": "boolean", "description": "This option is available only if `Enable workload discovery` is selected. If selected, the KubeEnforcer will add previously unknown image registries from the cluster to Aqua.\n" }, "autoDiscoveryEnabled": { "type": "boolean", "description": "When this option is selected, the KubeEnforcer will discover workloads on its cluster.\n" }, "autoScanDiscoveredImagesRunningContainers": { "type": "boolean", "description": "This option is available only if `Enable workload discovery` is selected. If selected, the KubeEnforcer will automatically register images running as workloads (and scan the discovered images for security issues).\n" }, "behavioralEngine": { "type": "boolean", "description": "Select Enabled to detect suspicious activity in your containers and display potential security threats in the Incidents and Audit pages.\n" }, "blockAdmissionControl": { "type": "boolean", "description": "This applies only if both `Enable admission control` and Enforce mode are set. This additional option must be selected for admission control to work if the KubeEnforcer is not connected to any Gateway. If this option is not selected, admission control will be disabled; this will have no effect on containers already running.\n" }, "commands": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FEnforcerGroupsCommand:EnforcerGroupsCommand" }, "description": "The installation command.\n" }, "connectedCount": { "type": "integer", "description": "Number of connected enforcers in the enforcer group.\n" }, "containerActivityProtection": { "type": "boolean", "description": "Set `True` to apply Container Runtime Policies, Image Profiles, and Firewall Policies to containers.\n" }, "containerAntivirusProtection": { "type": "boolean", "description": "This setting is available only when you have license for `Advanced Malware Protection`. Send true to make use of the license and enable the `Real-time Malware Protection` control in the Container Runtime policies.\n" }, "description": { "type": "string", "description": "A description of the Aqua Enforcer group.\n" }, "disconnectedCount": { "type": "integer", "description": "Number of disconnected enforcers in the enforcer group.\n" }, "enforce": { "type": "boolean", "description": "Whether to enable enforce mode on the Enforcers, defaults to False.\n" }, "enforcerImageName": { "type": "string", "description": "The specific Aqua Enforcer product image (with image tag) to be deployed.\n" }, "forensics": { "type": "boolean", "description": "Select Enabled to send activity logs in your containers to the Aqua Server for forensics purposes.\n" }, "gatewayAddress": { "type": "string", "description": "Gateway Address\n" }, "gatewayName": { "type": "string", "description": "Gateway Name\n" }, "gateways": { "type": "array", "items": { "type": "string" }, "description": "List of Aqua gateway IDs for the Enforcers.\n" }, "groupId": { "type": "string", "description": "The ID of the Enforcer group.\n" }, "highVulns": { "type": "integer", "description": "Number of high vulnerabilities in the enforcers that in this enforcer group.\n" }, "hostAssurance": { "type": "boolean", "description": "Set `True` to enable host scanning and respective Host Assurance controls.\n" }, "hostBehavioralEngine": { "type": "boolean", "description": "Set `True` to enable these Host Runtime Policy controls: `OS Users and Groups Allowed` and `OS Users and Groups Blocked`\n" }, "hostForensics": { "type": "boolean", "description": "Select Enabled to send activity logs in your host to the Aqua Server for forensics purposes.\n" }, "hostNetworkProtection": { "type": "boolean", "description": "Set `True` to apply Firewall Policies to hosts, and allow recording network maps for Aqua services. The Network Firewall setting must be disabled when deploying the Aqua Enforcer on a machine running Rocky Linux. See https://docs.aquasec.com/docs/platform-support-limitations-rocky-linux for further information\n" }, "hostOs": { "type": "string", "description": "The OS type for the host\n" }, "hostProtection": { "type": "boolean", "description": "Set `True` to enable all Host Runtime Policy controls except for `OS Users and Groups Allowed` and `OS Users and Groups Blocked`.\n" }, "hostUserProtection": { "type": "boolean", "description": "Set `True` to enable these Host Runtime Policy controls: `OS Users and Groups Allowed` and `OS Users and Groups Blocked`\n" }, "hostname": { "type": "string", "description": "The hostname\n" }, "hostsCount": { "type": "integer", "description": "Number of enforcers in the enforcer group.\n" }, "imageAssurance": { "type": "boolean", "description": "Set `True` to enable selected controls: Container Runtime Policy (`Block Non-Compliant Images`, `Block Unregistered Images`, and `Registries Allowed`) and Default Image Assurance Policy (`Images Blocked`).\n" }, "installCommand": { "type": "string", "description": "Enforcer install command\n" }, "kubeBenchImageName": { "type": "string", "description": "See https://docs.aquasec.com/docs/securing-kubernetes-applications#section-configuration-hardening, The KubeEnforcer can deploy the Aqua Security kube-bench open-source product to perform Kubernetes CIS benchmark testing of nodes.\n\t\t\tThis field specifies the path and file name of the kube-bench product image for the KubeEnforcer to deploy; it will be filled in automatically. You can optionally enter a different value.\n" }, "lastUpdate": { "type": "integer", "description": "The last date and time the batch token was updated in UNIX time.\n" }, "logicalName": { "type": "string", "description": "Name for the batch install record.\n" }, "lowVulns": { "type": "integer", "description": "Number of low vulnerabilities in the enforcers that in this enforcer group.\n" }, "medVulns": { "type": "integer", "description": "Number of medium vulnerabilities in the enforcers that in this enforcer group.\n" }, "microEnforcerCertsSecretsName": { "type": "string", "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected.\n" }, "microEnforcerImageName": { "type": "string", "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected. This field specifies the path and file name of the KubeEnforcer product image to be deployed; it will be filled in automatically. You can optionally enter a different value.\n" }, "microEnforcerInjection": { "type": "boolean", "description": "This applies only if both `Enable admission control` and Enforce mode are set. This additional option must be selected for admission control to work if the KubeEnforcer is not connected to any Gateway. If this option is not selected, admission control will be disabled; this will have no effect on containers already running.\n" }, "microEnforcerSecretsName": { "type": "string", "description": "You can specify the name of the secret (in the Aqua namespace) that Aqua copies into the Pod Enforcer namespace and kube-bench, allowing them access to the Pod Enforcer and kube-bench product images, respectively.\n" }, "negVulns": { "type": "integer", "description": "Number of negligible vulnerabilities in the enforcers that in this enforcer group.\n" }, "networkProtection": { "type": "boolean", "description": "Send true to apply Firewall Policies to containers, and allow recording network maps for Aqua services. The Network Firewall setting must be disabled when deploying the Aqua Enforcer on a machine running Rocky Linux. See https://docs.aquasec.com/docs/platform-support-limitations-rocky-linux for further information.\n" }, "orchestrators": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FEnforcerGroupsOrchestrator:EnforcerGroupsOrchestrator" }, "description": "The orchestrator for which you are creating the Enforcer group.\n" }, "pasDeploymentLink": { "type": "string", "description": "pas deployment link\n" }, "permission": { "type": "string", "description": "Permission Action\n" }, "riskExplorerAutoDiscovery": { "type": "boolean", "description": "Set `True` to allow Enforcers to be discovered in the Risk Explorer.\n" }, "runtimePolicyName": { "type": "string", "description": "Function Runtime Policy that will applay on the nano enforcer.\n" }, "runtimeType": { "type": "string", "description": "The container runtime environment.\n" }, "syncHostImages": { "type": "boolean", "description": "Set `True` to configure Enforcers to discover local host images. Discovered images will be listed under Images > Host Images, as well as under Infrastructure (in the Images tab for applicable hosts).\n" }, "syscallEnabled": { "type": "boolean", "description": "Set `True` will allow profiling and monitoring system calls made by running containers.\n" }, "token": { "type": "string", "description": "The batch install token.\n" }, "type": { "type": "string", "description": "Enforcer Type.\n" }, "userAccessControl": { "type": "boolean", "description": "Set `True` to apply User Access Control Policies to containers. Note that Aqua Enforcers must be deployed with the AQUA*RUNC*INTERCEPTION environment variable set to 0 in order to use User Access Control Policies.\n" } }, "type": "object", "required": [ "aquaVersion", "autoCopySecrets", "commands", "connectedCount", "disconnectedCount", "enforcerImageName", "gatewayAddress", "gatewayName", "gateways", "groupId", "highVulns", "hostOs", "hostname", "hostsCount", "installCommand", "kubeBenchImageName", "lastUpdate", "logicalName", "lowVulns", "medVulns", "microEnforcerImageName", "microEnforcerSecretsName", "negVulns", "orchestrators", "pasDeploymentLink", "runtimePolicyName", "runtimeType", "token", "type" ], "inputProperties": { "admissionControl": { "type": "boolean", "description": "Selecting this option will allow the KubeEnforcer to block the deployment of container images that have failed any of these Container Runtime Policy controls:\\\n\t\t\t* Block Non-Compliant Images\\\n\t\t\t* Block Non-Compliant Workloads\\\n\t\t\t* Block Unregistered Images\\\n\t\t\tThis functionality can work only when the KubeEnforcer is deployed in Enforce mode.\n" }, "allowKubeEnforcerAudit": { "type": "boolean", "description": "Allow kube enforcer audit.\n" }, "allowedApplications": { "type": "array", "items": { "type": "string" }, "description": "List of application names to allow on the hosts. if provided, only containers of the listed applications will be allowed to run.\n" }, "allowedLabels": { "type": "array", "items": { "type": "string" }, "description": "List of label names to allow on the hosts.\n" }, "allowedRegistries": { "type": "array", "items": { "type": "string" }, "description": "List of registry names to allow on the hosts.\n" }, "antivirusProtection": { "type": "boolean", "description": "This setting is available only when you have license for `Advanced Malware Protection`. Send true to make use of the license and enable the `Real-time Malware Protection` control in the Host Runtime policies.\n" }, "auditAll": { "type": "boolean", "description": "Agent will send extra audit messages to the server for success operations from inside the container (runtime).\n" }, "autoCopySecrets": { "type": "boolean", "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected. Select this option if you want Aqua Enterprise to copy the secrets defined above to the Pod Enforcer namespace and container. Otherwise, you can choose to copy these secrets by other means.\n" }, "autoDiscoverConfigureRegistries": { "type": "boolean", "description": "This option is available only if `Enable workload discovery` is selected. If selected, the KubeEnforcer will add previously unknown image registries from the cluster to Aqua.\n" }, "autoDiscoveryEnabled": { "type": "boolean", "description": "When this option is selected, the KubeEnforcer will discover workloads on its cluster.\n" }, "autoScanDiscoveredImagesRunningContainers": { "type": "boolean", "description": "This option is available only if `Enable workload discovery` is selected. If selected, the KubeEnforcer will automatically register images running as workloads (and scan the discovered images for security issues).\n" }, "behavioralEngine": { "type": "boolean", "description": "Select Enabled to detect suspicious activity in your containers and display potential security threats in the Incidents and Audit pages.\n" }, "blockAdmissionControl": { "type": "boolean", "description": "This applies only if both `Enable admission control` and Enforce mode are set. This additional option must be selected for admission control to work if the KubeEnforcer is not connected to any Gateway. If this option is not selected, admission control will be disabled; this will have no effect on containers already running.\n" }, "containerActivityProtection": { "type": "boolean", "description": "Set `True` to apply Container Runtime Policies, Image Profiles, and Firewall Policies to containers.\n" }, "containerAntivirusProtection": { "type": "boolean", "description": "This setting is available only when you have license for `Advanced Malware Protection`. Send true to make use of the license and enable the `Real-time Malware Protection` control in the Container Runtime policies.\n" }, "description": { "type": "string", "description": "A description of the Aqua Enforcer group.\n" }, "enforce": { "type": "boolean", "description": "Whether to enable enforce mode on the Enforcers, defaults to False.\n" }, "forensics": { "type": "boolean", "description": "Select Enabled to send activity logs in your containers to the Aqua Server for forensics purposes.\n" }, "gateways": { "type": "array", "items": { "type": "string" }, "description": "List of Aqua gateway IDs for the Enforcers.\n" }, "groupId": { "type": "string", "description": "The ID of the Enforcer group.\n", "willReplaceOnChanges": true }, "hostAssurance": { "type": "boolean", "description": "Set `True` to enable host scanning and respective Host Assurance controls.\n" }, "hostBehavioralEngine": { "type": "boolean", "description": "Set `True` to enable these Host Runtime Policy controls: `OS Users and Groups Allowed` and `OS Users and Groups Blocked`\n" }, "hostForensics": { "type": "boolean", "description": "Select Enabled to send activity logs in your host to the Aqua Server for forensics purposes.\n" }, "hostNetworkProtection": { "type": "boolean", "description": "Set `True` to apply Firewall Policies to hosts, and allow recording network maps for Aqua services. The Network Firewall setting must be disabled when deploying the Aqua Enforcer on a machine running Rocky Linux. See https://docs.aquasec.com/docs/platform-support-limitations-rocky-linux for further information\n" }, "hostOs": { "type": "string", "description": "The OS type for the host\n", "willReplaceOnChanges": true }, "hostProtection": { "type": "boolean", "description": "Set `True` to enable all Host Runtime Policy controls except for `OS Users and Groups Allowed` and `OS Users and Groups Blocked`.\n" }, "hostUserProtection": { "type": "boolean", "description": "Set `True` to enable these Host Runtime Policy controls: `OS Users and Groups Allowed` and `OS Users and Groups Blocked`\n" }, "imageAssurance": { "type": "boolean", "description": "Set `True` to enable selected controls: Container Runtime Policy (`Block Non-Compliant Images`, `Block Unregistered Images`, and `Registries Allowed`) and Default Image Assurance Policy (`Images Blocked`).\n" }, "kubeBenchImageName": { "type": "string", "description": "See https://docs.aquasec.com/docs/securing-kubernetes-applications#section-configuration-hardening, The KubeEnforcer can deploy the Aqua Security kube-bench open-source product to perform Kubernetes CIS benchmark testing of nodes.\n\t\t\tThis field specifies the path and file name of the kube-bench product image for the KubeEnforcer to deploy; it will be filled in automatically. You can optionally enter a different value.\n" }, "logicalName": { "type": "string", "description": "Name for the batch install record.\n" }, "microEnforcerCertsSecretsName": { "type": "string", "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected.\n" }, "microEnforcerImageName": { "type": "string", "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected. This field specifies the path and file name of the KubeEnforcer product image to be deployed; it will be filled in automatically. You can optionally enter a different value.\n" }, "microEnforcerInjection": { "type": "boolean", "description": "This applies only if both `Enable admission control` and Enforce mode are set. This additional option must be selected for admission control to work if the KubeEnforcer is not connected to any Gateway. If this option is not selected, admission control will be disabled; this will have no effect on containers already running.\n" }, "microEnforcerSecretsName": { "type": "string", "description": "You can specify the name of the secret (in the Aqua namespace) that Aqua copies into the Pod Enforcer namespace and kube-bench, allowing them access to the Pod Enforcer and kube-bench product images, respectively.\n" }, "networkProtection": { "type": "boolean", "description": "Send true to apply Firewall Policies to containers, and allow recording network maps for Aqua services. The Network Firewall setting must be disabled when deploying the Aqua Enforcer on a machine running Rocky Linux. See https://docs.aquasec.com/docs/platform-support-limitations-rocky-linux for further information.\n" }, "orchestrators": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FEnforcerGroupsOrchestrator:EnforcerGroupsOrchestrator" }, "description": "The orchestrator for which you are creating the Enforcer group.\n" }, "permission": { "type": "string", "description": "Permission Action\n" }, "riskExplorerAutoDiscovery": { "type": "boolean", "description": "Set `True` to allow Enforcers to be discovered in the Risk Explorer.\n" }, "runtimeType": { "type": "string", "description": "The container runtime environment.\n" }, "syncHostImages": { "type": "boolean", "description": "Set `True` to configure Enforcers to discover local host images. Discovered images will be listed under Images > Host Images, as well as under Infrastructure (in the Images tab for applicable hosts).\n" }, "syscallEnabled": { "type": "boolean", "description": "Set `True` will allow profiling and monitoring system calls made by running containers.\n" }, "type": { "type": "string", "description": "Enforcer Type.\n", "willReplaceOnChanges": true }, "userAccessControl": { "type": "boolean", "description": "Set `True` to apply User Access Control Policies to containers. Note that Aqua Enforcers must be deployed with the AQUA*RUNC*INTERCEPTION environment variable set to 0 in order to use User Access Control Policies.\n" } }, "requiredInputs": [ "groupId", "orchestrators", "type" ], "stateInputs": { "description": "Input properties used for looking up and filtering EnforcerGroups resources.\n", "properties": { "admissionControl": { "type": "boolean", "description": "Selecting this option will allow the KubeEnforcer to block the deployment of container images that have failed any of these Container Runtime Policy controls:\\\n\t\t\t* Block Non-Compliant Images\\\n\t\t\t* Block Non-Compliant Workloads\\\n\t\t\t* Block Unregistered Images\\\n\t\t\tThis functionality can work only when the KubeEnforcer is deployed in Enforce mode.\n" }, "allowKubeEnforcerAudit": { "type": "boolean", "description": "Allow kube enforcer audit.\n" }, "allowedApplications": { "type": "array", "items": { "type": "string" }, "description": "List of application names to allow on the hosts. if provided, only containers of the listed applications will be allowed to run.\n" }, "allowedLabels": { "type": "array", "items": { "type": "string" }, "description": "List of label names to allow on the hosts.\n" }, "allowedRegistries": { "type": "array", "items": { "type": "string" }, "description": "List of registry names to allow on the hosts.\n" }, "antivirusProtection": { "type": "boolean", "description": "This setting is available only when you have license for `Advanced Malware Protection`. Send true to make use of the license and enable the `Real-time Malware Protection` control in the Host Runtime policies.\n" }, "aquaVersion": { "type": "string", "description": "Aqua server version\n" }, "auditAll": { "type": "boolean", "description": "Agent will send extra audit messages to the server for success operations from inside the container (runtime).\n" }, "autoCopySecrets": { "type": "boolean", "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected. Select this option if you want Aqua Enterprise to copy the secrets defined above to the Pod Enforcer namespace and container. Otherwise, you can choose to copy these secrets by other means.\n" }, "autoDiscoverConfigureRegistries": { "type": "boolean", "description": "This option is available only if `Enable workload discovery` is selected. If selected, the KubeEnforcer will add previously unknown image registries from the cluster to Aqua.\n" }, "autoDiscoveryEnabled": { "type": "boolean", "description": "When this option is selected, the KubeEnforcer will discover workloads on its cluster.\n" }, "autoScanDiscoveredImagesRunningContainers": { "type": "boolean", "description": "This option is available only if `Enable workload discovery` is selected. If selected, the KubeEnforcer will automatically register images running as workloads (and scan the discovered images for security issues).\n" }, "behavioralEngine": { "type": "boolean", "description": "Select Enabled to detect suspicious activity in your containers and display potential security threats in the Incidents and Audit pages.\n" }, "blockAdmissionControl": { "type": "boolean", "description": "This applies only if both `Enable admission control` and Enforce mode are set. This additional option must be selected for admission control to work if the KubeEnforcer is not connected to any Gateway. If this option is not selected, admission control will be disabled; this will have no effect on containers already running.\n" }, "commands": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FEnforcerGroupsCommand:EnforcerGroupsCommand" }, "description": "The installation command.\n" }, "connectedCount": { "type": "integer", "description": "Number of connected enforcers in the enforcer group.\n" }, "containerActivityProtection": { "type": "boolean", "description": "Set `True` to apply Container Runtime Policies, Image Profiles, and Firewall Policies to containers.\n" }, "containerAntivirusProtection": { "type": "boolean", "description": "This setting is available only when you have license for `Advanced Malware Protection`. Send true to make use of the license and enable the `Real-time Malware Protection` control in the Container Runtime policies.\n" }, "description": { "type": "string", "description": "A description of the Aqua Enforcer group.\n" }, "disconnectedCount": { "type": "integer", "description": "Number of disconnected enforcers in the enforcer group.\n" }, "enforce": { "type": "boolean", "description": "Whether to enable enforce mode on the Enforcers, defaults to False.\n" }, "enforcerImageName": { "type": "string", "description": "The specific Aqua Enforcer product image (with image tag) to be deployed.\n" }, "forensics": { "type": "boolean", "description": "Select Enabled to send activity logs in your containers to the Aqua Server for forensics purposes.\n" }, "gatewayAddress": { "type": "string", "description": "Gateway Address\n" }, "gatewayName": { "type": "string", "description": "Gateway Name\n" }, "gateways": { "type": "array", "items": { "type": "string" }, "description": "List of Aqua gateway IDs for the Enforcers.\n" }, "groupId": { "type": "string", "description": "The ID of the Enforcer group.\n", "willReplaceOnChanges": true }, "highVulns": { "type": "integer", "description": "Number of high vulnerabilities in the enforcers that in this enforcer group.\n" }, "hostAssurance": { "type": "boolean", "description": "Set `True` to enable host scanning and respective Host Assurance controls.\n" }, "hostBehavioralEngine": { "type": "boolean", "description": "Set `True` to enable these Host Runtime Policy controls: `OS Users and Groups Allowed` and `OS Users and Groups Blocked`\n" }, "hostForensics": { "type": "boolean", "description": "Select Enabled to send activity logs in your host to the Aqua Server for forensics purposes.\n" }, "hostNetworkProtection": { "type": "boolean", "description": "Set `True` to apply Firewall Policies to hosts, and allow recording network maps for Aqua services. The Network Firewall setting must be disabled when deploying the Aqua Enforcer on a machine running Rocky Linux. See https://docs.aquasec.com/docs/platform-support-limitations-rocky-linux for further information\n" }, "hostOs": { "type": "string", "description": "The OS type for the host\n", "willReplaceOnChanges": true }, "hostProtection": { "type": "boolean", "description": "Set `True` to enable all Host Runtime Policy controls except for `OS Users and Groups Allowed` and `OS Users and Groups Blocked`.\n" }, "hostUserProtection": { "type": "boolean", "description": "Set `True` to enable these Host Runtime Policy controls: `OS Users and Groups Allowed` and `OS Users and Groups Blocked`\n" }, "hostname": { "type": "string", "description": "The hostname\n" }, "hostsCount": { "type": "integer", "description": "Number of enforcers in the enforcer group.\n" }, "imageAssurance": { "type": "boolean", "description": "Set `True` to enable selected controls: Container Runtime Policy (`Block Non-Compliant Images`, `Block Unregistered Images`, and `Registries Allowed`) and Default Image Assurance Policy (`Images Blocked`).\n" }, "installCommand": { "type": "string", "description": "Enforcer install command\n" }, "kubeBenchImageName": { "type": "string", "description": "See https://docs.aquasec.com/docs/securing-kubernetes-applications#section-configuration-hardening, The KubeEnforcer can deploy the Aqua Security kube-bench open-source product to perform Kubernetes CIS benchmark testing of nodes.\n\t\t\tThis field specifies the path and file name of the kube-bench product image for the KubeEnforcer to deploy; it will be filled in automatically. You can optionally enter a different value.\n" }, "lastUpdate": { "type": "integer", "description": "The last date and time the batch token was updated in UNIX time.\n" }, "logicalName": { "type": "string", "description": "Name for the batch install record.\n" }, "lowVulns": { "type": "integer", "description": "Number of low vulnerabilities in the enforcers that in this enforcer group.\n" }, "medVulns": { "type": "integer", "description": "Number of medium vulnerabilities in the enforcers that in this enforcer group.\n" }, "microEnforcerCertsSecretsName": { "type": "string", "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected.\n" }, "microEnforcerImageName": { "type": "string", "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected. This field specifies the path and file name of the KubeEnforcer product image to be deployed; it will be filled in automatically. You can optionally enter a different value.\n" }, "microEnforcerInjection": { "type": "boolean", "description": "This applies only if both `Enable admission control` and Enforce mode are set. This additional option must be selected for admission control to work if the KubeEnforcer is not connected to any Gateway. If this option is not selected, admission control will be disabled; this will have no effect on containers already running.\n" }, "microEnforcerSecretsName": { "type": "string", "description": "You can specify the name of the secret (in the Aqua namespace) that Aqua copies into the Pod Enforcer namespace and kube-bench, allowing them access to the Pod Enforcer and kube-bench product images, respectively.\n" }, "negVulns": { "type": "integer", "description": "Number of negligible vulnerabilities in the enforcers that in this enforcer group.\n" }, "networkProtection": { "type": "boolean", "description": "Send true to apply Firewall Policies to containers, and allow recording network maps for Aqua services. The Network Firewall setting must be disabled when deploying the Aqua Enforcer on a machine running Rocky Linux. See https://docs.aquasec.com/docs/platform-support-limitations-rocky-linux for further information.\n" }, "orchestrators": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FEnforcerGroupsOrchestrator:EnforcerGroupsOrchestrator" }, "description": "The orchestrator for which you are creating the Enforcer group.\n" }, "pasDeploymentLink": { "type": "string", "description": "pas deployment link\n" }, "permission": { "type": "string", "description": "Permission Action\n" }, "riskExplorerAutoDiscovery": { "type": "boolean", "description": "Set `True` to allow Enforcers to be discovered in the Risk Explorer.\n" }, "runtimePolicyName": { "type": "string", "description": "Function Runtime Policy that will applay on the nano enforcer.\n" }, "runtimeType": { "type": "string", "description": "The container runtime environment.\n" }, "syncHostImages": { "type": "boolean", "description": "Set `True` to configure Enforcers to discover local host images. Discovered images will be listed under Images > Host Images, as well as under Infrastructure (in the Images tab for applicable hosts).\n" }, "syscallEnabled": { "type": "boolean", "description": "Set `True` will allow profiling and monitoring system calls made by running containers.\n" }, "token": { "type": "string", "description": "The batch install token.\n" }, "type": { "type": "string", "description": "Enforcer Type.\n", "willReplaceOnChanges": true }, "userAccessControl": { "type": "boolean", "description": "Set `True` to apply User Access Control Policies to containers. Note that Aqua Enforcers must be deployed with the AQUA*RUNC*INTERCEPTION environment variable set to 0 in order to use User Access Control Policies.\n" } }, "type": "object" } }, "aquasec:index/firewallPolicy:FirewallPolicy": { "properties": { "author": { "type": "string", "description": "Username of the account that created the policy.\n" }, "blockIcmpPing": { "type": "boolean", "description": "Indicates whether policy includes blocking incoming 'ping' requests.\n" }, "blockMetadataService": { "type": "boolean", "description": "Indicates whether policy includes blocking metadata services of the cloud.\n" }, "description": { "type": "string", "description": "Description of the Firewall Policy.\n" }, "inboundNetworks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFirewallPolicyInboundNetwork:FirewallPolicyInboundNetwork" }, "description": "Information on network addresses that are allowed to pass in data or requests.\n" }, "lastupdate": { "type": "integer", "description": "Timestamp of the last update in Unix time format.\n" }, "name": { "type": "string", "description": "Name of the policy, no longer than 128 characters and no slash characters.\n" }, "outboundNetworks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFirewallPolicyOutboundNetwork:FirewallPolicyOutboundNetwork" }, "description": "Information on network addresses that are allowed to receive data or requests.\n" }, "type": { "type": "string", "description": "Indicates the class of protection defined by the firewall.\n" }, "version": { "type": "string", "description": "Aqua version functionality supported\n" } }, "type": "object", "required": [ "author", "lastupdate", "name", "type", "version" ], "inputProperties": { "blockIcmpPing": { "type": "boolean", "description": "Indicates whether policy includes blocking incoming 'ping' requests.\n" }, "blockMetadataService": { "type": "boolean", "description": "Indicates whether policy includes blocking metadata services of the cloud.\n" }, "description": { "type": "string", "description": "Description of the Firewall Policy.\n" }, "inboundNetworks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFirewallPolicyInboundNetwork:FirewallPolicyInboundNetwork" }, "description": "Information on network addresses that are allowed to pass in data or requests.\n" }, "name": { "type": "string", "description": "Name of the policy, no longer than 128 characters and no slash characters.\n", "willReplaceOnChanges": true }, "outboundNetworks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFirewallPolicyOutboundNetwork:FirewallPolicyOutboundNetwork" }, "description": "Information on network addresses that are allowed to receive data or requests.\n" }, "type": { "type": "string", "description": "Indicates the class of protection defined by the firewall.\n" }, "version": { "type": "string", "description": "Aqua version functionality supported\n" } }, "stateInputs": { "description": "Input properties used for looking up and filtering FirewallPolicy resources.\n", "properties": { "author": { "type": "string", "description": "Username of the account that created the policy.\n" }, "blockIcmpPing": { "type": "boolean", "description": "Indicates whether policy includes blocking incoming 'ping' requests.\n" }, "blockMetadataService": { "type": "boolean", "description": "Indicates whether policy includes blocking metadata services of the cloud.\n" }, "description": { "type": "string", "description": "Description of the Firewall Policy.\n" }, "inboundNetworks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFirewallPolicyInboundNetwork:FirewallPolicyInboundNetwork" }, "description": "Information on network addresses that are allowed to pass in data or requests.\n" }, "lastupdate": { "type": "integer", "description": "Timestamp of the last update in Unix time format.\n" }, "name": { "type": "string", "description": "Name of the policy, no longer than 128 characters and no slash characters.\n", "willReplaceOnChanges": true }, "outboundNetworks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFirewallPolicyOutboundNetwork:FirewallPolicyOutboundNetwork" }, "description": "Information on network addresses that are allowed to receive data or requests.\n" }, "type": { "type": "string", "description": "Indicates the class of protection defined by the firewall.\n" }, "version": { "type": "string", "description": "Aqua version functionality supported\n" } }, "type": "object" } }, "aquasec:index/functionAssurancePolicy:FunctionAssurancePolicy": { "description": "Aqua ensures function security for AWS Lambda, Microsoft Azure, and Google Cloud. This includes:\nScanning functions for vulnerabilities and sensitive data. AWS and Azure functions are also checked for excessive permissions.\nEvaluating function risks based on scan results, according to Function Assurance Policies.\nChecking function compliance with these policies.\nFor AWS and Azure, implementing security actions, such as blocking execution of risky functions or failing the CI/CD pipeline.\nProviding comprehensive audits of all security risks, viewable in Aqua Server or a SIEM system.\n", "properties": { "aggregatedVulnerability": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Aggregated vulnerability information.\n" }, "allowedImages": { "type": "array", "items": { "type": "string" }, "description": "List of explicitly allowed images.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" } }, "assuranceType": { "type": "string", "description": "What type of assurance policy is described.\n" }, "auditOnFailure": { "type": "boolean", "description": "Indicates if auditing for failures.\n" }, "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "autoScanConfigured": { "type": "boolean" }, "autoScanEnabled": { "type": "boolean" }, "autoScanTimes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyAutoScanTime:FunctionAssurancePolicyAutoScanTime" } }, "blacklistPermissions": { "type": "array", "items": { "type": "string" }, "description": "List of function's forbidden permissions.\n" }, "blacklistPermissionsEnabled": { "type": "boolean", "description": "Indicates if blacklist permissions is relevant.\n" }, "blacklistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of blacklisted licenses.\n" }, "blacklistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" }, "blockFailed": { "type": "boolean", "description": "Indicates if failed images are blocked.\n" }, "controlExcludeNoFix": { "type": "boolean" }, "customChecks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyCustomCheck:FunctionAssurancePolicyCustomCheck" }, "description": "List of Custom user scripts for checks.\n" }, "customChecksEnabled": { "type": "boolean", "description": "Indicates if scanning should include custom checks.\n" }, "customSeverity": { "type": "string" }, "customSeverityEnabled": { "type": "boolean" }, "cvesBlackListEnabled": { "type": "boolean", "description": "Indicates if CVEs blacklist is relevant.\n" }, "cvesBlackLists": { "type": "array", "items": { "type": "string" }, "description": "List of CVEs blacklisted items.\n" }, "cvesWhiteListEnabled": { "type": "boolean", "description": "Indicates if CVEs whitelist is relevant.\n" }, "cvesWhiteLists": { "type": "array", "items": { "type": "string" }, "description": "List of cves whitelisted licenses\n" }, "cvssSeverity": { "type": "string", "description": "Identifier of the cvss severity.\n" }, "cvssSeverityEnabled": { "type": "boolean", "description": "Indicates if the cvss severity is scanned.\n" }, "cvssSeverityExcludeNoFix": { "type": "boolean", "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" }, "description": { "type": "string" }, "disallowExploitTypes": { "type": "array", "items": { "type": "string" } }, "disallowMalware": { "type": "boolean", "description": "Indicates if malware should block the image.\n" }, "dockerCisEnabled": { "type": "boolean", "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, "domain": { "type": "string", "description": "Name of the container image.\n" }, "domainName": { "type": "string" }, "dtaEnabled": { "type": "boolean" }, "dtaSeverity": { "type": "string" }, "enabled": { "type": "boolean" }, "enforce": { "type": "boolean" }, "enforceAfterDays": { "type": "integer" }, "enforceExcessivePermissions": { "type": "boolean" }, "exceptionalMonitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" } }, "failCicd": { "type": "boolean", "description": "Indicates if cicd failures will fail the image.\n" }, "forbiddenLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyForbiddenLabel:FunctionAssurancePolicyForbiddenLabel" } }, "forbiddenLabelsEnabled": { "type": "boolean" }, "forceMicroenforcer": { "type": "boolean" }, "functionIntegrityEnabled": { "type": "boolean" }, "ignoreBaseImageVln": { "type": "boolean" }, "ignoreRecentlyPublishedVln": { "type": "boolean" }, "ignoreRecentlyPublishedVlnPeriod": { "type": "integer" }, "ignoreRiskResourcesEnabled": { "type": "boolean", "description": "Indicates if risk resources are ignored.\n" }, "ignoredRiskResources": { "type": "array", "items": { "type": "string" }, "description": "List of ignored risk resources.\n" }, "ignoredSensitiveResources": { "type": "array", "items": { "type": "string" } }, "images": { "type": "array", "items": { "type": "string" }, "description": "List of images.\n" }, "kubeCisEnabled": { "type": "boolean", "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, "kubernetesControls": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyKubernetesControl:FunctionAssurancePolicyKubernetesControl" }, "description": "List of Kubernetes controls.\n" }, "kubernetesControlsAvdIds": { "type": "array", "items": { "type": "string" } }, "kubernetesControlsNames": { "type": "array", "items": { "type": "string" } }, "labels": { "type": "array", "items": { "type": "string" }, "description": "List of labels.\n" }, "lastupdate": { "type": "string" }, "linuxCisEnabled": { "type": "boolean" }, "malwareAction": { "type": "string" }, "maximumScore": { "type": "number", "description": "Value of allowed maximum score.\n" }, "maximumScoreEnabled": { "type": "boolean", "description": "Indicates if exceeding the maximum score is scanned.\n" }, "maximumScoreExcludeNoFix": { "type": "boolean" }, "monitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "name": { "type": "string" }, "onlyNoneRootUsers": { "type": "boolean", "description": "Indicates if raise a warning for images that should only be run as root.\n" }, "openshiftHardeningEnabled": { "type": "boolean" }, "packagesBlackListEnabled": { "type": "boolean", "description": "Indicates if packages blacklist is relevant.\n" }, "packagesBlackLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyPackagesBlackList:FunctionAssurancePolicyPackagesBlackList" }, "description": "List of blacklisted images.\n" }, "packagesWhiteListEnabled": { "type": "boolean", "description": "Indicates if packages whitelist is relevant.\n" }, "packagesWhiteLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyPackagesWhiteList:FunctionAssurancePolicyPackagesWhiteList" }, "description": "List of whitelisted images.\n" }, "partialResultsImageFail": { "type": "boolean" }, "permission": { "type": "string" }, "policySettings": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyPolicySettings:FunctionAssurancePolicyPolicySettings" }, "readOnly": { "type": "boolean" }, "registries": { "type": "array", "items": { "type": "string" }, "description": "List of registries.\n" }, "registry": { "type": "string" }, "requiredLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyRequiredLabel:FunctionAssurancePolicyRequiredLabel" } }, "requiredLabelsEnabled": { "type": "boolean" }, "scanMalwareInArchives": { "type": "boolean" }, "scanNfsMounts": { "type": "boolean" }, "scanProcessMemory": { "type": "boolean" }, "scanSensitiveData": { "type": "boolean", "description": "Indicates if scan should include sensitive data in the image.\n" }, "scanWindowsRegistry": { "type": "boolean" }, "scapEnabled": { "type": "boolean", "description": "Indicates if scanning should include scap.\n" }, "scapFiles": { "type": "array", "items": { "type": "string" }, "description": "List of SCAP user scripts for checks.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyScope:FunctionAssurancePolicyScope" } }, "trustedBaseImages": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyTrustedBaseImage:FunctionAssurancePolicyTrustedBaseImage" }, "description": "List of trusted images.\n" }, "trustedBaseImagesEnabled": { "type": "boolean", "description": "Indicates if list of trusted base images is relevant.\n" }, "vulnerabilityExploitability": { "type": "boolean" }, "vulnerabilityScoreRanges": { "type": "array", "items": { "type": "integer" } }, "whitelistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of whitelisted licenses.\n" }, "whitelistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" } }, "type": "object", "required": [ "applicationScopes", "assuranceType", "author", "autoScanTimes", "customSeverity", "ignoreRecentlyPublishedVlnPeriod", "lastupdate", "name", "permission", "policySettings", "scopes" ], "inputProperties": { "aggregatedVulnerability": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Aggregated vulnerability information.\n" }, "allowedImages": { "type": "array", "items": { "type": "string" }, "description": "List of explicitly allowed images.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" } }, "assuranceType": { "type": "string", "description": "What type of assurance policy is described.\n" }, "auditOnFailure": { "type": "boolean", "description": "Indicates if auditing for failures.\n" }, "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "autoScanConfigured": { "type": "boolean" }, "autoScanEnabled": { "type": "boolean" }, "autoScanTimes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyAutoScanTime:FunctionAssurancePolicyAutoScanTime" } }, "blacklistPermissions": { "type": "array", "items": { "type": "string" }, "description": "List of function's forbidden permissions.\n" }, "blacklistPermissionsEnabled": { "type": "boolean", "description": "Indicates if blacklist permissions is relevant.\n" }, "blacklistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of blacklisted licenses.\n" }, "blacklistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" }, "blockFailed": { "type": "boolean", "description": "Indicates if failed images are blocked.\n" }, "controlExcludeNoFix": { "type": "boolean" }, "customChecks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyCustomCheck:FunctionAssurancePolicyCustomCheck" }, "description": "List of Custom user scripts for checks.\n" }, "customChecksEnabled": { "type": "boolean", "description": "Indicates if scanning should include custom checks.\n" }, "customSeverity": { "type": "string" }, "customSeverityEnabled": { "type": "boolean" }, "cvesBlackListEnabled": { "type": "boolean", "description": "Indicates if CVEs blacklist is relevant.\n" }, "cvesBlackLists": { "type": "array", "items": { "type": "string" }, "description": "List of CVEs blacklisted items.\n" }, "cvesWhiteListEnabled": { "type": "boolean", "description": "Indicates if CVEs whitelist is relevant.\n" }, "cvesWhiteLists": { "type": "array", "items": { "type": "string" }, "description": "List of cves whitelisted licenses\n" }, "cvssSeverity": { "type": "string", "description": "Identifier of the cvss severity.\n" }, "cvssSeverityEnabled": { "type": "boolean", "description": "Indicates if the cvss severity is scanned.\n" }, "cvssSeverityExcludeNoFix": { "type": "boolean", "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" }, "description": { "type": "string" }, "disallowExploitTypes": { "type": "array", "items": { "type": "string" } }, "disallowMalware": { "type": "boolean", "description": "Indicates if malware should block the image.\n" }, "dockerCisEnabled": { "type": "boolean", "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, "domain": { "type": "string", "description": "Name of the container image.\n" }, "domainName": { "type": "string" }, "dtaEnabled": { "type": "boolean" }, "dtaSeverity": { "type": "string" }, "enabled": { "type": "boolean" }, "enforce": { "type": "boolean" }, "enforceAfterDays": { "type": "integer" }, "enforceExcessivePermissions": { "type": "boolean" }, "exceptionalMonitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" } }, "failCicd": { "type": "boolean", "description": "Indicates if cicd failures will fail the image.\n" }, "forbiddenLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyForbiddenLabel:FunctionAssurancePolicyForbiddenLabel" } }, "forbiddenLabelsEnabled": { "type": "boolean" }, "forceMicroenforcer": { "type": "boolean" }, "functionIntegrityEnabled": { "type": "boolean" }, "ignoreBaseImageVln": { "type": "boolean" }, "ignoreRecentlyPublishedVln": { "type": "boolean" }, "ignoreRecentlyPublishedVlnPeriod": { "type": "integer" }, "ignoreRiskResourcesEnabled": { "type": "boolean", "description": "Indicates if risk resources are ignored.\n" }, "ignoredRiskResources": { "type": "array", "items": { "type": "string" }, "description": "List of ignored risk resources.\n" }, "ignoredSensitiveResources": { "type": "array", "items": { "type": "string" } }, "images": { "type": "array", "items": { "type": "string" }, "description": "List of images.\n" }, "kubeCisEnabled": { "type": "boolean", "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, "kubernetesControls": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyKubernetesControl:FunctionAssurancePolicyKubernetesControl" }, "description": "List of Kubernetes controls.\n" }, "kubernetesControlsAvdIds": { "type": "array", "items": { "type": "string" } }, "kubernetesControlsNames": { "type": "array", "items": { "type": "string" } }, "labels": { "type": "array", "items": { "type": "string" }, "description": "List of labels.\n" }, "lastupdate": { "type": "string" }, "linuxCisEnabled": { "type": "boolean" }, "malwareAction": { "type": "string" }, "maximumScore": { "type": "number", "description": "Value of allowed maximum score.\n" }, "maximumScoreEnabled": { "type": "boolean", "description": "Indicates if exceeding the maximum score is scanned.\n" }, "maximumScoreExcludeNoFix": { "type": "boolean" }, "monitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "name": { "type": "string", "willReplaceOnChanges": true }, "onlyNoneRootUsers": { "type": "boolean", "description": "Indicates if raise a warning for images that should only be run as root.\n" }, "openshiftHardeningEnabled": { "type": "boolean" }, "packagesBlackListEnabled": { "type": "boolean", "description": "Indicates if packages blacklist is relevant.\n" }, "packagesBlackLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyPackagesBlackList:FunctionAssurancePolicyPackagesBlackList" }, "description": "List of blacklisted images.\n" }, "packagesWhiteListEnabled": { "type": "boolean", "description": "Indicates if packages whitelist is relevant.\n" }, "packagesWhiteLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyPackagesWhiteList:FunctionAssurancePolicyPackagesWhiteList" }, "description": "List of whitelisted images.\n" }, "partialResultsImageFail": { "type": "boolean" }, "permission": { "type": "string" }, "policySettings": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyPolicySettings:FunctionAssurancePolicyPolicySettings" }, "readOnly": { "type": "boolean" }, "registries": { "type": "array", "items": { "type": "string" }, "description": "List of registries.\n" }, "registry": { "type": "string" }, "requiredLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyRequiredLabel:FunctionAssurancePolicyRequiredLabel" } }, "requiredLabelsEnabled": { "type": "boolean" }, "scanMalwareInArchives": { "type": "boolean" }, "scanNfsMounts": { "type": "boolean" }, "scanProcessMemory": { "type": "boolean" }, "scanSensitiveData": { "type": "boolean", "description": "Indicates if scan should include sensitive data in the image.\n" }, "scanWindowsRegistry": { "type": "boolean" }, "scapEnabled": { "type": "boolean", "description": "Indicates if scanning should include scap.\n" }, "scapFiles": { "type": "array", "items": { "type": "string" }, "description": "List of SCAP user scripts for checks.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyScope:FunctionAssurancePolicyScope" } }, "trustedBaseImages": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyTrustedBaseImage:FunctionAssurancePolicyTrustedBaseImage" }, "description": "List of trusted images.\n" }, "trustedBaseImagesEnabled": { "type": "boolean", "description": "Indicates if list of trusted base images is relevant.\n" }, "vulnerabilityExploitability": { "type": "boolean" }, "vulnerabilityScoreRanges": { "type": "array", "items": { "type": "integer" } }, "whitelistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of whitelisted licenses.\n" }, "whitelistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" } }, "requiredInputs": [ "applicationScopes" ], "stateInputs": { "description": "Input properties used for looking up and filtering FunctionAssurancePolicy resources.\n", "properties": { "aggregatedVulnerability": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Aggregated vulnerability information.\n" }, "allowedImages": { "type": "array", "items": { "type": "string" }, "description": "List of explicitly allowed images.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" } }, "assuranceType": { "type": "string", "description": "What type of assurance policy is described.\n" }, "auditOnFailure": { "type": "boolean", "description": "Indicates if auditing for failures.\n" }, "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "autoScanConfigured": { "type": "boolean" }, "autoScanEnabled": { "type": "boolean" }, "autoScanTimes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyAutoScanTime:FunctionAssurancePolicyAutoScanTime" } }, "blacklistPermissions": { "type": "array", "items": { "type": "string" }, "description": "List of function's forbidden permissions.\n" }, "blacklistPermissionsEnabled": { "type": "boolean", "description": "Indicates if blacklist permissions is relevant.\n" }, "blacklistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of blacklisted licenses.\n" }, "blacklistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" }, "blockFailed": { "type": "boolean", "description": "Indicates if failed images are blocked.\n" }, "controlExcludeNoFix": { "type": "boolean" }, "customChecks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyCustomCheck:FunctionAssurancePolicyCustomCheck" }, "description": "List of Custom user scripts for checks.\n" }, "customChecksEnabled": { "type": "boolean", "description": "Indicates if scanning should include custom checks.\n" }, "customSeverity": { "type": "string" }, "customSeverityEnabled": { "type": "boolean" }, "cvesBlackListEnabled": { "type": "boolean", "description": "Indicates if CVEs blacklist is relevant.\n" }, "cvesBlackLists": { "type": "array", "items": { "type": "string" }, "description": "List of CVEs blacklisted items.\n" }, "cvesWhiteListEnabled": { "type": "boolean", "description": "Indicates if CVEs whitelist is relevant.\n" }, "cvesWhiteLists": { "type": "array", "items": { "type": "string" }, "description": "List of cves whitelisted licenses\n" }, "cvssSeverity": { "type": "string", "description": "Identifier of the cvss severity.\n" }, "cvssSeverityEnabled": { "type": "boolean", "description": "Indicates if the cvss severity is scanned.\n" }, "cvssSeverityExcludeNoFix": { "type": "boolean", "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" }, "description": { "type": "string" }, "disallowExploitTypes": { "type": "array", "items": { "type": "string" } }, "disallowMalware": { "type": "boolean", "description": "Indicates if malware should block the image.\n" }, "dockerCisEnabled": { "type": "boolean", "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, "domain": { "type": "string", "description": "Name of the container image.\n" }, "domainName": { "type": "string" }, "dtaEnabled": { "type": "boolean" }, "dtaSeverity": { "type": "string" }, "enabled": { "type": "boolean" }, "enforce": { "type": "boolean" }, "enforceAfterDays": { "type": "integer" }, "enforceExcessivePermissions": { "type": "boolean" }, "exceptionalMonitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" } }, "failCicd": { "type": "boolean", "description": "Indicates if cicd failures will fail the image.\n" }, "forbiddenLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyForbiddenLabel:FunctionAssurancePolicyForbiddenLabel" } }, "forbiddenLabelsEnabled": { "type": "boolean" }, "forceMicroenforcer": { "type": "boolean" }, "functionIntegrityEnabled": { "type": "boolean" }, "ignoreBaseImageVln": { "type": "boolean" }, "ignoreRecentlyPublishedVln": { "type": "boolean" }, "ignoreRecentlyPublishedVlnPeriod": { "type": "integer" }, "ignoreRiskResourcesEnabled": { "type": "boolean", "description": "Indicates if risk resources are ignored.\n" }, "ignoredRiskResources": { "type": "array", "items": { "type": "string" }, "description": "List of ignored risk resources.\n" }, "ignoredSensitiveResources": { "type": "array", "items": { "type": "string" } }, "images": { "type": "array", "items": { "type": "string" }, "description": "List of images.\n" }, "kubeCisEnabled": { "type": "boolean", "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, "kubernetesControls": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyKubernetesControl:FunctionAssurancePolicyKubernetesControl" }, "description": "List of Kubernetes controls.\n" }, "kubernetesControlsAvdIds": { "type": "array", "items": { "type": "string" } }, "kubernetesControlsNames": { "type": "array", "items": { "type": "string" } }, "labels": { "type": "array", "items": { "type": "string" }, "description": "List of labels.\n" }, "lastupdate": { "type": "string" }, "linuxCisEnabled": { "type": "boolean" }, "malwareAction": { "type": "string" }, "maximumScore": { "type": "number", "description": "Value of allowed maximum score.\n" }, "maximumScoreEnabled": { "type": "boolean", "description": "Indicates if exceeding the maximum score is scanned.\n" }, "maximumScoreExcludeNoFix": { "type": "boolean" }, "monitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "name": { "type": "string", "willReplaceOnChanges": true }, "onlyNoneRootUsers": { "type": "boolean", "description": "Indicates if raise a warning for images that should only be run as root.\n" }, "openshiftHardeningEnabled": { "type": "boolean" }, "packagesBlackListEnabled": { "type": "boolean", "description": "Indicates if packages blacklist is relevant.\n" }, "packagesBlackLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyPackagesBlackList:FunctionAssurancePolicyPackagesBlackList" }, "description": "List of blacklisted images.\n" }, "packagesWhiteListEnabled": { "type": "boolean", "description": "Indicates if packages whitelist is relevant.\n" }, "packagesWhiteLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyPackagesWhiteList:FunctionAssurancePolicyPackagesWhiteList" }, "description": "List of whitelisted images.\n" }, "partialResultsImageFail": { "type": "boolean" }, "permission": { "type": "string" }, "policySettings": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyPolicySettings:FunctionAssurancePolicyPolicySettings" }, "readOnly": { "type": "boolean" }, "registries": { "type": "array", "items": { "type": "string" }, "description": "List of registries.\n" }, "registry": { "type": "string" }, "requiredLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyRequiredLabel:FunctionAssurancePolicyRequiredLabel" } }, "requiredLabelsEnabled": { "type": "boolean" }, "scanMalwareInArchives": { "type": "boolean" }, "scanNfsMounts": { "type": "boolean" }, "scanProcessMemory": { "type": "boolean" }, "scanSensitiveData": { "type": "boolean", "description": "Indicates if scan should include sensitive data in the image.\n" }, "scanWindowsRegistry": { "type": "boolean" }, "scapEnabled": { "type": "boolean", "description": "Indicates if scanning should include scap.\n" }, "scapFiles": { "type": "array", "items": { "type": "string" }, "description": "List of SCAP user scripts for checks.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyScope:FunctionAssurancePolicyScope" } }, "trustedBaseImages": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionAssurancePolicyTrustedBaseImage:FunctionAssurancePolicyTrustedBaseImage" }, "description": "List of trusted images.\n" }, "trustedBaseImagesEnabled": { "type": "boolean", "description": "Indicates if list of trusted base images is relevant.\n" }, "vulnerabilityExploitability": { "type": "boolean" }, "vulnerabilityScoreRanges": { "type": "array", "items": { "type": "integer" } }, "whitelistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of whitelisted licenses.\n" }, "whitelistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" } }, "type": "object" } }, "aquasec:index/functionRuntimePolicy:FunctionRuntimePolicy": { "description": "## Example Usage\n\n\n```yaml\nresources:\n functionRuntimePolicy:\n type: aquasec:FunctionRuntimePolicy\n properties:\n applicationScopes:\n - Global\n blockMaliciousExecutables: true\n blockMaliciousExecutablesAllowedProcesses:\n - proc1\n - proc2\n blockRunningExecutablesInTmpFolder: true\n blockedExecutables:\n - exe1\n - exe2\n description: function_runtime_policy\n enabled: true\n enforce: false\n scopeVariables:\n - attribute: kubernetes.cluster\n value: default\n - attribute: kubernetes.label\n name: app\n value: aqua\n```\n\n", "properties": { "allowedExecutables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyAllowedExecutable:FunctionRuntimePolicyAllowedExecutable" }, "description": "Allowed executables configuration.\n" }, "allowedRegistries": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyAllowedRegistry:FunctionRuntimePolicyAllowedRegistry" }, "description": "Allowed registries configuration.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" }, "description": "Indicates the application scope of the service.\n" }, "auditBruteForceLogin": { "type": "boolean", "description": "Detects brute force login attempts\n" }, "auditing": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyAuditing:FunctionRuntimePolicyAuditing" }, "author": { "type": "string", "description": "Username of the account that created the service.\n" }, "blacklistedOsUsers": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyBlacklistedOsUsers:FunctionRuntimePolicyBlacklistedOsUsers" }, "blockContainerExec": { "type": "boolean" }, "blockDisallowedImages": { "type": "boolean" }, "blockFilelessExec": { "type": "boolean" }, "blockNonCompliantWorkloads": { "type": "boolean" }, "blockNonK8sContainers": { "type": "boolean" }, "bypassScopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyBypassScope:FunctionRuntimePolicyBypassScope" }, "description": "Bypass scope configuration.\n" }, "containerExec": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyContainerExec:FunctionRuntimePolicyContainerExec" }, "created": { "type": "string" }, "cve": { "type": "string" }, "defaultSecurityProfile": { "type": "string" }, "description": { "type": "string", "description": "The description of the function runtime policy\n" }, "digest": { "type": "string" }, "driftPreventions": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyDriftPrevention:FunctionRuntimePolicyDriftPrevention" }, "description": "Drift prevention configuration.\n" }, "enableCryptoMiningDns": { "type": "boolean" }, "enableForkGuard": { "type": "boolean" }, "enableIpReputation": { "type": "boolean" }, "enablePortScanProtection": { "type": "boolean" }, "enabled": { "type": "boolean", "description": "Indicates if the runtime policy is enabled or not.\n" }, "enforce": { "type": "boolean", "description": "Indicates that policy should effect container execution (not just for audit).\n" }, "enforceAfterDays": { "type": "integer", "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" }, "enforceSchedulerAddedOn": { "type": "integer" }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" }, "description": "List of excluded application scopes.\n" }, "executableBlacklists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyExecutableBlacklist:FunctionRuntimePolicyExecutableBlacklist" }, "description": "Executable blacklist configuration.\n" }, "failedKubernetesChecks": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyFailedKubernetesChecks:FunctionRuntimePolicyFailedKubernetesChecks" }, "fileBlock": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyFileBlock:FunctionRuntimePolicyFileBlock" }, "fileIntegrityMonitorings": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyFileIntegrityMonitoring:FunctionRuntimePolicyFileIntegrityMonitoring" }, "description": "Configuration for file integrity monitoring.\n" }, "forkGuardProcessLimit": { "type": "integer" }, "honeypotAccessKey": { "type": "string", "description": "Honeypot User ID (Access Key)\n" }, "honeypotApplyOns": { "type": "array", "items": { "type": "string" }, "description": "List of options to apply the honeypot on (Environment Vairable, Layer, File)\n" }, "honeypotSecretKey": { "type": "string", "description": "Honeypot User Password (Secret Key)\n", "secret": true }, "honeypotServerlessAppName": { "type": "string", "description": "Serverless application name\n" }, "imageName": { "type": "string" }, "isAuditChecked": { "type": "boolean" }, "isAutoGenerated": { "type": "boolean" }, "isOotbPolicy": { "type": "boolean" }, "lastupdate": { "type": "integer" }, "limitContainerPrivileges": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyLimitContainerPrivilege:FunctionRuntimePolicyLimitContainerPrivilege" }, "description": "Container privileges configuration.\n" }, "linuxCapabilities": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyLinuxCapabilities:FunctionRuntimePolicyLinuxCapabilities" }, "malwareScanOptions": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyMalwareScanOptions:FunctionRuntimePolicyMalwareScanOptions", "description": "Configuration for Real-Time Malware Protection.\n" }, "name": { "type": "string", "description": "Name of the function runtime policy\n" }, "noNewPrivileges": { "type": "boolean" }, "onlyRegisteredImages": { "type": "boolean" }, "packageBlock": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyPackageBlock:FunctionRuntimePolicyPackageBlock" }, "permission": { "type": "string" }, "portBlock": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyPortBlock:FunctionRuntimePolicyPortBlock" }, "readonlyFiles": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyReadonlyFiles:FunctionRuntimePolicyReadonlyFiles" }, "readonlyRegistry": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyReadonlyRegistry:FunctionRuntimePolicyReadonlyRegistry" }, "registry": { "type": "string" }, "registryAccessMonitoring": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyRegistryAccessMonitoring:FunctionRuntimePolicyRegistryAccessMonitoring" }, "repoName": { "type": "string" }, "resourceName": { "type": "string" }, "resourceType": { "type": "string" }, "restrictedVolumes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyRestrictedVolume:FunctionRuntimePolicyRestrictedVolume" }, "description": "Restricted volumes configuration.\n" }, "reverseShell": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyReverseShell:FunctionRuntimePolicyReverseShell" }, "runtimeMode": { "type": "integer" }, "runtimeType": { "type": "string" }, "scopeExpression": { "type": "string", "description": "Logical expression of how to compute the dependency of the scope variables.\n" }, "scopeVariables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyScopeVariable:FunctionRuntimePolicyScopeVariable" }, "description": "List of scope attributes.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyScope:FunctionRuntimePolicyScope" }, "description": "Scope configuration.\n" }, "systemIntegrityProtection": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicySystemIntegrityProtection:FunctionRuntimePolicySystemIntegrityProtection" }, "tripwire": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyTripwire:FunctionRuntimePolicyTripwire" }, "type": { "type": "string" }, "updated": { "type": "string" }, "version": { "type": "string" }, "vpatchVersion": { "type": "string" }, "whitelistedOsUsers": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyWhitelistedOsUsers:FunctionRuntimePolicyWhitelistedOsUsers" } }, "type": "object", "required": [ "allowedExecutables", "allowedRegistries", "applicationScopes", "auditing", "author", "blacklistedOsUsers", "containerExec", "created", "driftPreventions", "executableBlacklists", "failedKubernetesChecks", "fileBlock", "lastupdate", "limitContainerPrivileges", "linuxCapabilities", "name", "packageBlock", "portBlock", "readonlyFiles", "readonlyRegistry", "registryAccessMonitoring", "restrictedVolumes", "reverseShell", "scopeExpression", "scopeVariables", "systemIntegrityProtection", "tripwire", "updated", "whitelistedOsUsers" ], "inputProperties": { "allowedExecutables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyAllowedExecutable:FunctionRuntimePolicyAllowedExecutable" }, "description": "Allowed executables configuration.\n" }, "allowedRegistries": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyAllowedRegistry:FunctionRuntimePolicyAllowedRegistry" }, "description": "Allowed registries configuration.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" }, "description": "Indicates the application scope of the service.\n" }, "auditBruteForceLogin": { "type": "boolean", "description": "Detects brute force login attempts\n" }, "auditing": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyAuditing:FunctionRuntimePolicyAuditing" }, "author": { "type": "string", "description": "Username of the account that created the service.\n" }, "blacklistedOsUsers": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyBlacklistedOsUsers:FunctionRuntimePolicyBlacklistedOsUsers" }, "blockContainerExec": { "type": "boolean" }, "blockDisallowedImages": { "type": "boolean" }, "blockFilelessExec": { "type": "boolean" }, "blockNonCompliantWorkloads": { "type": "boolean" }, "blockNonK8sContainers": { "type": "boolean" }, "bypassScopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyBypassScope:FunctionRuntimePolicyBypassScope" }, "description": "Bypass scope configuration.\n" }, "containerExec": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyContainerExec:FunctionRuntimePolicyContainerExec" }, "created": { "type": "string" }, "cve": { "type": "string" }, "defaultSecurityProfile": { "type": "string" }, "description": { "type": "string", "description": "The description of the function runtime policy\n" }, "digest": { "type": "string" }, "driftPreventions": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyDriftPrevention:FunctionRuntimePolicyDriftPrevention" }, "description": "Drift prevention configuration.\n" }, "enableCryptoMiningDns": { "type": "boolean" }, "enableForkGuard": { "type": "boolean" }, "enableIpReputation": { "type": "boolean" }, "enablePortScanProtection": { "type": "boolean" }, "enabled": { "type": "boolean", "description": "Indicates if the runtime policy is enabled or not.\n" }, "enforce": { "type": "boolean", "description": "Indicates that policy should effect container execution (not just for audit).\n" }, "enforceAfterDays": { "type": "integer", "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" }, "enforceSchedulerAddedOn": { "type": "integer" }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" }, "description": "List of excluded application scopes.\n" }, "executableBlacklists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyExecutableBlacklist:FunctionRuntimePolicyExecutableBlacklist" }, "description": "Executable blacklist configuration.\n" }, "failedKubernetesChecks": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyFailedKubernetesChecks:FunctionRuntimePolicyFailedKubernetesChecks" }, "fileBlock": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyFileBlock:FunctionRuntimePolicyFileBlock" }, "fileIntegrityMonitorings": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyFileIntegrityMonitoring:FunctionRuntimePolicyFileIntegrityMonitoring" }, "description": "Configuration for file integrity monitoring.\n" }, "forkGuardProcessLimit": { "type": "integer" }, "honeypotAccessKey": { "type": "string", "description": "Honeypot User ID (Access Key)\n" }, "honeypotApplyOns": { "type": "array", "items": { "type": "string" }, "description": "List of options to apply the honeypot on (Environment Vairable, Layer, File)\n" }, "honeypotSecretKey": { "type": "string", "description": "Honeypot User Password (Secret Key)\n", "secret": true }, "honeypotServerlessAppName": { "type": "string", "description": "Serverless application name\n" }, "imageName": { "type": "string" }, "isAuditChecked": { "type": "boolean" }, "isAutoGenerated": { "type": "boolean" }, "isOotbPolicy": { "type": "boolean" }, "lastupdate": { "type": "integer" }, "limitContainerPrivileges": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyLimitContainerPrivilege:FunctionRuntimePolicyLimitContainerPrivilege" }, "description": "Container privileges configuration.\n" }, "linuxCapabilities": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyLinuxCapabilities:FunctionRuntimePolicyLinuxCapabilities" }, "malwareScanOptions": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyMalwareScanOptions:FunctionRuntimePolicyMalwareScanOptions", "description": "Configuration for Real-Time Malware Protection.\n" }, "name": { "type": "string", "description": "Name of the function runtime policy\n", "willReplaceOnChanges": true }, "noNewPrivileges": { "type": "boolean" }, "onlyRegisteredImages": { "type": "boolean" }, "packageBlock": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyPackageBlock:FunctionRuntimePolicyPackageBlock" }, "permission": { "type": "string" }, "portBlock": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyPortBlock:FunctionRuntimePolicyPortBlock" }, "readonlyFiles": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyReadonlyFiles:FunctionRuntimePolicyReadonlyFiles" }, "readonlyRegistry": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyReadonlyRegistry:FunctionRuntimePolicyReadonlyRegistry" }, "registry": { "type": "string" }, "registryAccessMonitoring": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyRegistryAccessMonitoring:FunctionRuntimePolicyRegistryAccessMonitoring" }, "repoName": { "type": "string" }, "resourceName": { "type": "string" }, "resourceType": { "type": "string" }, "restrictedVolumes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyRestrictedVolume:FunctionRuntimePolicyRestrictedVolume" }, "description": "Restricted volumes configuration.\n" }, "reverseShell": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyReverseShell:FunctionRuntimePolicyReverseShell" }, "runtimeMode": { "type": "integer" }, "runtimeType": { "type": "string" }, "scopeExpression": { "type": "string", "description": "Logical expression of how to compute the dependency of the scope variables.\n" }, "scopeVariables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyScopeVariable:FunctionRuntimePolicyScopeVariable" }, "description": "List of scope attributes.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyScope:FunctionRuntimePolicyScope" }, "description": "Scope configuration.\n" }, "systemIntegrityProtection": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicySystemIntegrityProtection:FunctionRuntimePolicySystemIntegrityProtection" }, "tripwire": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyTripwire:FunctionRuntimePolicyTripwire" }, "type": { "type": "string" }, "updated": { "type": "string" }, "version": { "type": "string" }, "vpatchVersion": { "type": "string" }, "whitelistedOsUsers": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyWhitelistedOsUsers:FunctionRuntimePolicyWhitelistedOsUsers" } }, "stateInputs": { "description": "Input properties used for looking up and filtering FunctionRuntimePolicy resources.\n", "properties": { "allowedExecutables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyAllowedExecutable:FunctionRuntimePolicyAllowedExecutable" }, "description": "Allowed executables configuration.\n" }, "allowedRegistries": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyAllowedRegistry:FunctionRuntimePolicyAllowedRegistry" }, "description": "Allowed registries configuration.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" }, "description": "Indicates the application scope of the service.\n" }, "auditBruteForceLogin": { "type": "boolean", "description": "Detects brute force login attempts\n" }, "auditing": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyAuditing:FunctionRuntimePolicyAuditing" }, "author": { "type": "string", "description": "Username of the account that created the service.\n" }, "blacklistedOsUsers": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyBlacklistedOsUsers:FunctionRuntimePolicyBlacklistedOsUsers" }, "blockContainerExec": { "type": "boolean" }, "blockDisallowedImages": { "type": "boolean" }, "blockFilelessExec": { "type": "boolean" }, "blockNonCompliantWorkloads": { "type": "boolean" }, "blockNonK8sContainers": { "type": "boolean" }, "bypassScopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyBypassScope:FunctionRuntimePolicyBypassScope" }, "description": "Bypass scope configuration.\n" }, "containerExec": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyContainerExec:FunctionRuntimePolicyContainerExec" }, "created": { "type": "string" }, "cve": { "type": "string" }, "defaultSecurityProfile": { "type": "string" }, "description": { "type": "string", "description": "The description of the function runtime policy\n" }, "digest": { "type": "string" }, "driftPreventions": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyDriftPrevention:FunctionRuntimePolicyDriftPrevention" }, "description": "Drift prevention configuration.\n" }, "enableCryptoMiningDns": { "type": "boolean" }, "enableForkGuard": { "type": "boolean" }, "enableIpReputation": { "type": "boolean" }, "enablePortScanProtection": { "type": "boolean" }, "enabled": { "type": "boolean", "description": "Indicates if the runtime policy is enabled or not.\n" }, "enforce": { "type": "boolean", "description": "Indicates that policy should effect container execution (not just for audit).\n" }, "enforceAfterDays": { "type": "integer", "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" }, "enforceSchedulerAddedOn": { "type": "integer" }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" }, "description": "List of excluded application scopes.\n" }, "executableBlacklists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyExecutableBlacklist:FunctionRuntimePolicyExecutableBlacklist" }, "description": "Executable blacklist configuration.\n" }, "failedKubernetesChecks": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyFailedKubernetesChecks:FunctionRuntimePolicyFailedKubernetesChecks" }, "fileBlock": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyFileBlock:FunctionRuntimePolicyFileBlock" }, "fileIntegrityMonitorings": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyFileIntegrityMonitoring:FunctionRuntimePolicyFileIntegrityMonitoring" }, "description": "Configuration for file integrity monitoring.\n" }, "forkGuardProcessLimit": { "type": "integer" }, "honeypotAccessKey": { "type": "string", "description": "Honeypot User ID (Access Key)\n" }, "honeypotApplyOns": { "type": "array", "items": { "type": "string" }, "description": "List of options to apply the honeypot on (Environment Vairable, Layer, File)\n" }, "honeypotSecretKey": { "type": "string", "description": "Honeypot User Password (Secret Key)\n", "secret": true }, "honeypotServerlessAppName": { "type": "string", "description": "Serverless application name\n" }, "imageName": { "type": "string" }, "isAuditChecked": { "type": "boolean" }, "isAutoGenerated": { "type": "boolean" }, "isOotbPolicy": { "type": "boolean" }, "lastupdate": { "type": "integer" }, "limitContainerPrivileges": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyLimitContainerPrivilege:FunctionRuntimePolicyLimitContainerPrivilege" }, "description": "Container privileges configuration.\n" }, "linuxCapabilities": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyLinuxCapabilities:FunctionRuntimePolicyLinuxCapabilities" }, "malwareScanOptions": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyMalwareScanOptions:FunctionRuntimePolicyMalwareScanOptions", "description": "Configuration for Real-Time Malware Protection.\n" }, "name": { "type": "string", "description": "Name of the function runtime policy\n", "willReplaceOnChanges": true }, "noNewPrivileges": { "type": "boolean" }, "onlyRegisteredImages": { "type": "boolean" }, "packageBlock": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyPackageBlock:FunctionRuntimePolicyPackageBlock" }, "permission": { "type": "string" }, "portBlock": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyPortBlock:FunctionRuntimePolicyPortBlock" }, "readonlyFiles": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyReadonlyFiles:FunctionRuntimePolicyReadonlyFiles" }, "readonlyRegistry": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyReadonlyRegistry:FunctionRuntimePolicyReadonlyRegistry" }, "registry": { "type": "string" }, "registryAccessMonitoring": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyRegistryAccessMonitoring:FunctionRuntimePolicyRegistryAccessMonitoring" }, "repoName": { "type": "string" }, "resourceName": { "type": "string" }, "resourceType": { "type": "string" }, "restrictedVolumes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyRestrictedVolume:FunctionRuntimePolicyRestrictedVolume" }, "description": "Restricted volumes configuration.\n" }, "reverseShell": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyReverseShell:FunctionRuntimePolicyReverseShell" }, "runtimeMode": { "type": "integer" }, "runtimeType": { "type": "string" }, "scopeExpression": { "type": "string", "description": "Logical expression of how to compute the dependency of the scope variables.\n" }, "scopeVariables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyScopeVariable:FunctionRuntimePolicyScopeVariable" }, "description": "List of scope attributes.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyScope:FunctionRuntimePolicyScope" }, "description": "Scope configuration.\n" }, "systemIntegrityProtection": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicySystemIntegrityProtection:FunctionRuntimePolicySystemIntegrityProtection" }, "tripwire": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyTripwire:FunctionRuntimePolicyTripwire" }, "type": { "type": "string" }, "updated": { "type": "string" }, "version": { "type": "string" }, "vpatchVersion": { "type": "string" }, "whitelistedOsUsers": { "$ref": "#/types/aquasec:index%2FFunctionRuntimePolicyWhitelistedOsUsers:FunctionRuntimePolicyWhitelistedOsUsers" } }, "type": "object" } }, "aquasec:index/group:Group": { "description": "The `aquasec.Group` resource manages your groups within Aqua.\n\nThe Groups created must have at least one Role that is already present within Aqua.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst group = new aquasec.Group(\"group\", {});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\ngroup = aquasec.Group(\"group\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() => \n{\n var @group = new Aquasec.Group(\"group\");\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewGroup(ctx, \"group\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.Group;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var group = new Group(\"group\");\n\n }\n}\n```\n```yaml\nresources:\n group:\n type: aquasec:Group\n```\n\n", "properties": { "created": { "type": "string", "description": "The creation date of the group.\n" }, "groupId": { "type": "integer", "description": "The ID of the created group.\n" }, "name": { "type": "string", "description": "The desired name of the group.\n" } }, "type": "object", "required": [ "created", "groupId", "name" ], "inputProperties": { "name": { "type": "string", "description": "The desired name of the group.\n" } }, "stateInputs": { "description": "Input properties used for looking up and filtering Group resources.\n", "properties": { "created": { "type": "string", "description": "The creation date of the group.\n" }, "groupId": { "type": "integer", "description": "The ID of the created group.\n", "willReplaceOnChanges": true }, "name": { "type": "string", "description": "The desired name of the group.\n" } }, "type": "object" } }, "aquasec:index/hostAssurancePolicy:HostAssurancePolicy": { "description": "Host Assurance is a subsystem of Aqua. It is responsible for:\n Scans host VMs and Kubernetes nodes' file system for security issues, vulnerabilities in OS and programming language packages, open-source licenses, and compliance with CIS benchmarks.\nEvaluates scan findings according to defined Host Assurance Policies.\nDetermines host compliance based on these policies.\nGenerates an audit event for host assurance failure.\n", "properties": { "aggregatedVulnerability": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Aggregated vulnerability information.\n" }, "allowedImages": { "type": "array", "items": { "type": "string" }, "description": "List of explicitly allowed images.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" } }, "assuranceType": { "type": "string", "description": "What type of assurance policy is described.\n" }, "auditOnFailure": { "type": "boolean", "description": "Indicates if auditing for failures.\n" }, "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "autoScanConfigured": { "type": "boolean" }, "autoScanEnabled": { "type": "boolean" }, "autoScanTimes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyAutoScanTime:HostAssurancePolicyAutoScanTime" } }, "blacklistPermissions": { "type": "array", "items": { "type": "string" }, "description": "List of function's forbidden permissions.\n" }, "blacklistPermissionsEnabled": { "type": "boolean", "description": "Indicates if blacklist permissions is relevant.\n" }, "blacklistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of blacklisted licenses.\n" }, "blacklistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" }, "blockFailed": { "type": "boolean", "description": "Indicates if failed images are blocked.\n" }, "controlExcludeNoFix": { "type": "boolean" }, "customChecks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyCustomCheck:HostAssurancePolicyCustomCheck" }, "description": "List of Custom user scripts for checks.\n" }, "customChecksEnabled": { "type": "boolean", "description": "Indicates if scanning should include custom checks.\n" }, "customSeverity": { "type": "string" }, "customSeverityEnabled": { "type": "boolean" }, "cvesBlackListEnabled": { "type": "boolean", "description": "Indicates if CVEs blacklist is relevant.\n" }, "cvesBlackLists": { "type": "array", "items": { "type": "string" }, "description": "List of CVEs blacklisted items.\n" }, "cvesWhiteListEnabled": { "type": "boolean", "description": "Indicates if CVEs whitelist is relevant.\n" }, "cvesWhiteLists": { "type": "array", "items": { "type": "string" }, "description": "List of cves whitelisted licenses\n" }, "cvssSeverity": { "type": "string", "description": "Identifier of the cvss severity.\n" }, "cvssSeverityEnabled": { "type": "boolean", "description": "Indicates if the cvss severity is scanned.\n" }, "cvssSeverityExcludeNoFix": { "type": "boolean", "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" }, "description": { "type": "string" }, "disallowExploitTypes": { "type": "array", "items": { "type": "string" } }, "disallowMalware": { "type": "boolean", "description": "Indicates if malware should block the image.\n" }, "dockerCisEnabled": { "type": "boolean", "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, "domain": { "type": "string", "description": "Name of the container image.\n" }, "domainName": { "type": "string" }, "dtaEnabled": { "type": "boolean" }, "dtaSeverity": { "type": "string" }, "enabled": { "type": "boolean" }, "enforce": { "type": "boolean" }, "enforceAfterDays": { "type": "integer" }, "enforceExcessivePermissions": { "type": "boolean" }, "exceptionalMonitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" } }, "failCicd": { "type": "boolean", "description": "Indicates if cicd failures will fail the image.\n" }, "forbiddenLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyForbiddenLabel:HostAssurancePolicyForbiddenLabel" } }, "forbiddenLabelsEnabled": { "type": "boolean" }, "forceMicroenforcer": { "type": "boolean" }, "functionIntegrityEnabled": { "type": "boolean" }, "ignoreBaseImageVln": { "type": "boolean" }, "ignoreRecentlyPublishedVln": { "type": "boolean" }, "ignoreRecentlyPublishedVlnPeriod": { "type": "integer" }, "ignoreRiskResourcesEnabled": { "type": "boolean", "description": "Indicates if risk resources are ignored.\n" }, "ignoredRiskResources": { "type": "array", "items": { "type": "string" }, "description": "List of ignored risk resources.\n" }, "ignoredSensitiveResources": { "type": "array", "items": { "type": "string" } }, "images": { "type": "array", "items": { "type": "string" }, "description": "List of images.\n" }, "kubeCisEnabled": { "type": "boolean", "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, "kubernetesControls": { "type": "array", "items": { "type": "string" } }, "kubernetesControlsAvdIds": { "type": "array", "items": { "type": "string" } }, "kubernetesControlsNames": { "type": "array", "items": { "type": "string" } }, "labels": { "type": "array", "items": { "type": "string" }, "description": "List of labels.\n" }, "lastupdate": { "type": "string" }, "linuxCisEnabled": { "type": "boolean" }, "malwareAction": { "type": "string" }, "maximumScore": { "type": "number", "description": "Value of allowed maximum score.\n" }, "maximumScoreEnabled": { "type": "boolean", "description": "Indicates if exceeding the maximum score is scanned.\n" }, "maximumScoreExcludeNoFix": { "type": "boolean", "description": "Indicates that policy should ignore cases that do not have a known fix.\n" }, "monitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "name": { "type": "string" }, "onlyNoneRootUsers": { "type": "boolean", "description": "Indicates if raise a warning for images that should only be run as root.\n" }, "openshiftHardeningEnabled": { "type": "boolean" }, "packagesBlackListEnabled": { "type": "boolean", "description": "Indicates if packages blacklist is relevant.\n" }, "packagesBlackLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyPackagesBlackList:HostAssurancePolicyPackagesBlackList" }, "description": "List of blacklisted images.\n" }, "packagesWhiteListEnabled": { "type": "boolean", "description": "Indicates if packages whitelist is relevant.\n" }, "packagesWhiteLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyPackagesWhiteList:HostAssurancePolicyPackagesWhiteList" }, "description": "List of whitelisted images.\n" }, "partialResultsImageFail": { "type": "boolean" }, "permission": { "type": "string" }, "policySettings": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyPolicySettings:HostAssurancePolicyPolicySettings" }, "readOnly": { "type": "boolean" }, "registries": { "type": "array", "items": { "type": "string" }, "description": "List of registries.\n" }, "registry": { "type": "string" }, "requiredLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyRequiredLabel:HostAssurancePolicyRequiredLabel" } }, "requiredLabelsEnabled": { "type": "boolean" }, "scanMalwareInArchives": { "type": "boolean" }, "scanNfsMounts": { "type": "boolean" }, "scanProcessMemory": { "type": "boolean" }, "scanSensitiveData": { "type": "boolean", "description": "Indicates if scan should include sensitive data in the image.\n" }, "scanWindowsRegistry": { "type": "boolean" }, "scapEnabled": { "type": "boolean", "description": "Indicates if scanning should include scap.\n" }, "scapFiles": { "type": "array", "items": { "type": "string" }, "description": "List of SCAP user scripts for checks.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyScope:HostAssurancePolicyScope" } }, "trustedBaseImages": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyTrustedBaseImage:HostAssurancePolicyTrustedBaseImage" }, "description": "List of trusted images.\n" }, "trustedBaseImagesEnabled": { "type": "boolean", "description": "Indicates if list of trusted base images is relevant.\n" }, "vulnerabilityExploitability": { "type": "boolean" }, "vulnerabilityScoreRanges": { "type": "array", "items": { "type": "integer" } }, "whitelistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of whitelisted licenses.\n" }, "whitelistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" }, "windowsCisEnabled": { "type": "boolean", "description": "Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).\n" } }, "type": "object", "required": [ "applicationScopes", "assuranceType", "author", "autoScanTimes", "customSeverity", "ignoreRecentlyPublishedVlnPeriod", "lastupdate", "name", "permission", "policySettings", "scopes", "vulnerabilityScoreRanges" ], "inputProperties": { "aggregatedVulnerability": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Aggregated vulnerability information.\n" }, "allowedImages": { "type": "array", "items": { "type": "string" }, "description": "List of explicitly allowed images.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" } }, "assuranceType": { "type": "string", "description": "What type of assurance policy is described.\n" }, "auditOnFailure": { "type": "boolean", "description": "Indicates if auditing for failures.\n" }, "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "autoScanConfigured": { "type": "boolean" }, "autoScanEnabled": { "type": "boolean" }, "autoScanTimes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyAutoScanTime:HostAssurancePolicyAutoScanTime" } }, "blacklistPermissions": { "type": "array", "items": { "type": "string" }, "description": "List of function's forbidden permissions.\n" }, "blacklistPermissionsEnabled": { "type": "boolean", "description": "Indicates if blacklist permissions is relevant.\n" }, "blacklistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of blacklisted licenses.\n" }, "blacklistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" }, "blockFailed": { "type": "boolean", "description": "Indicates if failed images are blocked.\n" }, "controlExcludeNoFix": { "type": "boolean" }, "customChecks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyCustomCheck:HostAssurancePolicyCustomCheck" }, "description": "List of Custom user scripts for checks.\n" }, "customChecksEnabled": { "type": "boolean", "description": "Indicates if scanning should include custom checks.\n" }, "customSeverity": { "type": "string" }, "customSeverityEnabled": { "type": "boolean" }, "cvesBlackListEnabled": { "type": "boolean", "description": "Indicates if CVEs blacklist is relevant.\n" }, "cvesBlackLists": { "type": "array", "items": { "type": "string" }, "description": "List of CVEs blacklisted items.\n" }, "cvesWhiteListEnabled": { "type": "boolean", "description": "Indicates if CVEs whitelist is relevant.\n" }, "cvesWhiteLists": { "type": "array", "items": { "type": "string" }, "description": "List of cves whitelisted licenses\n" }, "cvssSeverity": { "type": "string", "description": "Identifier of the cvss severity.\n" }, "cvssSeverityEnabled": { "type": "boolean", "description": "Indicates if the cvss severity is scanned.\n" }, "cvssSeverityExcludeNoFix": { "type": "boolean", "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" }, "description": { "type": "string" }, "disallowExploitTypes": { "type": "array", "items": { "type": "string" } }, "disallowMalware": { "type": "boolean", "description": "Indicates if malware should block the image.\n" }, "dockerCisEnabled": { "type": "boolean", "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, "domain": { "type": "string", "description": "Name of the container image.\n" }, "domainName": { "type": "string" }, "dtaEnabled": { "type": "boolean" }, "dtaSeverity": { "type": "string" }, "enabled": { "type": "boolean" }, "enforce": { "type": "boolean" }, "enforceAfterDays": { "type": "integer" }, "enforceExcessivePermissions": { "type": "boolean" }, "exceptionalMonitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" } }, "failCicd": { "type": "boolean", "description": "Indicates if cicd failures will fail the image.\n" }, "forbiddenLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyForbiddenLabel:HostAssurancePolicyForbiddenLabel" } }, "forbiddenLabelsEnabled": { "type": "boolean" }, "forceMicroenforcer": { "type": "boolean" }, "functionIntegrityEnabled": { "type": "boolean" }, "ignoreBaseImageVln": { "type": "boolean" }, "ignoreRecentlyPublishedVln": { "type": "boolean" }, "ignoreRecentlyPublishedVlnPeriod": { "type": "integer" }, "ignoreRiskResourcesEnabled": { "type": "boolean", "description": "Indicates if risk resources are ignored.\n" }, "ignoredRiskResources": { "type": "array", "items": { "type": "string" }, "description": "List of ignored risk resources.\n" }, "ignoredSensitiveResources": { "type": "array", "items": { "type": "string" } }, "images": { "type": "array", "items": { "type": "string" }, "description": "List of images.\n" }, "kubeCisEnabled": { "type": "boolean", "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, "kubernetesControls": { "type": "array", "items": { "type": "string" } }, "kubernetesControlsAvdIds": { "type": "array", "items": { "type": "string" } }, "kubernetesControlsNames": { "type": "array", "items": { "type": "string" } }, "labels": { "type": "array", "items": { "type": "string" }, "description": "List of labels.\n" }, "lastupdate": { "type": "string" }, "linuxCisEnabled": { "type": "boolean" }, "malwareAction": { "type": "string" }, "maximumScore": { "type": "number", "description": "Value of allowed maximum score.\n" }, "maximumScoreEnabled": { "type": "boolean", "description": "Indicates if exceeding the maximum score is scanned.\n" }, "maximumScoreExcludeNoFix": { "type": "boolean", "description": "Indicates that policy should ignore cases that do not have a known fix.\n" }, "monitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "name": { "type": "string", "willReplaceOnChanges": true }, "onlyNoneRootUsers": { "type": "boolean", "description": "Indicates if raise a warning for images that should only be run as root.\n" }, "openshiftHardeningEnabled": { "type": "boolean" }, "packagesBlackListEnabled": { "type": "boolean", "description": "Indicates if packages blacklist is relevant.\n" }, "packagesBlackLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyPackagesBlackList:HostAssurancePolicyPackagesBlackList" }, "description": "List of blacklisted images.\n" }, "packagesWhiteListEnabled": { "type": "boolean", "description": "Indicates if packages whitelist is relevant.\n" }, "packagesWhiteLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyPackagesWhiteList:HostAssurancePolicyPackagesWhiteList" }, "description": "List of whitelisted images.\n" }, "partialResultsImageFail": { "type": "boolean" }, "permission": { "type": "string" }, "policySettings": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyPolicySettings:HostAssurancePolicyPolicySettings" }, "readOnly": { "type": "boolean" }, "registries": { "type": "array", "items": { "type": "string" }, "description": "List of registries.\n" }, "registry": { "type": "string" }, "requiredLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyRequiredLabel:HostAssurancePolicyRequiredLabel" } }, "requiredLabelsEnabled": { "type": "boolean" }, "scanMalwareInArchives": { "type": "boolean" }, "scanNfsMounts": { "type": "boolean" }, "scanProcessMemory": { "type": "boolean" }, "scanSensitiveData": { "type": "boolean", "description": "Indicates if scan should include sensitive data in the image.\n" }, "scanWindowsRegistry": { "type": "boolean" }, "scapEnabled": { "type": "boolean", "description": "Indicates if scanning should include scap.\n" }, "scapFiles": { "type": "array", "items": { "type": "string" }, "description": "List of SCAP user scripts for checks.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyScope:HostAssurancePolicyScope" } }, "trustedBaseImages": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyTrustedBaseImage:HostAssurancePolicyTrustedBaseImage" }, "description": "List of trusted images.\n" }, "trustedBaseImagesEnabled": { "type": "boolean", "description": "Indicates if list of trusted base images is relevant.\n" }, "vulnerabilityExploitability": { "type": "boolean" }, "vulnerabilityScoreRanges": { "type": "array", "items": { "type": "integer" } }, "whitelistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of whitelisted licenses.\n" }, "whitelistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" }, "windowsCisEnabled": { "type": "boolean", "description": "Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).\n" } }, "requiredInputs": [ "applicationScopes" ], "stateInputs": { "description": "Input properties used for looking up and filtering HostAssurancePolicy resources.\n", "properties": { "aggregatedVulnerability": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Aggregated vulnerability information.\n" }, "allowedImages": { "type": "array", "items": { "type": "string" }, "description": "List of explicitly allowed images.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" } }, "assuranceType": { "type": "string", "description": "What type of assurance policy is described.\n" }, "auditOnFailure": { "type": "boolean", "description": "Indicates if auditing for failures.\n" }, "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "autoScanConfigured": { "type": "boolean" }, "autoScanEnabled": { "type": "boolean" }, "autoScanTimes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyAutoScanTime:HostAssurancePolicyAutoScanTime" } }, "blacklistPermissions": { "type": "array", "items": { "type": "string" }, "description": "List of function's forbidden permissions.\n" }, "blacklistPermissionsEnabled": { "type": "boolean", "description": "Indicates if blacklist permissions is relevant.\n" }, "blacklistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of blacklisted licenses.\n" }, "blacklistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" }, "blockFailed": { "type": "boolean", "description": "Indicates if failed images are blocked.\n" }, "controlExcludeNoFix": { "type": "boolean" }, "customChecks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyCustomCheck:HostAssurancePolicyCustomCheck" }, "description": "List of Custom user scripts for checks.\n" }, "customChecksEnabled": { "type": "boolean", "description": "Indicates if scanning should include custom checks.\n" }, "customSeverity": { "type": "string" }, "customSeverityEnabled": { "type": "boolean" }, "cvesBlackListEnabled": { "type": "boolean", "description": "Indicates if CVEs blacklist is relevant.\n" }, "cvesBlackLists": { "type": "array", "items": { "type": "string" }, "description": "List of CVEs blacklisted items.\n" }, "cvesWhiteListEnabled": { "type": "boolean", "description": "Indicates if CVEs whitelist is relevant.\n" }, "cvesWhiteLists": { "type": "array", "items": { "type": "string" }, "description": "List of cves whitelisted licenses\n" }, "cvssSeverity": { "type": "string", "description": "Identifier of the cvss severity.\n" }, "cvssSeverityEnabled": { "type": "boolean", "description": "Indicates if the cvss severity is scanned.\n" }, "cvssSeverityExcludeNoFix": { "type": "boolean", "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" }, "description": { "type": "string" }, "disallowExploitTypes": { "type": "array", "items": { "type": "string" } }, "disallowMalware": { "type": "boolean", "description": "Indicates if malware should block the image.\n" }, "dockerCisEnabled": { "type": "boolean", "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, "domain": { "type": "string", "description": "Name of the container image.\n" }, "domainName": { "type": "string" }, "dtaEnabled": { "type": "boolean" }, "dtaSeverity": { "type": "string" }, "enabled": { "type": "boolean" }, "enforce": { "type": "boolean" }, "enforceAfterDays": { "type": "integer" }, "enforceExcessivePermissions": { "type": "boolean" }, "exceptionalMonitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" } }, "failCicd": { "type": "boolean", "description": "Indicates if cicd failures will fail the image.\n" }, "forbiddenLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyForbiddenLabel:HostAssurancePolicyForbiddenLabel" } }, "forbiddenLabelsEnabled": { "type": "boolean" }, "forceMicroenforcer": { "type": "boolean" }, "functionIntegrityEnabled": { "type": "boolean" }, "ignoreBaseImageVln": { "type": "boolean" }, "ignoreRecentlyPublishedVln": { "type": "boolean" }, "ignoreRecentlyPublishedVlnPeriod": { "type": "integer" }, "ignoreRiskResourcesEnabled": { "type": "boolean", "description": "Indicates if risk resources are ignored.\n" }, "ignoredRiskResources": { "type": "array", "items": { "type": "string" }, "description": "List of ignored risk resources.\n" }, "ignoredSensitiveResources": { "type": "array", "items": { "type": "string" } }, "images": { "type": "array", "items": { "type": "string" }, "description": "List of images.\n" }, "kubeCisEnabled": { "type": "boolean", "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, "kubernetesControls": { "type": "array", "items": { "type": "string" } }, "kubernetesControlsAvdIds": { "type": "array", "items": { "type": "string" } }, "kubernetesControlsNames": { "type": "array", "items": { "type": "string" } }, "labels": { "type": "array", "items": { "type": "string" }, "description": "List of labels.\n" }, "lastupdate": { "type": "string" }, "linuxCisEnabled": { "type": "boolean" }, "malwareAction": { "type": "string" }, "maximumScore": { "type": "number", "description": "Value of allowed maximum score.\n" }, "maximumScoreEnabled": { "type": "boolean", "description": "Indicates if exceeding the maximum score is scanned.\n" }, "maximumScoreExcludeNoFix": { "type": "boolean", "description": "Indicates that policy should ignore cases that do not have a known fix.\n" }, "monitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "name": { "type": "string", "willReplaceOnChanges": true }, "onlyNoneRootUsers": { "type": "boolean", "description": "Indicates if raise a warning for images that should only be run as root.\n" }, "openshiftHardeningEnabled": { "type": "boolean" }, "packagesBlackListEnabled": { "type": "boolean", "description": "Indicates if packages blacklist is relevant.\n" }, "packagesBlackLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyPackagesBlackList:HostAssurancePolicyPackagesBlackList" }, "description": "List of blacklisted images.\n" }, "packagesWhiteListEnabled": { "type": "boolean", "description": "Indicates if packages whitelist is relevant.\n" }, "packagesWhiteLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyPackagesWhiteList:HostAssurancePolicyPackagesWhiteList" }, "description": "List of whitelisted images.\n" }, "partialResultsImageFail": { "type": "boolean" }, "permission": { "type": "string" }, "policySettings": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyPolicySettings:HostAssurancePolicyPolicySettings" }, "readOnly": { "type": "boolean" }, "registries": { "type": "array", "items": { "type": "string" }, "description": "List of registries.\n" }, "registry": { "type": "string" }, "requiredLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyRequiredLabel:HostAssurancePolicyRequiredLabel" } }, "requiredLabelsEnabled": { "type": "boolean" }, "scanMalwareInArchives": { "type": "boolean" }, "scanNfsMounts": { "type": "boolean" }, "scanProcessMemory": { "type": "boolean" }, "scanSensitiveData": { "type": "boolean", "description": "Indicates if scan should include sensitive data in the image.\n" }, "scanWindowsRegistry": { "type": "boolean" }, "scapEnabled": { "type": "boolean", "description": "Indicates if scanning should include scap.\n" }, "scapFiles": { "type": "array", "items": { "type": "string" }, "description": "List of SCAP user scripts for checks.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyScope:HostAssurancePolicyScope" } }, "trustedBaseImages": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostAssurancePolicyTrustedBaseImage:HostAssurancePolicyTrustedBaseImage" }, "description": "List of trusted images.\n" }, "trustedBaseImagesEnabled": { "type": "boolean", "description": "Indicates if list of trusted base images is relevant.\n" }, "vulnerabilityExploitability": { "type": "boolean" }, "vulnerabilityScoreRanges": { "type": "array", "items": { "type": "integer" } }, "whitelistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of whitelisted licenses.\n" }, "whitelistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" }, "windowsCisEnabled": { "type": "boolean", "description": "Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).\n" } }, "type": "object" } }, "aquasec:index/hostRuntimePolicy:HostRuntimePolicy": { "description": "## Example Usage\n\n\n```yaml\nresources:\n hostRuntimePolicy:\n type: aquasec:HostRuntimePolicy\n properties:\n applicationScopes:\n - Global\n auditAllOsUserActivity: true\n auditBruteForceLogin: true\n auditFullCommandArguments: true\n auditHostFailedLoginEvents: true\n auditHostSuccessfulLoginEvents: true\n auditUserAccountManagement: true\n blockCryptocurrencyMining: true\n blockedFiles:\n - blocked\n description: host_runtime_policy\n enabled: true\n enforce: false\n fileIntegrityMonitoring:\n excludedPaths:\n - expaths\n excludedProcesses:\n - exprocess\n excludedUsers:\n - expuser\n monitorAttributes: true\n monitorCreate: true\n monitorDelete: true\n monitorModify: true\n monitorRead: true\n monitoredPaths:\n - paths\n monitoredProcesses:\n - process\n monitoredUsers:\n - user\n monitorSystemLogIntegrity: true\n monitorSystemTimeChanges: true\n monitorWindowsServices: true\n osGroupsAlloweds:\n - group1\n osGroupsBlockeds:\n - group2\n osUsersAlloweds:\n - user1\n osUsersBlockeds:\n - user2\n packageBlocks:\n - package1\n scopeVariables:\n - attribute: kubernetes.cluster\n value: default\n - attribute: kubernetes.label\n name: app\n value: aqua\n```\n\n", "properties": { "allowedExecutables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyAllowedExecutable:HostRuntimePolicyAllowedExecutable" }, "description": "Allowed executables configuration.\n" }, "allowedRegistries": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyAllowedRegistry:HostRuntimePolicyAllowedRegistry" }, "description": "Allowed registries configuration.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" }, "description": "Indicates the application scope of the service.\n" }, "auditBruteForceLogin": { "type": "boolean", "description": "Detects brute force login attempts\n" }, "auditFullCommandArguments": { "type": "boolean", "description": "If true, full command arguments will be audited.\n" }, "auditHostFailedLoginEvents": { "type": "boolean", "description": "If true, host failed logins will be audited.\n" }, "auditHostSuccessfulLoginEvents": { "type": "boolean", "description": "If true, host successful logins will be audited.\n" }, "auditUserAccountManagement": { "type": "boolean", "description": "If true, account management will be audited.\n" }, "auditing": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyAuditing:HostRuntimePolicyAuditing" }, "author": { "type": "string", "description": "Username of the account that created the service.\n" }, "blacklistedOsUsers": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyBlacklistedOsUsers:HostRuntimePolicyBlacklistedOsUsers" }, "blockContainerExec": { "type": "boolean" }, "blockCryptocurrencyMining": { "type": "boolean", "description": "Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining\n" }, "blockDisallowedImages": { "type": "boolean" }, "blockFilelessExec": { "type": "boolean" }, "blockNonCompliantWorkloads": { "type": "boolean" }, "blockNonK8sContainers": { "type": "boolean" }, "blockedFiles": { "type": "array", "items": { "type": "string" }, "description": "List of files that are prevented from being read, modified and executed in the containers.\n" }, "bypassScopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyBypassScope:HostRuntimePolicyBypassScope" }, "description": "Bypass scope configuration.\n" }, "containerExec": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyContainerExec:HostRuntimePolicyContainerExec" }, "created": { "type": "string" }, "cve": { "type": "string" }, "defaultSecurityProfile": { "type": "string" }, "description": { "type": "string", "description": "The description of the host runtime policy\n" }, "digest": { "type": "string" }, "driftPreventions": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyDriftPrevention:HostRuntimePolicyDriftPrevention" }, "description": "Drift prevention configuration.\n" }, "enableCryptoMiningDns": { "type": "boolean" }, "enableForkGuard": { "type": "boolean" }, "enableIpReputation": { "type": "boolean" }, "enablePortScanProtection": { "type": "boolean" }, "enabled": { "type": "boolean", "description": "Indicates if the runtime policy is enabled or not.\n" }, "enforce": { "type": "boolean", "description": "Indicates that policy should effect container execution (not just for audit).\n" }, "enforceAfterDays": { "type": "integer", "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" }, "enforceSchedulerAddedOn": { "type": "integer" }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" }, "description": "List of excluded application scopes.\n" }, "executableBlacklists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyExecutableBlacklist:HostRuntimePolicyExecutableBlacklist" }, "description": "Executable blacklist configuration.\n" }, "failedKubernetesChecks": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyFailedKubernetesChecks:HostRuntimePolicyFailedKubernetesChecks" }, "fileBlock": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyFileBlock:HostRuntimePolicyFileBlock" }, "fileIntegrityMonitoring": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyFileIntegrityMonitoring:HostRuntimePolicyFileIntegrityMonitoring", "description": "Configuration for file integrity monitoring.\n" }, "forkGuardProcessLimit": { "type": "integer" }, "imageName": { "type": "string" }, "isAuditChecked": { "type": "boolean" }, "isAutoGenerated": { "type": "boolean" }, "isOotbPolicy": { "type": "boolean" }, "lastupdate": { "type": "integer" }, "limitContainerPrivileges": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyLimitContainerPrivilege:HostRuntimePolicyLimitContainerPrivilege" }, "description": "Container privileges configuration.\n" }, "linuxCapabilities": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyLinuxCapabilities:HostRuntimePolicyLinuxCapabilities" }, "malwareScanOptions": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyMalwareScanOptions:HostRuntimePolicyMalwareScanOptions", "description": "Configuration for Real-Time Malware Protection.\n" }, "monitorSystemLogIntegrity": { "type": "boolean", "description": "If true, system log will be monitored.\n" }, "monitorSystemTimeChanges": { "type": "boolean", "description": "If true, system time changes will be monitored.\n" }, "monitorWindowsServices": { "type": "boolean", "description": "If true, windows service operations will be monitored.\n" }, "name": { "type": "string", "description": "Name of the host runtime policy\n" }, "noNewPrivileges": { "type": "boolean" }, "onlyRegisteredImages": { "type": "boolean" }, "osGroupsAlloweds": { "type": "array", "items": { "type": "string" }, "description": "List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.\n" }, "osGroupsBlockeds": { "type": "array", "items": { "type": "string" }, "description": "List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.\n" }, "osUsersAlloweds": { "type": "array", "items": { "type": "string" }, "description": "List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.\n" }, "osUsersBlockeds": { "type": "array", "items": { "type": "string" }, "description": "List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.\n" }, "packageBlocks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyPackageBlock:HostRuntimePolicyPackageBlock" } }, "permission": { "type": "string" }, "portBlock": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyPortBlock:HostRuntimePolicyPortBlock" }, "readonlyFiles": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyReadonlyFiles:HostRuntimePolicyReadonlyFiles" }, "readonlyRegistry": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyReadonlyRegistry:HostRuntimePolicyReadonlyRegistry" }, "registry": { "type": "string" }, "registryAccessMonitoring": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyRegistryAccessMonitoring:HostRuntimePolicyRegistryAccessMonitoring" }, "repoName": { "type": "string" }, "resourceName": { "type": "string" }, "resourceType": { "type": "string" }, "restrictedVolumes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyRestrictedVolume:HostRuntimePolicyRestrictedVolume" }, "description": "Restricted volumes configuration.\n" }, "reverseShell": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyReverseShell:HostRuntimePolicyReverseShell" }, "runtimeMode": { "type": "integer" }, "runtimeType": { "type": "string" }, "scopeExpression": { "type": "string", "description": "Logical expression of how to compute the dependency of the scope variables.\n" }, "scopeVariables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyScopeVariable:HostRuntimePolicyScopeVariable" }, "description": "List of scope attributes.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyScope:HostRuntimePolicyScope" }, "description": "Scope configuration.\n" }, "systemIntegrityProtection": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicySystemIntegrityProtection:HostRuntimePolicySystemIntegrityProtection" }, "tripwire": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyTripwire:HostRuntimePolicyTripwire" }, "type": { "type": "string" }, "updated": { "type": "string" }, "version": { "type": "string" }, "vpatchVersion": { "type": "string" }, "whitelistedOsUsers": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyWhitelistedOsUsers:HostRuntimePolicyWhitelistedOsUsers" } }, "type": "object", "required": [ "allowedExecutables", "allowedRegistries", "applicationScopes", "auditing", "author", "blacklistedOsUsers", "containerExec", "created", "driftPreventions", "enforceSchedulerAddedOn", "executableBlacklists", "failedKubernetesChecks", "fileBlock", "fileIntegrityMonitoring", "lastupdate", "limitContainerPrivileges", "linuxCapabilities", "malwareScanOptions", "name", "packageBlocks", "portBlock", "readonlyFiles", "readonlyRegistry", "registryAccessMonitoring", "restrictedVolumes", "reverseShell", "runtimeType", "scopeExpression", "scopeVariables", "systemIntegrityProtection", "tripwire", "type", "updated", "whitelistedOsUsers" ], "inputProperties": { "allowedExecutables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyAllowedExecutable:HostRuntimePolicyAllowedExecutable" }, "description": "Allowed executables configuration.\n" }, "allowedRegistries": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyAllowedRegistry:HostRuntimePolicyAllowedRegistry" }, "description": "Allowed registries configuration.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" }, "description": "Indicates the application scope of the service.\n" }, "auditBruteForceLogin": { "type": "boolean", "description": "Detects brute force login attempts\n" }, "auditFullCommandArguments": { "type": "boolean", "description": "If true, full command arguments will be audited.\n" }, "auditHostFailedLoginEvents": { "type": "boolean", "description": "If true, host failed logins will be audited.\n" }, "auditHostSuccessfulLoginEvents": { "type": "boolean", "description": "If true, host successful logins will be audited.\n" }, "auditUserAccountManagement": { "type": "boolean", "description": "If true, account management will be audited.\n" }, "auditing": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyAuditing:HostRuntimePolicyAuditing" }, "author": { "type": "string", "description": "Username of the account that created the service.\n" }, "blacklistedOsUsers": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyBlacklistedOsUsers:HostRuntimePolicyBlacklistedOsUsers" }, "blockContainerExec": { "type": "boolean" }, "blockCryptocurrencyMining": { "type": "boolean", "description": "Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining\n" }, "blockDisallowedImages": { "type": "boolean" }, "blockFilelessExec": { "type": "boolean" }, "blockNonCompliantWorkloads": { "type": "boolean" }, "blockNonK8sContainers": { "type": "boolean" }, "blockedFiles": { "type": "array", "items": { "type": "string" }, "description": "List of files that are prevented from being read, modified and executed in the containers.\n" }, "bypassScopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyBypassScope:HostRuntimePolicyBypassScope" }, "description": "Bypass scope configuration.\n" }, "containerExec": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyContainerExec:HostRuntimePolicyContainerExec" }, "created": { "type": "string" }, "cve": { "type": "string" }, "defaultSecurityProfile": { "type": "string" }, "description": { "type": "string", "description": "The description of the host runtime policy\n" }, "digest": { "type": "string" }, "driftPreventions": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyDriftPrevention:HostRuntimePolicyDriftPrevention" }, "description": "Drift prevention configuration.\n" }, "enableCryptoMiningDns": { "type": "boolean" }, "enableForkGuard": { "type": "boolean" }, "enableIpReputation": { "type": "boolean" }, "enablePortScanProtection": { "type": "boolean" }, "enabled": { "type": "boolean", "description": "Indicates if the runtime policy is enabled or not.\n" }, "enforce": { "type": "boolean", "description": "Indicates that policy should effect container execution (not just for audit).\n" }, "enforceAfterDays": { "type": "integer", "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" }, "enforceSchedulerAddedOn": { "type": "integer" }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" }, "description": "List of excluded application scopes.\n" }, "executableBlacklists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyExecutableBlacklist:HostRuntimePolicyExecutableBlacklist" }, "description": "Executable blacklist configuration.\n" }, "failedKubernetesChecks": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyFailedKubernetesChecks:HostRuntimePolicyFailedKubernetesChecks" }, "fileBlock": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyFileBlock:HostRuntimePolicyFileBlock" }, "fileIntegrityMonitoring": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyFileIntegrityMonitoring:HostRuntimePolicyFileIntegrityMonitoring", "description": "Configuration for file integrity monitoring.\n" }, "forkGuardProcessLimit": { "type": "integer" }, "imageName": { "type": "string" }, "isAuditChecked": { "type": "boolean" }, "isAutoGenerated": { "type": "boolean" }, "isOotbPolicy": { "type": "boolean" }, "lastupdate": { "type": "integer" }, "limitContainerPrivileges": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyLimitContainerPrivilege:HostRuntimePolicyLimitContainerPrivilege" }, "description": "Container privileges configuration.\n" }, "linuxCapabilities": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyLinuxCapabilities:HostRuntimePolicyLinuxCapabilities" }, "malwareScanOptions": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyMalwareScanOptions:HostRuntimePolicyMalwareScanOptions", "description": "Configuration for Real-Time Malware Protection.\n" }, "monitorSystemLogIntegrity": { "type": "boolean", "description": "If true, system log will be monitored.\n" }, "monitorSystemTimeChanges": { "type": "boolean", "description": "If true, system time changes will be monitored.\n" }, "monitorWindowsServices": { "type": "boolean", "description": "If true, windows service operations will be monitored.\n" }, "name": { "type": "string", "description": "Name of the host runtime policy\n", "willReplaceOnChanges": true }, "noNewPrivileges": { "type": "boolean" }, "onlyRegisteredImages": { "type": "boolean" }, "osGroupsAlloweds": { "type": "array", "items": { "type": "string" }, "description": "List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.\n" }, "osGroupsBlockeds": { "type": "array", "items": { "type": "string" }, "description": "List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.\n" }, "osUsersAlloweds": { "type": "array", "items": { "type": "string" }, "description": "List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.\n" }, "osUsersBlockeds": { "type": "array", "items": { "type": "string" }, "description": "List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.\n" }, "packageBlocks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyPackageBlock:HostRuntimePolicyPackageBlock" } }, "permission": { "type": "string" }, "portBlock": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyPortBlock:HostRuntimePolicyPortBlock" }, "readonlyFiles": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyReadonlyFiles:HostRuntimePolicyReadonlyFiles" }, "readonlyRegistry": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyReadonlyRegistry:HostRuntimePolicyReadonlyRegistry" }, "registry": { "type": "string" }, "registryAccessMonitoring": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyRegistryAccessMonitoring:HostRuntimePolicyRegistryAccessMonitoring" }, "repoName": { "type": "string" }, "resourceName": { "type": "string" }, "resourceType": { "type": "string" }, "restrictedVolumes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyRestrictedVolume:HostRuntimePolicyRestrictedVolume" }, "description": "Restricted volumes configuration.\n" }, "reverseShell": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyReverseShell:HostRuntimePolicyReverseShell" }, "runtimeMode": { "type": "integer" }, "runtimeType": { "type": "string" }, "scopeExpression": { "type": "string", "description": "Logical expression of how to compute the dependency of the scope variables.\n" }, "scopeVariables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyScopeVariable:HostRuntimePolicyScopeVariable" }, "description": "List of scope attributes.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyScope:HostRuntimePolicyScope" }, "description": "Scope configuration.\n" }, "systemIntegrityProtection": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicySystemIntegrityProtection:HostRuntimePolicySystemIntegrityProtection" }, "tripwire": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyTripwire:HostRuntimePolicyTripwire" }, "type": { "type": "string" }, "updated": { "type": "string" }, "version": { "type": "string" }, "vpatchVersion": { "type": "string" }, "whitelistedOsUsers": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyWhitelistedOsUsers:HostRuntimePolicyWhitelistedOsUsers" } }, "stateInputs": { "description": "Input properties used for looking up and filtering HostRuntimePolicy resources.\n", "properties": { "allowedExecutables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyAllowedExecutable:HostRuntimePolicyAllowedExecutable" }, "description": "Allowed executables configuration.\n" }, "allowedRegistries": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyAllowedRegistry:HostRuntimePolicyAllowedRegistry" }, "description": "Allowed registries configuration.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" }, "description": "Indicates the application scope of the service.\n" }, "auditBruteForceLogin": { "type": "boolean", "description": "Detects brute force login attempts\n" }, "auditFullCommandArguments": { "type": "boolean", "description": "If true, full command arguments will be audited.\n" }, "auditHostFailedLoginEvents": { "type": "boolean", "description": "If true, host failed logins will be audited.\n" }, "auditHostSuccessfulLoginEvents": { "type": "boolean", "description": "If true, host successful logins will be audited.\n" }, "auditUserAccountManagement": { "type": "boolean", "description": "If true, account management will be audited.\n" }, "auditing": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyAuditing:HostRuntimePolicyAuditing" }, "author": { "type": "string", "description": "Username of the account that created the service.\n" }, "blacklistedOsUsers": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyBlacklistedOsUsers:HostRuntimePolicyBlacklistedOsUsers" }, "blockContainerExec": { "type": "boolean" }, "blockCryptocurrencyMining": { "type": "boolean", "description": "Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining\n" }, "blockDisallowedImages": { "type": "boolean" }, "blockFilelessExec": { "type": "boolean" }, "blockNonCompliantWorkloads": { "type": "boolean" }, "blockNonK8sContainers": { "type": "boolean" }, "blockedFiles": { "type": "array", "items": { "type": "string" }, "description": "List of files that are prevented from being read, modified and executed in the containers.\n" }, "bypassScopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyBypassScope:HostRuntimePolicyBypassScope" }, "description": "Bypass scope configuration.\n" }, "containerExec": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyContainerExec:HostRuntimePolicyContainerExec" }, "created": { "type": "string" }, "cve": { "type": "string" }, "defaultSecurityProfile": { "type": "string" }, "description": { "type": "string", "description": "The description of the host runtime policy\n" }, "digest": { "type": "string" }, "driftPreventions": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyDriftPrevention:HostRuntimePolicyDriftPrevention" }, "description": "Drift prevention configuration.\n" }, "enableCryptoMiningDns": { "type": "boolean" }, "enableForkGuard": { "type": "boolean" }, "enableIpReputation": { "type": "boolean" }, "enablePortScanProtection": { "type": "boolean" }, "enabled": { "type": "boolean", "description": "Indicates if the runtime policy is enabled or not.\n" }, "enforce": { "type": "boolean", "description": "Indicates that policy should effect container execution (not just for audit).\n" }, "enforceAfterDays": { "type": "integer", "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" }, "enforceSchedulerAddedOn": { "type": "integer" }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" }, "description": "List of excluded application scopes.\n" }, "executableBlacklists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyExecutableBlacklist:HostRuntimePolicyExecutableBlacklist" }, "description": "Executable blacklist configuration.\n" }, "failedKubernetesChecks": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyFailedKubernetesChecks:HostRuntimePolicyFailedKubernetesChecks" }, "fileBlock": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyFileBlock:HostRuntimePolicyFileBlock" }, "fileIntegrityMonitoring": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyFileIntegrityMonitoring:HostRuntimePolicyFileIntegrityMonitoring", "description": "Configuration for file integrity monitoring.\n" }, "forkGuardProcessLimit": { "type": "integer" }, "imageName": { "type": "string" }, "isAuditChecked": { "type": "boolean" }, "isAutoGenerated": { "type": "boolean" }, "isOotbPolicy": { "type": "boolean" }, "lastupdate": { "type": "integer" }, "limitContainerPrivileges": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyLimitContainerPrivilege:HostRuntimePolicyLimitContainerPrivilege" }, "description": "Container privileges configuration.\n" }, "linuxCapabilities": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyLinuxCapabilities:HostRuntimePolicyLinuxCapabilities" }, "malwareScanOptions": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyMalwareScanOptions:HostRuntimePolicyMalwareScanOptions", "description": "Configuration for Real-Time Malware Protection.\n" }, "monitorSystemLogIntegrity": { "type": "boolean", "description": "If true, system log will be monitored.\n" }, "monitorSystemTimeChanges": { "type": "boolean", "description": "If true, system time changes will be monitored.\n" }, "monitorWindowsServices": { "type": "boolean", "description": "If true, windows service operations will be monitored.\n" }, "name": { "type": "string", "description": "Name of the host runtime policy\n", "willReplaceOnChanges": true }, "noNewPrivileges": { "type": "boolean" }, "onlyRegisteredImages": { "type": "boolean" }, "osGroupsAlloweds": { "type": "array", "items": { "type": "string" }, "description": "List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.\n" }, "osGroupsBlockeds": { "type": "array", "items": { "type": "string" }, "description": "List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.\n" }, "osUsersAlloweds": { "type": "array", "items": { "type": "string" }, "description": "List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.\n" }, "osUsersBlockeds": { "type": "array", "items": { "type": "string" }, "description": "List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.\n" }, "packageBlocks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyPackageBlock:HostRuntimePolicyPackageBlock" } }, "permission": { "type": "string" }, "portBlock": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyPortBlock:HostRuntimePolicyPortBlock" }, "readonlyFiles": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyReadonlyFiles:HostRuntimePolicyReadonlyFiles" }, "readonlyRegistry": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyReadonlyRegistry:HostRuntimePolicyReadonlyRegistry" }, "registry": { "type": "string" }, "registryAccessMonitoring": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyRegistryAccessMonitoring:HostRuntimePolicyRegistryAccessMonitoring" }, "repoName": { "type": "string" }, "resourceName": { "type": "string" }, "resourceType": { "type": "string" }, "restrictedVolumes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyRestrictedVolume:HostRuntimePolicyRestrictedVolume" }, "description": "Restricted volumes configuration.\n" }, "reverseShell": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyReverseShell:HostRuntimePolicyReverseShell" }, "runtimeMode": { "type": "integer" }, "runtimeType": { "type": "string" }, "scopeExpression": { "type": "string", "description": "Logical expression of how to compute the dependency of the scope variables.\n" }, "scopeVariables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyScopeVariable:HostRuntimePolicyScopeVariable" }, "description": "List of scope attributes.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyScope:HostRuntimePolicyScope" }, "description": "Scope configuration.\n" }, "systemIntegrityProtection": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicySystemIntegrityProtection:HostRuntimePolicySystemIntegrityProtection" }, "tripwire": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyTripwire:HostRuntimePolicyTripwire" }, "type": { "type": "string" }, "updated": { "type": "string" }, "version": { "type": "string" }, "vpatchVersion": { "type": "string" }, "whitelistedOsUsers": { "$ref": "#/types/aquasec:index%2FHostRuntimePolicyWhitelistedOsUsers:HostRuntimePolicyWhitelistedOsUsers" } }, "type": "object" } }, "aquasec:index/image:Image": { "properties": { "allowImage": { "type": "boolean", "description": "If this field is set to true, the image will be whitelisted.\n" }, "architecture": { "type": "string", "description": "The image architecture.\n" }, "assuranceChecksPerformeds": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssuranceChecksPerformed:ImageAssuranceChecksPerformed" }, "description": "The list of image assurance checks performed on the image.\n" }, "author": { "type": "string", "description": "The name of the user who registered the image.\n" }, "blacklisted": { "type": "boolean", "description": "Whether the image is blacklisted.\n" }, "blockImage": { "type": "boolean", "description": "If this field is set to true, the image will be blacklisted.\n" }, "comment": { "type": "string", "description": "The image creation comment.\n" }, "created": { "type": "string", "description": "The date and time when the image was registered.\n" }, "criticalVulnerabilities": { "type": "integer", "description": "Number of critical severity vulnerabilities detected in the image.\n" }, "defaultUser": { "type": "string", "description": "The default user of the image.\n" }, "digest": { "type": "string", "description": "The content digest of the image.\n" }, "disallowed": { "type": "boolean", "description": "Whether the image is disallowed (non-compliant).\n" }, "disallowedByAssuranceChecks": { "type": "boolean", "description": "Whether the image was disallowed because of Image Assurance Policies.\n" }, "dockerId": { "type": "string", "description": "The Docker image ID.\n" }, "dockerLabels": { "type": "array", "items": { "type": "string" }, "description": "Docker labels of the image.\n" }, "dockerVersion": { "type": "string", "description": "The Docker version used when building the image.\n" }, "dtaSeverityScore": { "type": "string", "description": "DTA severity score.\n" }, "dtaSkipped": { "type": "boolean", "description": "If DTA was skipped.\n" }, "dtaSkippedReason": { "type": "string", "description": "The reason why DTA was skipped.\n" }, "environmentVariables": { "type": "array", "items": { "type": "string" }, "description": "Environment variables in the image.\n" }, "highVulnerabilities": { "type": "integer", "description": "Number of high severity vulnerabilities detected in the image.\n" }, "histories": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageHistory:ImageHistory" }, "description": "The Docker history of the image.\n" }, "imageSize": { "type": "integer", "description": "The size of the image in bytes.\n" }, "imageType": { "type": "string", "description": "The type of the image.\n" }, "labels": { "type": "array", "items": { "type": "string" }, "description": "Aqua labels of the image.\n" }, "lowVulnerabilities": { "type": "integer", "description": "Number of low severity vulnerabilities detected in the image.\n" }, "malware": { "type": "integer", "description": "Number of malware found on the image.\n" }, "mediumVulnerabilities": { "type": "integer", "description": "Number of medium severity vulnerabilities detected in the image.\n" }, "name": { "type": "string", "description": "The name of the image.\n" }, "negligibleVulnerabilities": { "type": "integer", "description": "Number of negligible severity vulnerabilities detected in the image.\n" }, "newerImageExists": { "type": "boolean", "description": "Whether a new version of the image is available in the registry but is not scanned and registered yet.\n" }, "os": { "type": "string", "description": "The operating system detected in the image\n" }, "osVersion": { "type": "string", "description": "The version of the OS detected in the image.\n" }, "parent": { "type": "string", "description": "The ID of the parent image.\n" }, "partialResults": { "type": "boolean", "description": "Whether the image could only be partially scanned.\n" }, "pendingDisallowed": { "type": "boolean", "description": "Whether the image is non-compliant, but is pending this status due to running containers.\n" }, "permission": { "type": "string", "description": "Permission of the image.\n" }, "permissionAuthor": { "type": "string", "description": "The name of the user who last modified the image permissions.\n" }, "permissionComment": { "type": "string", "description": "The comment provided when the image permissions were last modified\n" }, "permissionModificationComment": { "type": "string", "description": "A comment on why the image was whitelisted or blacklisted\n" }, "registry": { "type": "string", "description": "The name of the registry where the image is stored.\n" }, "registryType": { "type": "string", "description": "Type of the registry.\n" }, "repoDigests": { "type": "array", "items": { "type": "string" }, "description": "The repository digests.\n" }, "repository": { "type": "string", "description": "The name of the image's repository.\n" }, "scanDate": { "type": "string", "description": "The date and time when the image was last scanned.\n" }, "scanError": { "type": "string", "description": "If the image scan failed, the failure message.\n" }, "scanStatus": { "type": "string", "description": "The scan status of the image (either 'pending', 'in*progress', 'finished', 'failed' or 'not*started').\n" }, "sensitiveData": { "type": "integer", "description": "Number of sensitive data detected in the image.\n" }, "tag": { "type": "string", "description": "The tag of the image.\n" }, "totalVulnerabilities": { "type": "integer", "description": "The total number of vulnerabilities detected in the image.\n" }, "virtualSize": { "type": "integer", "description": "The virtual size of the image.\n" }, "vulnerabilities": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageVulnerability:ImageVulnerability" }, "description": "A list of all the vulnerabilities found in the image\n" }, "whitelisted": { "type": "boolean", "description": "Whether the image is whitelisted.\n" } }, "type": "object", "required": [ "architecture", "assuranceChecksPerformeds", "author", "blacklisted", "comment", "created", "criticalVulnerabilities", "defaultUser", "digest", "disallowed", "disallowedByAssuranceChecks", "dockerId", "dockerLabels", "dockerVersion", "dtaSeverityScore", "dtaSkipped", "dtaSkippedReason", "environmentVariables", "highVulnerabilities", "histories", "imageSize", "imageType", "labels", "lowVulnerabilities", "malware", "mediumVulnerabilities", "name", "negligibleVulnerabilities", "newerImageExists", "os", "osVersion", "parent", "partialResults", "pendingDisallowed", "permission", "permissionAuthor", "permissionComment", "registry", "registryType", "repoDigests", "repository", "scanDate", "scanError", "scanStatus", "sensitiveData", "tag", "totalVulnerabilities", "virtualSize", "vulnerabilities", "whitelisted" ], "inputProperties": { "allowImage": { "type": "boolean", "description": "If this field is set to true, the image will be whitelisted.\n" }, "blockImage": { "type": "boolean", "description": "If this field is set to true, the image will be blacklisted.\n" }, "permissionModificationComment": { "type": "string", "description": "A comment on why the image was whitelisted or blacklisted\n" }, "registry": { "type": "string", "description": "The name of the registry where the image is stored.\n", "willReplaceOnChanges": true }, "repository": { "type": "string", "description": "The name of the image's repository.\n", "willReplaceOnChanges": true }, "tag": { "type": "string", "description": "The tag of the image.\n", "willReplaceOnChanges": true } }, "requiredInputs": [ "registry", "repository", "tag" ], "stateInputs": { "description": "Input properties used for looking up and filtering Image resources.\n", "properties": { "allowImage": { "type": "boolean", "description": "If this field is set to true, the image will be whitelisted.\n" }, "architecture": { "type": "string", "description": "The image architecture.\n" }, "assuranceChecksPerformeds": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssuranceChecksPerformed:ImageAssuranceChecksPerformed" }, "description": "The list of image assurance checks performed on the image.\n" }, "author": { "type": "string", "description": "The name of the user who registered the image.\n" }, "blacklisted": { "type": "boolean", "description": "Whether the image is blacklisted.\n" }, "blockImage": { "type": "boolean", "description": "If this field is set to true, the image will be blacklisted.\n" }, "comment": { "type": "string", "description": "The image creation comment.\n" }, "created": { "type": "string", "description": "The date and time when the image was registered.\n" }, "criticalVulnerabilities": { "type": "integer", "description": "Number of critical severity vulnerabilities detected in the image.\n" }, "defaultUser": { "type": "string", "description": "The default user of the image.\n" }, "digest": { "type": "string", "description": "The content digest of the image.\n" }, "disallowed": { "type": "boolean", "description": "Whether the image is disallowed (non-compliant).\n" }, "disallowedByAssuranceChecks": { "type": "boolean", "description": "Whether the image was disallowed because of Image Assurance Policies.\n" }, "dockerId": { "type": "string", "description": "The Docker image ID.\n" }, "dockerLabels": { "type": "array", "items": { "type": "string" }, "description": "Docker labels of the image.\n" }, "dockerVersion": { "type": "string", "description": "The Docker version used when building the image.\n" }, "dtaSeverityScore": { "type": "string", "description": "DTA severity score.\n" }, "dtaSkipped": { "type": "boolean", "description": "If DTA was skipped.\n" }, "dtaSkippedReason": { "type": "string", "description": "The reason why DTA was skipped.\n" }, "environmentVariables": { "type": "array", "items": { "type": "string" }, "description": "Environment variables in the image.\n" }, "highVulnerabilities": { "type": "integer", "description": "Number of high severity vulnerabilities detected in the image.\n" }, "histories": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageHistory:ImageHistory" }, "description": "The Docker history of the image.\n" }, "imageSize": { "type": "integer", "description": "The size of the image in bytes.\n" }, "imageType": { "type": "string", "description": "The type of the image.\n" }, "labels": { "type": "array", "items": { "type": "string" }, "description": "Aqua labels of the image.\n" }, "lowVulnerabilities": { "type": "integer", "description": "Number of low severity vulnerabilities detected in the image.\n" }, "malware": { "type": "integer", "description": "Number of malware found on the image.\n" }, "mediumVulnerabilities": { "type": "integer", "description": "Number of medium severity vulnerabilities detected in the image.\n" }, "name": { "type": "string", "description": "The name of the image.\n" }, "negligibleVulnerabilities": { "type": "integer", "description": "Number of negligible severity vulnerabilities detected in the image.\n" }, "newerImageExists": { "type": "boolean", "description": "Whether a new version of the image is available in the registry but is not scanned and registered yet.\n" }, "os": { "type": "string", "description": "The operating system detected in the image\n" }, "osVersion": { "type": "string", "description": "The version of the OS detected in the image.\n" }, "parent": { "type": "string", "description": "The ID of the parent image.\n" }, "partialResults": { "type": "boolean", "description": "Whether the image could only be partially scanned.\n" }, "pendingDisallowed": { "type": "boolean", "description": "Whether the image is non-compliant, but is pending this status due to running containers.\n" }, "permission": { "type": "string", "description": "Permission of the image.\n" }, "permissionAuthor": { "type": "string", "description": "The name of the user who last modified the image permissions.\n" }, "permissionComment": { "type": "string", "description": "The comment provided when the image permissions were last modified\n" }, "permissionModificationComment": { "type": "string", "description": "A comment on why the image was whitelisted or blacklisted\n" }, "registry": { "type": "string", "description": "The name of the registry where the image is stored.\n", "willReplaceOnChanges": true }, "registryType": { "type": "string", "description": "Type of the registry.\n" }, "repoDigests": { "type": "array", "items": { "type": "string" }, "description": "The repository digests.\n" }, "repository": { "type": "string", "description": "The name of the image's repository.\n", "willReplaceOnChanges": true }, "scanDate": { "type": "string", "description": "The date and time when the image was last scanned.\n" }, "scanError": { "type": "string", "description": "If the image scan failed, the failure message.\n" }, "scanStatus": { "type": "string", "description": "The scan status of the image (either 'pending', 'in*progress', 'finished', 'failed' or 'not*started').\n" }, "sensitiveData": { "type": "integer", "description": "Number of sensitive data detected in the image.\n" }, "tag": { "type": "string", "description": "The tag of the image.\n", "willReplaceOnChanges": true }, "totalVulnerabilities": { "type": "integer", "description": "The total number of vulnerabilities detected in the image.\n" }, "virtualSize": { "type": "integer", "description": "The virtual size of the image.\n" }, "vulnerabilities": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageVulnerability:ImageVulnerability" }, "description": "A list of all the vulnerabilities found in the image\n" }, "whitelisted": { "type": "boolean", "description": "Whether the image is whitelisted.\n" } }, "type": "object" } }, "aquasec:index/imageAssurancePolicy:ImageAssurancePolicy": { "description": "Aqua Image Assurance covers the first part of the container lifecycle: image development. The Image Assurance subsystem detects, assesses, and reports security issues in your images.\n", "properties": { "aggregatedVulnerability": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Aggregated vulnerability information.\n" }, "allowedImages": { "type": "array", "items": { "type": "string" }, "description": "List of explicitly allowed images.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" } }, "assuranceType": { "type": "string", "description": "What type of assurance policy is described.\n" }, "auditOnFailure": { "type": "boolean", "description": "Indicates if auditing for failures.\n" }, "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "autoScanConfigured": { "type": "boolean" }, "autoScanEnabled": { "type": "boolean" }, "autoScanTimes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyAutoScanTime:ImageAssurancePolicyAutoScanTime" } }, "blacklistPermissions": { "type": "array", "items": { "type": "string" }, "description": "List of function's forbidden permissions.\n" }, "blacklistPermissionsEnabled": { "type": "boolean", "description": "Indicates if blacklist permissions is relevant.\n" }, "blacklistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of blacklisted licenses.\n" }, "blacklistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" }, "blockFailed": { "type": "boolean", "description": "Indicates if failed images are blocked.\n" }, "controlExcludeNoFix": { "type": "boolean" }, "customChecks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyCustomCheck:ImageAssurancePolicyCustomCheck" }, "description": "List of Custom user scripts for checks.\n" }, "customChecksEnabled": { "type": "boolean", "description": "Indicates if scanning should include custom checks.\n" }, "customSeverity": { "type": "string" }, "customSeverityEnabled": { "type": "boolean" }, "cvesBlackListEnabled": { "type": "boolean", "description": "Indicates if CVEs blacklist is relevant.\n" }, "cvesBlackLists": { "type": "array", "items": { "type": "string" }, "description": "List of cves blacklisted items.\n" }, "cvesWhiteListEnabled": { "type": "boolean", "description": "Indicates if cves whitelist is relevant.\n" }, "cvesWhiteLists": { "type": "array", "items": { "type": "string" }, "description": "List of cves whitelisted licenses\n" }, "cvssSeverity": { "type": "string", "description": "Identifier of the cvss severity. Only applied if `cvss_severity_enabled` is set to `true`. Valid options: `critical`, `high`, `medium`, `low`.\n" }, "cvssSeverityEnabled": { "type": "boolean", "description": "Indicates if the cvss severity is scanned.\n" }, "cvssSeverityExcludeNoFix": { "type": "boolean", "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" }, "description": { "type": "string" }, "disallowExploitTypes": { "type": "array", "items": { "type": "string" } }, "disallowMalware": { "type": "boolean", "description": "Indicates if malware should block the image.\n" }, "dockerCisEnabled": { "type": "boolean", "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, "domain": { "type": "string", "description": "Name of the container image.\n" }, "domainName": { "type": "string" }, "dtaEnabled": { "type": "boolean" }, "dtaSeverity": { "type": "string" }, "enabled": { "type": "boolean" }, "enforce": { "type": "boolean" }, "enforceAfterDays": { "type": "integer" }, "enforceExcessivePermissions": { "type": "boolean" }, "exceptionalMonitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" } }, "failCicd": { "type": "boolean", "description": "Indicates if cicd failures will fail the image.\n" }, "forbiddenLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyForbiddenLabel:ImageAssurancePolicyForbiddenLabel" } }, "forbiddenLabelsEnabled": { "type": "boolean" }, "forceMicroenforcer": { "type": "boolean" }, "functionIntegrityEnabled": { "type": "boolean" }, "ignoreBaseImageVln": { "type": "boolean" }, "ignoreRecentlyPublishedVln": { "type": "boolean" }, "ignoreRecentlyPublishedVlnPeriod": { "type": "integer" }, "ignoreRiskResourcesEnabled": { "type": "boolean", "description": "Indicates if risk resources are ignored.\n" }, "ignoredRiskResources": { "type": "array", "items": { "type": "string" }, "description": "List of ignored risk resources.\n" }, "ignoredSensitiveResources": { "type": "array", "items": { "type": "string" } }, "images": { "type": "array", "items": { "type": "string" }, "description": "List of images.\n" }, "kubeCisEnabled": { "type": "boolean", "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, "kubernetesControls": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyKubernetesControls:ImageAssurancePolicyKubernetesControls", "description": "List of Kubernetes controls.\n" }, "kubernetesControlsAvdIds": { "type": "array", "items": { "type": "string" } }, "kubernetesControlsNames": { "type": "array", "items": { "type": "string" } }, "labels": { "type": "array", "items": { "type": "string" }, "description": "List of labels.\n" }, "lastupdate": { "type": "string" }, "linuxCisEnabled": { "type": "boolean" }, "malwareAction": { "type": "string" }, "maximumScore": { "type": "number", "description": "Value of allowed maximum score.\n" }, "maximumScoreEnabled": { "type": "boolean", "description": "Indicates if exceeding the maximum score is scanned.\n" }, "maximumScoreExcludeNoFix": { "type": "boolean" }, "monitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "name": { "type": "string" }, "onlyNoneRootUsers": { "type": "boolean", "description": "Indicates if raise a warning for images that should only be run as root.\n" }, "openshiftHardeningEnabled": { "type": "boolean" }, "packagesBlackListEnabled": { "type": "boolean", "description": "Indicates if packages blacklist is relevant.\n" }, "packagesBlackLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyPackagesBlackList:ImageAssurancePolicyPackagesBlackList" }, "description": "List of blacklisted images.\n" }, "packagesWhiteListEnabled": { "type": "boolean", "description": "Indicates if packages whitelist is relevant.\n" }, "packagesWhiteLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyPackagesWhiteList:ImageAssurancePolicyPackagesWhiteList" }, "description": "List of whitelisted images.\n" }, "partialResultsImageFail": { "type": "boolean" }, "permission": { "type": "string" }, "policySettings": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyPolicySettings:ImageAssurancePolicyPolicySettings" }, "readOnly": { "type": "boolean" }, "registries": { "type": "array", "items": { "type": "string" }, "description": "List of registries.\n" }, "registry": { "type": "string" }, "requiredLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyRequiredLabel:ImageAssurancePolicyRequiredLabel" } }, "requiredLabelsEnabled": { "type": "boolean" }, "scanMalwareInArchives": { "type": "boolean" }, "scanNfsMounts": { "type": "boolean" }, "scanProcessMemory": { "type": "boolean" }, "scanSensitiveData": { "type": "boolean", "description": "Indicates if scan should include sensitive data in the image.\n" }, "scanWindowsRegistry": { "type": "boolean" }, "scapEnabled": { "type": "boolean", "description": "Indicates if scanning should include scap.\n" }, "scapFiles": { "type": "array", "items": { "type": "string" }, "description": "List of SCAP user scripts for checks.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyScope:ImageAssurancePolicyScope" } }, "trustedBaseImages": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyTrustedBaseImage:ImageAssurancePolicyTrustedBaseImage" }, "description": "List of trusted images.\n" }, "trustedBaseImagesEnabled": { "type": "boolean", "description": "Indicates if list of trusted base images is relevant.\n" }, "vulnerabilityExploitability": { "type": "boolean" }, "vulnerabilityScoreRanges": { "type": "array", "items": { "type": "integer" } }, "whitelistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of whitelisted licenses.\n" }, "whitelistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" } }, "type": "object", "required": [ "applicationScopes", "assuranceType", "author", "autoScanTimes", "customSeverity", "ignoreRecentlyPublishedVlnPeriod", "lastupdate", "name", "permission", "policySettings", "scopes" ], "inputProperties": { "aggregatedVulnerability": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Aggregated vulnerability information.\n" }, "allowedImages": { "type": "array", "items": { "type": "string" }, "description": "List of explicitly allowed images.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" } }, "assuranceType": { "type": "string", "description": "What type of assurance policy is described.\n" }, "auditOnFailure": { "type": "boolean", "description": "Indicates if auditing for failures.\n" }, "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "autoScanConfigured": { "type": "boolean" }, "autoScanEnabled": { "type": "boolean" }, "autoScanTimes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyAutoScanTime:ImageAssurancePolicyAutoScanTime" } }, "blacklistPermissions": { "type": "array", "items": { "type": "string" }, "description": "List of function's forbidden permissions.\n" }, "blacklistPermissionsEnabled": { "type": "boolean", "description": "Indicates if blacklist permissions is relevant.\n" }, "blacklistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of blacklisted licenses.\n" }, "blacklistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" }, "blockFailed": { "type": "boolean", "description": "Indicates if failed images are blocked.\n" }, "controlExcludeNoFix": { "type": "boolean" }, "customChecks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyCustomCheck:ImageAssurancePolicyCustomCheck" }, "description": "List of Custom user scripts for checks.\n" }, "customChecksEnabled": { "type": "boolean", "description": "Indicates if scanning should include custom checks.\n" }, "customSeverity": { "type": "string" }, "customSeverityEnabled": { "type": "boolean" }, "cvesBlackListEnabled": { "type": "boolean", "description": "Indicates if CVEs blacklist is relevant.\n" }, "cvesBlackLists": { "type": "array", "items": { "type": "string" }, "description": "List of cves blacklisted items.\n" }, "cvesWhiteListEnabled": { "type": "boolean", "description": "Indicates if cves whitelist is relevant.\n" }, "cvesWhiteLists": { "type": "array", "items": { "type": "string" }, "description": "List of cves whitelisted licenses\n" }, "cvssSeverity": { "type": "string", "description": "Identifier of the cvss severity. Only applied if `cvss_severity_enabled` is set to `true`. Valid options: `critical`, `high`, `medium`, `low`.\n" }, "cvssSeverityEnabled": { "type": "boolean", "description": "Indicates if the cvss severity is scanned.\n" }, "cvssSeverityExcludeNoFix": { "type": "boolean", "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" }, "description": { "type": "string" }, "disallowExploitTypes": { "type": "array", "items": { "type": "string" } }, "disallowMalware": { "type": "boolean", "description": "Indicates if malware should block the image.\n" }, "dockerCisEnabled": { "type": "boolean", "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, "domain": { "type": "string", "description": "Name of the container image.\n" }, "domainName": { "type": "string" }, "dtaEnabled": { "type": "boolean" }, "dtaSeverity": { "type": "string" }, "enabled": { "type": "boolean" }, "enforce": { "type": "boolean" }, "enforceAfterDays": { "type": "integer" }, "enforceExcessivePermissions": { "type": "boolean" }, "exceptionalMonitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" } }, "failCicd": { "type": "boolean", "description": "Indicates if cicd failures will fail the image.\n" }, "forbiddenLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyForbiddenLabel:ImageAssurancePolicyForbiddenLabel" } }, "forbiddenLabelsEnabled": { "type": "boolean" }, "forceMicroenforcer": { "type": "boolean" }, "functionIntegrityEnabled": { "type": "boolean" }, "ignoreBaseImageVln": { "type": "boolean" }, "ignoreRecentlyPublishedVln": { "type": "boolean" }, "ignoreRecentlyPublishedVlnPeriod": { "type": "integer" }, "ignoreRiskResourcesEnabled": { "type": "boolean", "description": "Indicates if risk resources are ignored.\n" }, "ignoredRiskResources": { "type": "array", "items": { "type": "string" }, "description": "List of ignored risk resources.\n" }, "ignoredSensitiveResources": { "type": "array", "items": { "type": "string" } }, "images": { "type": "array", "items": { "type": "string" }, "description": "List of images.\n" }, "kubeCisEnabled": { "type": "boolean", "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, "kubernetesControls": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyKubernetesControls:ImageAssurancePolicyKubernetesControls", "description": "List of Kubernetes controls.\n" }, "kubernetesControlsAvdIds": { "type": "array", "items": { "type": "string" } }, "kubernetesControlsNames": { "type": "array", "items": { "type": "string" } }, "labels": { "type": "array", "items": { "type": "string" }, "description": "List of labels.\n" }, "lastupdate": { "type": "string" }, "linuxCisEnabled": { "type": "boolean" }, "malwareAction": { "type": "string" }, "maximumScore": { "type": "number", "description": "Value of allowed maximum score.\n" }, "maximumScoreEnabled": { "type": "boolean", "description": "Indicates if exceeding the maximum score is scanned.\n" }, "maximumScoreExcludeNoFix": { "type": "boolean" }, "monitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "name": { "type": "string", "willReplaceOnChanges": true }, "onlyNoneRootUsers": { "type": "boolean", "description": "Indicates if raise a warning for images that should only be run as root.\n" }, "openshiftHardeningEnabled": { "type": "boolean" }, "packagesBlackListEnabled": { "type": "boolean", "description": "Indicates if packages blacklist is relevant.\n" }, "packagesBlackLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyPackagesBlackList:ImageAssurancePolicyPackagesBlackList" }, "description": "List of blacklisted images.\n" }, "packagesWhiteListEnabled": { "type": "boolean", "description": "Indicates if packages whitelist is relevant.\n" }, "packagesWhiteLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyPackagesWhiteList:ImageAssurancePolicyPackagesWhiteList" }, "description": "List of whitelisted images.\n" }, "partialResultsImageFail": { "type": "boolean" }, "permission": { "type": "string" }, "policySettings": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyPolicySettings:ImageAssurancePolicyPolicySettings" }, "readOnly": { "type": "boolean" }, "registries": { "type": "array", "items": { "type": "string" }, "description": "List of registries.\n" }, "registry": { "type": "string" }, "requiredLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyRequiredLabel:ImageAssurancePolicyRequiredLabel" } }, "requiredLabelsEnabled": { "type": "boolean" }, "scanMalwareInArchives": { "type": "boolean" }, "scanNfsMounts": { "type": "boolean" }, "scanProcessMemory": { "type": "boolean" }, "scanSensitiveData": { "type": "boolean", "description": "Indicates if scan should include sensitive data in the image.\n" }, "scanWindowsRegistry": { "type": "boolean" }, "scapEnabled": { "type": "boolean", "description": "Indicates if scanning should include scap.\n" }, "scapFiles": { "type": "array", "items": { "type": "string" }, "description": "List of SCAP user scripts for checks.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyScope:ImageAssurancePolicyScope" } }, "trustedBaseImages": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyTrustedBaseImage:ImageAssurancePolicyTrustedBaseImage" }, "description": "List of trusted images.\n" }, "trustedBaseImagesEnabled": { "type": "boolean", "description": "Indicates if list of trusted base images is relevant.\n" }, "vulnerabilityExploitability": { "type": "boolean" }, "vulnerabilityScoreRanges": { "type": "array", "items": { "type": "integer" } }, "whitelistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of whitelisted licenses.\n" }, "whitelistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" } }, "requiredInputs": [ "applicationScopes" ], "stateInputs": { "description": "Input properties used for looking up and filtering ImageAssurancePolicy resources.\n", "properties": { "aggregatedVulnerability": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Aggregated vulnerability information.\n" }, "allowedImages": { "type": "array", "items": { "type": "string" }, "description": "List of explicitly allowed images.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" } }, "assuranceType": { "type": "string", "description": "What type of assurance policy is described.\n" }, "auditOnFailure": { "type": "boolean", "description": "Indicates if auditing for failures.\n" }, "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "autoScanConfigured": { "type": "boolean" }, "autoScanEnabled": { "type": "boolean" }, "autoScanTimes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyAutoScanTime:ImageAssurancePolicyAutoScanTime" } }, "blacklistPermissions": { "type": "array", "items": { "type": "string" }, "description": "List of function's forbidden permissions.\n" }, "blacklistPermissionsEnabled": { "type": "boolean", "description": "Indicates if blacklist permissions is relevant.\n" }, "blacklistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of blacklisted licenses.\n" }, "blacklistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" }, "blockFailed": { "type": "boolean", "description": "Indicates if failed images are blocked.\n" }, "controlExcludeNoFix": { "type": "boolean" }, "customChecks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyCustomCheck:ImageAssurancePolicyCustomCheck" }, "description": "List of Custom user scripts for checks.\n" }, "customChecksEnabled": { "type": "boolean", "description": "Indicates if scanning should include custom checks.\n" }, "customSeverity": { "type": "string" }, "customSeverityEnabled": { "type": "boolean" }, "cvesBlackListEnabled": { "type": "boolean", "description": "Indicates if CVEs blacklist is relevant.\n" }, "cvesBlackLists": { "type": "array", "items": { "type": "string" }, "description": "List of cves blacklisted items.\n" }, "cvesWhiteListEnabled": { "type": "boolean", "description": "Indicates if cves whitelist is relevant.\n" }, "cvesWhiteLists": { "type": "array", "items": { "type": "string" }, "description": "List of cves whitelisted licenses\n" }, "cvssSeverity": { "type": "string", "description": "Identifier of the cvss severity. Only applied if `cvss_severity_enabled` is set to `true`. Valid options: `critical`, `high`, `medium`, `low`.\n" }, "cvssSeverityEnabled": { "type": "boolean", "description": "Indicates if the cvss severity is scanned.\n" }, "cvssSeverityExcludeNoFix": { "type": "boolean", "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" }, "description": { "type": "string" }, "disallowExploitTypes": { "type": "array", "items": { "type": "string" } }, "disallowMalware": { "type": "boolean", "description": "Indicates if malware should block the image.\n" }, "dockerCisEnabled": { "type": "boolean", "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, "domain": { "type": "string", "description": "Name of the container image.\n" }, "domainName": { "type": "string" }, "dtaEnabled": { "type": "boolean" }, "dtaSeverity": { "type": "string" }, "enabled": { "type": "boolean" }, "enforce": { "type": "boolean" }, "enforceAfterDays": { "type": "integer" }, "enforceExcessivePermissions": { "type": "boolean" }, "exceptionalMonitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" } }, "failCicd": { "type": "boolean", "description": "Indicates if cicd failures will fail the image.\n" }, "forbiddenLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyForbiddenLabel:ImageAssurancePolicyForbiddenLabel" } }, "forbiddenLabelsEnabled": { "type": "boolean" }, "forceMicroenforcer": { "type": "boolean" }, "functionIntegrityEnabled": { "type": "boolean" }, "ignoreBaseImageVln": { "type": "boolean" }, "ignoreRecentlyPublishedVln": { "type": "boolean" }, "ignoreRecentlyPublishedVlnPeriod": { "type": "integer" }, "ignoreRiskResourcesEnabled": { "type": "boolean", "description": "Indicates if risk resources are ignored.\n" }, "ignoredRiskResources": { "type": "array", "items": { "type": "string" }, "description": "List of ignored risk resources.\n" }, "ignoredSensitiveResources": { "type": "array", "items": { "type": "string" } }, "images": { "type": "array", "items": { "type": "string" }, "description": "List of images.\n" }, "kubeCisEnabled": { "type": "boolean", "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, "kubernetesControls": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyKubernetesControls:ImageAssurancePolicyKubernetesControls", "description": "List of Kubernetes controls.\n" }, "kubernetesControlsAvdIds": { "type": "array", "items": { "type": "string" } }, "kubernetesControlsNames": { "type": "array", "items": { "type": "string" } }, "labels": { "type": "array", "items": { "type": "string" }, "description": "List of labels.\n" }, "lastupdate": { "type": "string" }, "linuxCisEnabled": { "type": "boolean" }, "malwareAction": { "type": "string" }, "maximumScore": { "type": "number", "description": "Value of allowed maximum score.\n" }, "maximumScoreEnabled": { "type": "boolean", "description": "Indicates if exceeding the maximum score is scanned.\n" }, "maximumScoreExcludeNoFix": { "type": "boolean" }, "monitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "name": { "type": "string", "willReplaceOnChanges": true }, "onlyNoneRootUsers": { "type": "boolean", "description": "Indicates if raise a warning for images that should only be run as root.\n" }, "openshiftHardeningEnabled": { "type": "boolean" }, "packagesBlackListEnabled": { "type": "boolean", "description": "Indicates if packages blacklist is relevant.\n" }, "packagesBlackLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyPackagesBlackList:ImageAssurancePolicyPackagesBlackList" }, "description": "List of blacklisted images.\n" }, "packagesWhiteListEnabled": { "type": "boolean", "description": "Indicates if packages whitelist is relevant.\n" }, "packagesWhiteLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyPackagesWhiteList:ImageAssurancePolicyPackagesWhiteList" }, "description": "List of whitelisted images.\n" }, "partialResultsImageFail": { "type": "boolean" }, "permission": { "type": "string" }, "policySettings": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyPolicySettings:ImageAssurancePolicyPolicySettings" }, "readOnly": { "type": "boolean" }, "registries": { "type": "array", "items": { "type": "string" }, "description": "List of registries.\n" }, "registry": { "type": "string" }, "requiredLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyRequiredLabel:ImageAssurancePolicyRequiredLabel" } }, "requiredLabelsEnabled": { "type": "boolean" }, "scanMalwareInArchives": { "type": "boolean" }, "scanNfsMounts": { "type": "boolean" }, "scanProcessMemory": { "type": "boolean" }, "scanSensitiveData": { "type": "boolean", "description": "Indicates if scan should include sensitive data in the image.\n" }, "scanWindowsRegistry": { "type": "boolean" }, "scapEnabled": { "type": "boolean", "description": "Indicates if scanning should include scap.\n" }, "scapFiles": { "type": "array", "items": { "type": "string" }, "description": "List of SCAP user scripts for checks.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyScope:ImageAssurancePolicyScope" } }, "trustedBaseImages": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FImageAssurancePolicyTrustedBaseImage:ImageAssurancePolicyTrustedBaseImage" }, "description": "List of trusted images.\n" }, "trustedBaseImagesEnabled": { "type": "boolean", "description": "Indicates if list of trusted base images is relevant.\n" }, "vulnerabilityExploitability": { "type": "boolean" }, "vulnerabilityScoreRanges": { "type": "array", "items": { "type": "integer" } }, "whitelistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of whitelisted licenses.\n" }, "whitelistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" } }, "type": "object" } }, "aquasec:index/integrationRegistry:IntegrationRegistry": { "description": "## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst integrationRegistry = new aquasec.IntegrationRegistry(\"integrationRegistry\", {\n advancedSettingsCleanup: false,\n alwaysPullPatterns: [\n \":latest\",\n \":v1\",\n ],\n author: \"aqua@aquasec.com\",\n autoCleanup: false,\n autoPull: true,\n autoPullInterval: 1,\n autoPullMax: 100,\n autoPullRescan: false,\n autoPullTime: \"08:45\",\n description: \"Automatically discovered registry\",\n imageCreationDateCondition: \"image_count\",\n options: [\n {\n option: \"ARNRole\",\n value: \"arn:aws:iam::111111111111:role/terraform\",\n },\n {\n option: \"sts:ExternalId\",\n value: \"test1-test2-test3\",\n },\n {\n option: \"TestImagePull\",\n value: \"nginx:latest\",\n },\n ],\n password: \"\",\n prefixes: [\"111111111111.dkr.ecr.us-east-1.amazonaws.com\"],\n pullImageAge: \"0D\",\n pullImageCount: 3,\n pullImageTagPatterns: [\n \":Latest\",\n \":latest\",\n ],\n pullRepoPatternsExcludeds: [\n \":xyz\",\n \":onlytest\",\n ],\n scannerNames: [],\n scannerType: \"any\",\n type: \"AWS\",\n url: \"us-east-1\",\n username: \"\",\n webhooks: [{\n authToken: \"test1-test2-test3\",\n enabled: true,\n unQuarantine: false,\n url: \"https://aquasec.com/\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nintegration_registry = aquasec.IntegrationRegistry(\"integrationRegistry\",\n advanced_settings_cleanup=False,\n always_pull_patterns=[\n \":latest\",\n \":v1\",\n ],\n author=\"aqua@aquasec.com\",\n auto_cleanup=False,\n auto_pull=True,\n auto_pull_interval=1,\n auto_pull_max=100,\n auto_pull_rescan=False,\n auto_pull_time=\"08:45\",\n description=\"Automatically discovered registry\",\n image_creation_date_condition=\"image_count\",\n options=[\n aquasec.IntegrationRegistryOptionArgs(\n option=\"ARNRole\",\n value=\"arn:aws:iam::111111111111:role/terraform\",\n ),\n aquasec.IntegrationRegistryOptionArgs(\n option=\"sts:ExternalId\",\n value=\"test1-test2-test3\",\n ),\n aquasec.IntegrationRegistryOptionArgs(\n option=\"TestImagePull\",\n value=\"nginx:latest\",\n ),\n ],\n password=\"\",\n prefixes=[\"111111111111.dkr.ecr.us-east-1.amazonaws.com\"],\n pull_image_age=\"0D\",\n pull_image_count=3,\n pull_image_tag_patterns=[\n \":Latest\",\n \":latest\",\n ],\n pull_repo_patterns_excludeds=[\n \":xyz\",\n \":onlytest\",\n ],\n scanner_names=[],\n scanner_type=\"any\",\n type=\"AWS\",\n url=\"us-east-1\",\n username=\"\",\n webhooks=[aquasec.IntegrationRegistryWebhookArgs(\n auth_token=\"test1-test2-test3\",\n enabled=True,\n un_quarantine=False,\n url=\"https://aquasec.com/\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() => \n{\n var integrationRegistry = new Aquasec.IntegrationRegistry(\"integrationRegistry\", new()\n {\n AdvancedSettingsCleanup = false,\n AlwaysPullPatterns = new[]\n {\n \":latest\",\n \":v1\",\n },\n Author = \"aqua@aquasec.com\",\n AutoCleanup = false,\n AutoPull = true,\n AutoPullInterval = 1,\n AutoPullMax = 100,\n AutoPullRescan = false,\n AutoPullTime = \"08:45\",\n Description = \"Automatically discovered registry\",\n ImageCreationDateCondition = \"image_count\",\n Options = new[]\n {\n new Aquasec.Inputs.IntegrationRegistryOptionArgs\n {\n Option = \"ARNRole\",\n Value = \"arn:aws:iam::111111111111:role/terraform\",\n },\n new Aquasec.Inputs.IntegrationRegistryOptionArgs\n {\n Option = \"sts:ExternalId\",\n Value = \"test1-test2-test3\",\n },\n new Aquasec.Inputs.IntegrationRegistryOptionArgs\n {\n Option = \"TestImagePull\",\n Value = \"nginx:latest\",\n },\n },\n Password = \"\",\n Prefixes = new[]\n {\n \"111111111111.dkr.ecr.us-east-1.amazonaws.com\",\n },\n PullImageAge = \"0D\",\n PullImageCount = 3,\n PullImageTagPatterns = new[]\n {\n \":Latest\",\n \":latest\",\n },\n PullRepoPatternsExcludeds = new[]\n {\n \":xyz\",\n \":onlytest\",\n },\n ScannerNames = new[] {},\n ScannerType = \"any\",\n Type = \"AWS\",\n Url = \"us-east-1\",\n Username = \"\",\n Webhooks = new[]\n {\n new Aquasec.Inputs.IntegrationRegistryWebhookArgs\n {\n AuthToken = \"test1-test2-test3\",\n Enabled = true,\n UnQuarantine = false,\n Url = \"https://aquasec.com/\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewIntegrationRegistry(ctx, \"integrationRegistry\", &aquasec.IntegrationRegistryArgs{\n\t\t\tAdvancedSettingsCleanup: pulumi.Bool(false),\n\t\t\tAlwaysPullPatterns: pulumi.StringArray{\n\t\t\t\tpulumi.String(\":latest\"),\n\t\t\t\tpulumi.String(\":v1\"),\n\t\t\t},\n\t\t\tAuthor: pulumi.String(\"aqua@aquasec.com\"),\n\t\t\tAutoCleanup: pulumi.Bool(false),\n\t\t\tAutoPull: pulumi.Bool(true),\n\t\t\tAutoPullInterval: pulumi.Int(1),\n\t\t\tAutoPullMax: pulumi.Int(100),\n\t\t\tAutoPullRescan: pulumi.Bool(false),\n\t\t\tAutoPullTime: pulumi.String(\"08:45\"),\n\t\t\tDescription: pulumi.String(\"Automatically discovered registry\"),\n\t\t\tImageCreationDateCondition: pulumi.String(\"image_count\"),\n\t\t\tOptions: aquasec.IntegrationRegistryOptionArray{\n\t\t\t\t&aquasec.IntegrationRegistryOptionArgs{\n\t\t\t\t\tOption: pulumi.String(\"ARNRole\"),\n\t\t\t\t\tValue: pulumi.String(\"arn:aws:iam::111111111111:role/terraform\"),\n\t\t\t\t},\n\t\t\t\t&aquasec.IntegrationRegistryOptionArgs{\n\t\t\t\t\tOption: pulumi.String(\"sts:ExternalId\"),\n\t\t\t\t\tValue: pulumi.String(\"test1-test2-test3\"),\n\t\t\t\t},\n\t\t\t\t&aquasec.IntegrationRegistryOptionArgs{\n\t\t\t\t\tOption: pulumi.String(\"TestImagePull\"),\n\t\t\t\t\tValue: pulumi.String(\"nginx:latest\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPassword: pulumi.String(\"\"),\n\t\t\tPrefixes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"111111111111.dkr.ecr.us-east-1.amazonaws.com\"),\n\t\t\t},\n\t\t\tPullImageAge: pulumi.String(\"0D\"),\n\t\t\tPullImageCount: pulumi.Int(3),\n\t\t\tPullImageTagPatterns: pulumi.StringArray{\n\t\t\t\tpulumi.String(\":Latest\"),\n\t\t\t\tpulumi.String(\":latest\"),\n\t\t\t},\n\t\t\tPullRepoPatternsExcludeds: pulumi.StringArray{\n\t\t\t\tpulumi.String(\":xyz\"),\n\t\t\t\tpulumi.String(\":onlytest\"),\n\t\t\t},\n\t\t\tScannerNames: pulumi.StringArray{},\n\t\t\tScannerType: pulumi.String(\"any\"),\n\t\t\tType: pulumi.String(\"AWS\"),\n\t\t\tUrl: pulumi.String(\"us-east-1\"),\n\t\t\tUsername: pulumi.String(\"\"),\n\t\t\tWebhooks: aquasec.IntegrationRegistryWebhookArray{\n\t\t\t\t&aquasec.IntegrationRegistryWebhookArgs{\n\t\t\t\t\tAuthToken: pulumi.String(\"test1-test2-test3\"),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tUnQuarantine: pulumi.Bool(false),\n\t\t\t\t\tUrl: pulumi.String(\"https://aquasec.com/\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.IntegrationRegistry;\nimport com.pulumi.aquasec.IntegrationRegistryArgs;\nimport com.pulumi.aquasec.inputs.IntegrationRegistryOptionArgs;\nimport com.pulumi.aquasec.inputs.IntegrationRegistryWebhookArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var integrationRegistry = new IntegrationRegistry(\"integrationRegistry\", IntegrationRegistryArgs.builder()\n .advancedSettingsCleanup(false)\n .alwaysPullPatterns( \n \":latest\",\n \":v1\")\n .author(\"aqua@aquasec.com\")\n .autoCleanup(false)\n .autoPull(true)\n .autoPullInterval(1)\n .autoPullMax(100)\n .autoPullRescan(false)\n .autoPullTime(\"08:45\")\n .description(\"Automatically discovered registry\")\n .imageCreationDateCondition(\"image_count\")\n .options( \n IntegrationRegistryOptionArgs.builder()\n .option(\"ARNRole\")\n .value(\"arn:aws:iam::111111111111:role/terraform\")\n .build(),\n IntegrationRegistryOptionArgs.builder()\n .option(\"sts:ExternalId\")\n .value(\"test1-test2-test3\")\n .build(),\n IntegrationRegistryOptionArgs.builder()\n .option(\"TestImagePull\")\n .value(\"nginx:latest\")\n .build())\n .password(\"\")\n .prefixes(\"111111111111.dkr.ecr.us-east-1.amazonaws.com\")\n .pullImageAge(\"0D\")\n .pullImageCount(3)\n .pullImageTagPatterns( \n \":Latest\",\n \":latest\")\n .pullRepoPatternsExcludeds( \n \":xyz\",\n \":onlytest\")\n .scannerNames()\n .scannerType(\"any\")\n .type(\"AWS\")\n .url(\"us-east-1\")\n .username(\"\")\n .webhooks(IntegrationRegistryWebhookArgs.builder()\n .authToken(\"test1-test2-test3\")\n .enabled(true)\n .unQuarantine(false)\n .url(\"https://aquasec.com/\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n integrationRegistry:\n type: aquasec:IntegrationRegistry\n properties:\n advancedSettingsCleanup: false\n alwaysPullPatterns:\n - :latest\n - :v1\n author: aqua@aquasec.com\n autoCleanup: false\n autoPull: true\n autoPullInterval: 1\n autoPullMax: 100\n autoPullRescan: false\n autoPullTime: 08:45\n description: Automatically discovered registry\n imageCreationDateCondition: image_count\n options:\n - option: ARNRole\n value: arn:aws:iam::111111111111:role/terraform\n - option: sts:ExternalId\n value: test1-test2-test3\n - option: TestImagePull\n value: nginx:latest\n password:\n prefixes:\n - 111111111111.dkr.ecr.us-east-1.amazonaws.com\n pullImageAge: 0D\n pullImageCount: 3\n pullImageTagPatterns:\n - :Latest\n - :latest\n pullRepoPatternsExcludeds:\n - :xyz\n - :onlytest\n scannerNames: []\n scannerType: any\n type: AWS\n url: us-east-1\n username:\n webhooks:\n - authToken: test1-test2-test3\n enabled: true\n unQuarantine: false\n url: https://aquasec.com/\n```\n\n", "properties": { "advancedSettingsCleanup": { "type": "boolean", "description": "Automatically clean up that don't match the pull criteria\n" }, "alwaysPullPatterns": { "type": "array", "items": { "type": "string" }, "description": "List of image patterns to pull always\n" }, "author": { "type": "string", "description": "The username of the user who created or last modified the registry\n" }, "autoCleanup": { "type": "boolean", "description": "Automatically clean up images and repositories which are no longer present in the registry from Aqua console\n" }, "autoPull": { "type": "boolean", "description": "Whether to automatically pull images from the registry on creation and daily\n" }, "autoPullInterval": { "type": "integer", "description": "The interval in days to start pulling new images from the registry, Defaults to 1\n" }, "autoPullMax": { "type": "integer", "description": "Maximum number of repositories to pull every day, defaults to 100\n" }, "autoPullRescan": { "type": "boolean", "description": "Whether to automatically pull and rescan images from the registry on creation and daily\n" }, "autoPullTime": { "type": "string", "description": "The time of day to start pulling new images from the registry, in the format HH:MM (24-hour clock), defaults to 03:00\n" }, "description": { "type": "string", "description": "The description of the registry\n" }, "imageCreationDateCondition": { "type": "string", "description": "Additional condition for pulling and rescanning images, Defaults to 'none'\n" }, "lastupdate": { "type": "integer", "description": "The last time the registry was modified in UNIX time\n" }, "name": { "type": "string", "description": "The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces\n" }, "options": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FIntegrationRegistryOption:IntegrationRegistryOption" } }, "password": { "type": "string", "description": "The password for registry authentication\n" }, "prefixes": { "type": "array", "items": { "type": "string" }, "description": "List of possible prefixes to image names pulled from the registry\n" }, "pullImageAge": { "type": "string", "description": "When auto pull image enabled, sets maximum age of auto pulled images (for example for 5 Days the value should be: 5D), Requires `image_creation_date_condition = \"image_age\"`\n" }, "pullImageCount": { "type": "integer", "description": "When auto pull image enabled, sets maximum age of auto pulled images tags from each repository (based on image creation date) Requires `image_creation_date_condition = \"image_count\"`\n" }, "pullImageTagPatterns": { "type": "array", "items": { "type": "string" }, "description": "List of image tags patterns to pull\n" }, "pullRepoPatternsExcludeds": { "type": "array", "items": { "type": "string" }, "description": "List of image patterns to exclude\n" }, "registryScanTimeout": { "type": "integer", "description": "Registry scan timeout in Minutes\n" }, "scannerNames": { "type": "array", "items": { "type": "string" }, "description": "List of scanner names\n" }, "scannerType": { "type": "string", "description": "The Scanner type\n" }, "type": { "type": "string", "description": "Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR).\n" }, "url": { "type": "string", "description": "The URL, address or region of the registry\n" }, "username": { "type": "string", "description": "The username for registry authentication.\n" }, "webhooks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FIntegrationRegistryWebhook:IntegrationRegistryWebhook" }, "description": "When enabled, registry events are sent to the given Aqua webhook url\n" } }, "type": "object", "required": [ "author", "imageCreationDateCondition", "lastupdate", "name", "prefixes", "pullImageAge", "pullImageCount", "scannerType", "type", "url", "webhooks" ], "inputProperties": { "advancedSettingsCleanup": { "type": "boolean", "description": "Automatically clean up that don't match the pull criteria\n" }, "alwaysPullPatterns": { "type": "array", "items": { "type": "string" }, "description": "List of image patterns to pull always\n" }, "author": { "type": "string", "description": "The username of the user who created or last modified the registry\n" }, "autoCleanup": { "type": "boolean", "description": "Automatically clean up images and repositories which are no longer present in the registry from Aqua console\n" }, "autoPull": { "type": "boolean", "description": "Whether to automatically pull images from the registry on creation and daily\n" }, "autoPullInterval": { "type": "integer", "description": "The interval in days to start pulling new images from the registry, Defaults to 1\n" }, "autoPullMax": { "type": "integer", "description": "Maximum number of repositories to pull every day, defaults to 100\n" }, "autoPullRescan": { "type": "boolean", "description": "Whether to automatically pull and rescan images from the registry on creation and daily\n" }, "autoPullTime": { "type": "string", "description": "The time of day to start pulling new images from the registry, in the format HH:MM (24-hour clock), defaults to 03:00\n" }, "description": { "type": "string", "description": "The description of the registry\n" }, "imageCreationDateCondition": { "type": "string", "description": "Additional condition for pulling and rescanning images, Defaults to 'none'\n" }, "lastupdate": { "type": "integer", "description": "The last time the registry was modified in UNIX time\n" }, "name": { "type": "string", "description": "The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces\n", "willReplaceOnChanges": true }, "options": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FIntegrationRegistryOption:IntegrationRegistryOption" } }, "password": { "type": "string", "description": "The password for registry authentication\n" }, "prefixes": { "type": "array", "items": { "type": "string" }, "description": "List of possible prefixes to image names pulled from the registry\n" }, "pullImageAge": { "type": "string", "description": "When auto pull image enabled, sets maximum age of auto pulled images (for example for 5 Days the value should be: 5D), Requires `image_creation_date_condition = \"image_age\"`\n" }, "pullImageCount": { "type": "integer", "description": "When auto pull image enabled, sets maximum age of auto pulled images tags from each repository (based on image creation date) Requires `image_creation_date_condition = \"image_count\"`\n" }, "pullImageTagPatterns": { "type": "array", "items": { "type": "string" }, "description": "List of image tags patterns to pull\n" }, "pullRepoPatternsExcludeds": { "type": "array", "items": { "type": "string" }, "description": "List of image patterns to exclude\n" }, "registryScanTimeout": { "type": "integer", "description": "Registry scan timeout in Minutes\n" }, "scannerNames": { "type": "array", "items": { "type": "string" }, "description": "List of scanner names\n" }, "scannerType": { "type": "string", "description": "The Scanner type\n" }, "type": { "type": "string", "description": "Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR).\n" }, "url": { "type": "string", "description": "The URL, address or region of the registry\n" }, "username": { "type": "string", "description": "The username for registry authentication.\n" }, "webhooks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FIntegrationRegistryWebhook:IntegrationRegistryWebhook" }, "description": "When enabled, registry events are sent to the given Aqua webhook url\n" } }, "requiredInputs": [ "type" ], "stateInputs": { "description": "Input properties used for looking up and filtering IntegrationRegistry resources.\n", "properties": { "advancedSettingsCleanup": { "type": "boolean", "description": "Automatically clean up that don't match the pull criteria\n" }, "alwaysPullPatterns": { "type": "array", "items": { "type": "string" }, "description": "List of image patterns to pull always\n" }, "author": { "type": "string", "description": "The username of the user who created or last modified the registry\n" }, "autoCleanup": { "type": "boolean", "description": "Automatically clean up images and repositories which are no longer present in the registry from Aqua console\n" }, "autoPull": { "type": "boolean", "description": "Whether to automatically pull images from the registry on creation and daily\n" }, "autoPullInterval": { "type": "integer", "description": "The interval in days to start pulling new images from the registry, Defaults to 1\n" }, "autoPullMax": { "type": "integer", "description": "Maximum number of repositories to pull every day, defaults to 100\n" }, "autoPullRescan": { "type": "boolean", "description": "Whether to automatically pull and rescan images from the registry on creation and daily\n" }, "autoPullTime": { "type": "string", "description": "The time of day to start pulling new images from the registry, in the format HH:MM (24-hour clock), defaults to 03:00\n" }, "description": { "type": "string", "description": "The description of the registry\n" }, "imageCreationDateCondition": { "type": "string", "description": "Additional condition for pulling and rescanning images, Defaults to 'none'\n" }, "lastupdate": { "type": "integer", "description": "The last time the registry was modified in UNIX time\n" }, "name": { "type": "string", "description": "The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces\n", "willReplaceOnChanges": true }, "options": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FIntegrationRegistryOption:IntegrationRegistryOption" } }, "password": { "type": "string", "description": "The password for registry authentication\n" }, "prefixes": { "type": "array", "items": { "type": "string" }, "description": "List of possible prefixes to image names pulled from the registry\n" }, "pullImageAge": { "type": "string", "description": "When auto pull image enabled, sets maximum age of auto pulled images (for example for 5 Days the value should be: 5D), Requires `image_creation_date_condition = \"image_age\"`\n" }, "pullImageCount": { "type": "integer", "description": "When auto pull image enabled, sets maximum age of auto pulled images tags from each repository (based on image creation date) Requires `image_creation_date_condition = \"image_count\"`\n" }, "pullImageTagPatterns": { "type": "array", "items": { "type": "string" }, "description": "List of image tags patterns to pull\n" }, "pullRepoPatternsExcludeds": { "type": "array", "items": { "type": "string" }, "description": "List of image patterns to exclude\n" }, "registryScanTimeout": { "type": "integer", "description": "Registry scan timeout in Minutes\n" }, "scannerNames": { "type": "array", "items": { "type": "string" }, "description": "List of scanner names\n" }, "scannerType": { "type": "string", "description": "The Scanner type\n" }, "type": { "type": "string", "description": "Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR).\n" }, "url": { "type": "string", "description": "The URL, address or region of the registry\n" }, "username": { "type": "string", "description": "The username for registry authentication.\n" }, "webhooks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FIntegrationRegistryWebhook:IntegrationRegistryWebhook" }, "description": "When enabled, registry events are sent to the given Aqua webhook url\n" } }, "type": "object" } }, "aquasec:index/kubernetesAssurancePolicy:KubernetesAssurancePolicy": { "description": "Kubernetes Assurance is responsible for checking the security of workload configurations at the pod level, with respect to your organization's security requirements.\n", "properties": { "aggregatedVulnerability": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Aggregated vulnerability information.\n" }, "allowedImages": { "type": "array", "items": { "type": "string" }, "description": "List of explicitly allowed images.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" } }, "assuranceType": { "type": "string", "description": "What type of assurance policy is described.\n" }, "auditOnFailure": { "type": "boolean", "description": "Indicates if auditing for failures.\n" }, "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "autoScanConfigured": { "type": "boolean" }, "autoScanEnabled": { "type": "boolean" }, "autoScanTimes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyAutoScanTime:KubernetesAssurancePolicyAutoScanTime" } }, "blacklistPermissions": { "type": "array", "items": { "type": "string" }, "description": "List of function's forbidden permissions.\n" }, "blacklistPermissionsEnabled": { "type": "boolean", "description": "Indicates if blacklist permissions is relevant.\n" }, "blacklistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of blacklisted licenses.\n" }, "blacklistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" }, "blockFailed": { "type": "boolean", "description": "Indicates if failed images are blocked.\n" }, "controlExcludeNoFix": { "type": "boolean" }, "customChecks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyCustomCheck:KubernetesAssurancePolicyCustomCheck" }, "description": "List of Custom user scripts for checks.\n" }, "customChecksEnabled": { "type": "boolean", "description": "Indicates if scanning should include custom checks.\n" }, "customSeverity": { "type": "string" }, "customSeverityEnabled": { "type": "boolean" }, "cvesBlackListEnabled": { "type": "boolean", "description": "Indicates if CVEs blacklist is relevant.\n" }, "cvesBlackLists": { "type": "array", "items": { "type": "string" }, "description": "List of CVEs blacklisted items.\n" }, "cvesWhiteListEnabled": { "type": "boolean", "description": "Indicates if CVEs whitelist is relevant.\n" }, "cvesWhiteLists": { "type": "array", "items": { "type": "string" }, "description": "List of cves whitelisted licenses\n" }, "cvssSeverity": { "type": "string", "description": "Identifier of the cvss severity.\n" }, "cvssSeverityEnabled": { "type": "boolean", "description": "Indicates if the cvss severity is scanned.\n" }, "cvssSeverityExcludeNoFix": { "type": "boolean", "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" }, "description": { "type": "string" }, "disallowExploitTypes": { "type": "array", "items": { "type": "string" } }, "disallowMalware": { "type": "boolean", "description": "Indicates if malware should block the image.\n" }, "dockerCisEnabled": { "type": "boolean", "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, "domain": { "type": "string", "description": "Name of the container image.\n" }, "domainName": { "type": "string" }, "dtaEnabled": { "type": "boolean" }, "dtaSeverity": { "type": "string" }, "enabled": { "type": "boolean" }, "enforce": { "type": "boolean" }, "enforceAfterDays": { "type": "integer" }, "enforceExcessivePermissions": { "type": "boolean" }, "exceptionalMonitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" } }, "failCicd": { "type": "boolean", "description": "Indicates if cicd failures will fail the image.\n" }, "forbiddenLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyForbiddenLabel:KubernetesAssurancePolicyForbiddenLabel" } }, "forbiddenLabelsEnabled": { "type": "boolean" }, "forceMicroenforcer": { "type": "boolean" }, "functionIntegrityEnabled": { "type": "boolean" }, "ignoreBaseImageVln": { "type": "boolean" }, "ignoreRecentlyPublishedVln": { "type": "boolean" }, "ignoreRecentlyPublishedVlnPeriod": { "type": "integer" }, "ignoreRiskResourcesEnabled": { "type": "boolean", "description": "Indicates if risk resources are ignored.\n" }, "ignoredRiskResources": { "type": "array", "items": { "type": "string" }, "description": "List of ignored risk resources.\n" }, "ignoredSensitiveResources": { "type": "array", "items": { "type": "string" } }, "images": { "type": "array", "items": { "type": "string" }, "description": "List of images.\n" }, "kubeCisEnabled": { "type": "boolean", "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, "kubernetesControls": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyKubernetesControl:KubernetesAssurancePolicyKubernetesControl" }, "description": "List of Kubernetes controls.\n" }, "kubernetesControlsAvdIds": { "type": "array", "items": { "type": "string" } }, "kubernetesControlsNames": { "type": "array", "items": { "type": "string" }, "description": "List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID <= 10000', 'Runs with UID <= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted'\n" }, "labels": { "type": "array", "items": { "type": "string" }, "description": "List of labels.\n" }, "lastupdate": { "type": "string" }, "linuxCisEnabled": { "type": "boolean" }, "malwareAction": { "type": "string" }, "maximumScore": { "type": "number", "description": "Value of allowed maximum score.\n" }, "maximumScoreEnabled": { "type": "boolean", "description": "Indicates if exceeding the maximum score is scanned.\n" }, "maximumScoreExcludeNoFix": { "type": "boolean", "description": "Indicates that policy should ignore cases that do not have a known fix.\n" }, "monitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "name": { "type": "string" }, "onlyNoneRootUsers": { "type": "boolean", "description": "Indicates if raise a warning for images that should only be run as root.\n" }, "openshiftHardeningEnabled": { "type": "boolean" }, "packagesBlackListEnabled": { "type": "boolean", "description": "Indicates if packages blacklist is relevant.\n" }, "packagesBlackLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyPackagesBlackList:KubernetesAssurancePolicyPackagesBlackList" }, "description": "List of blacklisted images.\n" }, "packagesWhiteListEnabled": { "type": "boolean", "description": "Indicates if packages whitelist is relevant.\n" }, "packagesWhiteLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyPackagesWhiteList:KubernetesAssurancePolicyPackagesWhiteList" }, "description": "List of whitelisted images.\n" }, "partialResultsImageFail": { "type": "boolean" }, "permission": { "type": "string" }, "policySettings": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyPolicySettings:KubernetesAssurancePolicyPolicySettings" }, "readOnly": { "type": "boolean" }, "registries": { "type": "array", "items": { "type": "string" }, "description": "List of registries.\n" }, "registry": { "type": "string" }, "requiredLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyRequiredLabel:KubernetesAssurancePolicyRequiredLabel" } }, "requiredLabelsEnabled": { "type": "boolean" }, "scanMalwareInArchives": { "type": "boolean" }, "scanNfsMounts": { "type": "boolean" }, "scanProcessMemory": { "type": "boolean" }, "scanSensitiveData": { "type": "boolean", "description": "Indicates if scan should include sensitive data in the image.\n" }, "scanWindowsRegistry": { "type": "boolean" }, "scapEnabled": { "type": "boolean", "description": "Indicates if scanning should include scap.\n" }, "scapFiles": { "type": "array", "items": { "type": "string" }, "description": "List of SCAP user scripts for checks.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyScope:KubernetesAssurancePolicyScope" } }, "trustedBaseImages": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyTrustedBaseImage:KubernetesAssurancePolicyTrustedBaseImage" }, "description": "List of trusted images.\n" }, "trustedBaseImagesEnabled": { "type": "boolean", "description": "Indicates if list of trusted base images is relevant.\n" }, "vulnerabilityExploitability": { "type": "boolean" }, "vulnerabilityScoreRanges": { "type": "array", "items": { "type": "integer" } }, "whitelistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of whitelisted licenses.\n" }, "whitelistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" } }, "type": "object", "required": [ "applicationScopes", "assuranceType", "author", "autoScanTimes", "customSeverity", "ignoreRecentlyPublishedVlnPeriod", "kubernetesControls", "lastupdate", "name", "permission", "policySettings", "scopes" ], "inputProperties": { "aggregatedVulnerability": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Aggregated vulnerability information.\n" }, "allowedImages": { "type": "array", "items": { "type": "string" }, "description": "List of explicitly allowed images.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" } }, "assuranceType": { "type": "string", "description": "What type of assurance policy is described.\n" }, "auditOnFailure": { "type": "boolean", "description": "Indicates if auditing for failures.\n" }, "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "autoScanConfigured": { "type": "boolean" }, "autoScanEnabled": { "type": "boolean" }, "autoScanTimes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyAutoScanTime:KubernetesAssurancePolicyAutoScanTime" } }, "blacklistPermissions": { "type": "array", "items": { "type": "string" }, "description": "List of function's forbidden permissions.\n" }, "blacklistPermissionsEnabled": { "type": "boolean", "description": "Indicates if blacklist permissions is relevant.\n" }, "blacklistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of blacklisted licenses.\n" }, "blacklistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" }, "blockFailed": { "type": "boolean", "description": "Indicates if failed images are blocked.\n" }, "controlExcludeNoFix": { "type": "boolean" }, "customChecks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyCustomCheck:KubernetesAssurancePolicyCustomCheck" }, "description": "List of Custom user scripts for checks.\n" }, "customChecksEnabled": { "type": "boolean", "description": "Indicates if scanning should include custom checks.\n" }, "customSeverity": { "type": "string" }, "customSeverityEnabled": { "type": "boolean" }, "cvesBlackListEnabled": { "type": "boolean", "description": "Indicates if CVEs blacklist is relevant.\n" }, "cvesBlackLists": { "type": "array", "items": { "type": "string" }, "description": "List of CVEs blacklisted items.\n" }, "cvesWhiteListEnabled": { "type": "boolean", "description": "Indicates if CVEs whitelist is relevant.\n" }, "cvesWhiteLists": { "type": "array", "items": { "type": "string" }, "description": "List of cves whitelisted licenses\n" }, "cvssSeverity": { "type": "string", "description": "Identifier of the cvss severity.\n" }, "cvssSeverityEnabled": { "type": "boolean", "description": "Indicates if the cvss severity is scanned.\n" }, "cvssSeverityExcludeNoFix": { "type": "boolean", "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" }, "description": { "type": "string" }, "disallowExploitTypes": { "type": "array", "items": { "type": "string" } }, "disallowMalware": { "type": "boolean", "description": "Indicates if malware should block the image.\n" }, "dockerCisEnabled": { "type": "boolean", "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, "domain": { "type": "string", "description": "Name of the container image.\n" }, "domainName": { "type": "string" }, "dtaEnabled": { "type": "boolean" }, "dtaSeverity": { "type": "string" }, "enabled": { "type": "boolean" }, "enforce": { "type": "boolean" }, "enforceAfterDays": { "type": "integer" }, "enforceExcessivePermissions": { "type": "boolean" }, "exceptionalMonitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" } }, "failCicd": { "type": "boolean", "description": "Indicates if cicd failures will fail the image.\n" }, "forbiddenLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyForbiddenLabel:KubernetesAssurancePolicyForbiddenLabel" } }, "forbiddenLabelsEnabled": { "type": "boolean" }, "forceMicroenforcer": { "type": "boolean" }, "functionIntegrityEnabled": { "type": "boolean" }, "ignoreBaseImageVln": { "type": "boolean" }, "ignoreRecentlyPublishedVln": { "type": "boolean" }, "ignoreRecentlyPublishedVlnPeriod": { "type": "integer" }, "ignoreRiskResourcesEnabled": { "type": "boolean", "description": "Indicates if risk resources are ignored.\n" }, "ignoredRiskResources": { "type": "array", "items": { "type": "string" }, "description": "List of ignored risk resources.\n" }, "ignoredSensitiveResources": { "type": "array", "items": { "type": "string" } }, "images": { "type": "array", "items": { "type": "string" }, "description": "List of images.\n" }, "kubeCisEnabled": { "type": "boolean", "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, "kubernetesControls": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyKubernetesControl:KubernetesAssurancePolicyKubernetesControl" }, "description": "List of Kubernetes controls.\n" }, "kubernetesControlsAvdIds": { "type": "array", "items": { "type": "string" } }, "kubernetesControlsNames": { "type": "array", "items": { "type": "string" }, "description": "List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID <= 10000', 'Runs with UID <= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted'\n" }, "labels": { "type": "array", "items": { "type": "string" }, "description": "List of labels.\n" }, "lastupdate": { "type": "string" }, "linuxCisEnabled": { "type": "boolean" }, "malwareAction": { "type": "string" }, "maximumScore": { "type": "number", "description": "Value of allowed maximum score.\n" }, "maximumScoreEnabled": { "type": "boolean", "description": "Indicates if exceeding the maximum score is scanned.\n" }, "maximumScoreExcludeNoFix": { "type": "boolean", "description": "Indicates that policy should ignore cases that do not have a known fix.\n" }, "monitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "name": { "type": "string", "willReplaceOnChanges": true }, "onlyNoneRootUsers": { "type": "boolean", "description": "Indicates if raise a warning for images that should only be run as root.\n" }, "openshiftHardeningEnabled": { "type": "boolean" }, "packagesBlackListEnabled": { "type": "boolean", "description": "Indicates if packages blacklist is relevant.\n" }, "packagesBlackLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyPackagesBlackList:KubernetesAssurancePolicyPackagesBlackList" }, "description": "List of blacklisted images.\n" }, "packagesWhiteListEnabled": { "type": "boolean", "description": "Indicates if packages whitelist is relevant.\n" }, "packagesWhiteLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyPackagesWhiteList:KubernetesAssurancePolicyPackagesWhiteList" }, "description": "List of whitelisted images.\n" }, "partialResultsImageFail": { "type": "boolean" }, "permission": { "type": "string" }, "policySettings": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyPolicySettings:KubernetesAssurancePolicyPolicySettings" }, "readOnly": { "type": "boolean" }, "registries": { "type": "array", "items": { "type": "string" }, "description": "List of registries.\n" }, "registry": { "type": "string" }, "requiredLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyRequiredLabel:KubernetesAssurancePolicyRequiredLabel" } }, "requiredLabelsEnabled": { "type": "boolean" }, "scanMalwareInArchives": { "type": "boolean" }, "scanNfsMounts": { "type": "boolean" }, "scanProcessMemory": { "type": "boolean" }, "scanSensitiveData": { "type": "boolean", "description": "Indicates if scan should include sensitive data in the image.\n" }, "scanWindowsRegistry": { "type": "boolean" }, "scapEnabled": { "type": "boolean", "description": "Indicates if scanning should include scap.\n" }, "scapFiles": { "type": "array", "items": { "type": "string" }, "description": "List of SCAP user scripts for checks.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyScope:KubernetesAssurancePolicyScope" } }, "trustedBaseImages": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyTrustedBaseImage:KubernetesAssurancePolicyTrustedBaseImage" }, "description": "List of trusted images.\n" }, "trustedBaseImagesEnabled": { "type": "boolean", "description": "Indicates if list of trusted base images is relevant.\n" }, "vulnerabilityExploitability": { "type": "boolean" }, "vulnerabilityScoreRanges": { "type": "array", "items": { "type": "integer" } }, "whitelistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of whitelisted licenses.\n" }, "whitelistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" } }, "requiredInputs": [ "applicationScopes" ], "stateInputs": { "description": "Input properties used for looking up and filtering KubernetesAssurancePolicy resources.\n", "properties": { "aggregatedVulnerability": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Aggregated vulnerability information.\n" }, "allowedImages": { "type": "array", "items": { "type": "string" }, "description": "List of explicitly allowed images.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" } }, "assuranceType": { "type": "string", "description": "What type of assurance policy is described.\n" }, "auditOnFailure": { "type": "boolean", "description": "Indicates if auditing for failures.\n" }, "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "autoScanConfigured": { "type": "boolean" }, "autoScanEnabled": { "type": "boolean" }, "autoScanTimes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyAutoScanTime:KubernetesAssurancePolicyAutoScanTime" } }, "blacklistPermissions": { "type": "array", "items": { "type": "string" }, "description": "List of function's forbidden permissions.\n" }, "blacklistPermissionsEnabled": { "type": "boolean", "description": "Indicates if blacklist permissions is relevant.\n" }, "blacklistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of blacklisted licenses.\n" }, "blacklistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" }, "blockFailed": { "type": "boolean", "description": "Indicates if failed images are blocked.\n" }, "controlExcludeNoFix": { "type": "boolean" }, "customChecks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyCustomCheck:KubernetesAssurancePolicyCustomCheck" }, "description": "List of Custom user scripts for checks.\n" }, "customChecksEnabled": { "type": "boolean", "description": "Indicates if scanning should include custom checks.\n" }, "customSeverity": { "type": "string" }, "customSeverityEnabled": { "type": "boolean" }, "cvesBlackListEnabled": { "type": "boolean", "description": "Indicates if CVEs blacklist is relevant.\n" }, "cvesBlackLists": { "type": "array", "items": { "type": "string" }, "description": "List of CVEs blacklisted items.\n" }, "cvesWhiteListEnabled": { "type": "boolean", "description": "Indicates if CVEs whitelist is relevant.\n" }, "cvesWhiteLists": { "type": "array", "items": { "type": "string" }, "description": "List of cves whitelisted licenses\n" }, "cvssSeverity": { "type": "string", "description": "Identifier of the cvss severity.\n" }, "cvssSeverityEnabled": { "type": "boolean", "description": "Indicates if the cvss severity is scanned.\n" }, "cvssSeverityExcludeNoFix": { "type": "boolean", "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" }, "description": { "type": "string" }, "disallowExploitTypes": { "type": "array", "items": { "type": "string" } }, "disallowMalware": { "type": "boolean", "description": "Indicates if malware should block the image.\n" }, "dockerCisEnabled": { "type": "boolean", "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, "domain": { "type": "string", "description": "Name of the container image.\n" }, "domainName": { "type": "string" }, "dtaEnabled": { "type": "boolean" }, "dtaSeverity": { "type": "string" }, "enabled": { "type": "boolean" }, "enforce": { "type": "boolean" }, "enforceAfterDays": { "type": "integer" }, "enforceExcessivePermissions": { "type": "boolean" }, "exceptionalMonitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" } }, "failCicd": { "type": "boolean", "description": "Indicates if cicd failures will fail the image.\n" }, "forbiddenLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyForbiddenLabel:KubernetesAssurancePolicyForbiddenLabel" } }, "forbiddenLabelsEnabled": { "type": "boolean" }, "forceMicroenforcer": { "type": "boolean" }, "functionIntegrityEnabled": { "type": "boolean" }, "ignoreBaseImageVln": { "type": "boolean" }, "ignoreRecentlyPublishedVln": { "type": "boolean" }, "ignoreRecentlyPublishedVlnPeriod": { "type": "integer" }, "ignoreRiskResourcesEnabled": { "type": "boolean", "description": "Indicates if risk resources are ignored.\n" }, "ignoredRiskResources": { "type": "array", "items": { "type": "string" }, "description": "List of ignored risk resources.\n" }, "ignoredSensitiveResources": { "type": "array", "items": { "type": "string" } }, "images": { "type": "array", "items": { "type": "string" }, "description": "List of images.\n" }, "kubeCisEnabled": { "type": "boolean", "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, "kubernetesControls": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyKubernetesControl:KubernetesAssurancePolicyKubernetesControl" }, "description": "List of Kubernetes controls.\n" }, "kubernetesControlsAvdIds": { "type": "array", "items": { "type": "string" } }, "kubernetesControlsNames": { "type": "array", "items": { "type": "string" }, "description": "List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID <= 10000', 'Runs with UID <= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted'\n" }, "labels": { "type": "array", "items": { "type": "string" }, "description": "List of labels.\n" }, "lastupdate": { "type": "string" }, "linuxCisEnabled": { "type": "boolean" }, "malwareAction": { "type": "string" }, "maximumScore": { "type": "number", "description": "Value of allowed maximum score.\n" }, "maximumScoreEnabled": { "type": "boolean", "description": "Indicates if exceeding the maximum score is scanned.\n" }, "maximumScoreExcludeNoFix": { "type": "boolean", "description": "Indicates that policy should ignore cases that do not have a known fix.\n" }, "monitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "name": { "type": "string", "willReplaceOnChanges": true }, "onlyNoneRootUsers": { "type": "boolean", "description": "Indicates if raise a warning for images that should only be run as root.\n" }, "openshiftHardeningEnabled": { "type": "boolean" }, "packagesBlackListEnabled": { "type": "boolean", "description": "Indicates if packages blacklist is relevant.\n" }, "packagesBlackLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyPackagesBlackList:KubernetesAssurancePolicyPackagesBlackList" }, "description": "List of blacklisted images.\n" }, "packagesWhiteListEnabled": { "type": "boolean", "description": "Indicates if packages whitelist is relevant.\n" }, "packagesWhiteLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyPackagesWhiteList:KubernetesAssurancePolicyPackagesWhiteList" }, "description": "List of whitelisted images.\n" }, "partialResultsImageFail": { "type": "boolean" }, "permission": { "type": "string" }, "policySettings": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyPolicySettings:KubernetesAssurancePolicyPolicySettings" }, "readOnly": { "type": "boolean" }, "registries": { "type": "array", "items": { "type": "string" }, "description": "List of registries.\n" }, "registry": { "type": "string" }, "requiredLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyRequiredLabel:KubernetesAssurancePolicyRequiredLabel" } }, "requiredLabelsEnabled": { "type": "boolean" }, "scanMalwareInArchives": { "type": "boolean" }, "scanNfsMounts": { "type": "boolean" }, "scanProcessMemory": { "type": "boolean" }, "scanSensitiveData": { "type": "boolean", "description": "Indicates if scan should include sensitive data in the image.\n" }, "scanWindowsRegistry": { "type": "boolean" }, "scapEnabled": { "type": "boolean", "description": "Indicates if scanning should include scap.\n" }, "scapFiles": { "type": "array", "items": { "type": "string" }, "description": "List of SCAP user scripts for checks.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyScope:KubernetesAssurancePolicyScope" } }, "trustedBaseImages": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FKubernetesAssurancePolicyTrustedBaseImage:KubernetesAssurancePolicyTrustedBaseImage" }, "description": "List of trusted images.\n" }, "trustedBaseImagesEnabled": { "type": "boolean", "description": "Indicates if list of trusted base images is relevant.\n" }, "vulnerabilityExploitability": { "type": "boolean" }, "vulnerabilityScoreRanges": { "type": "array", "items": { "type": "integer" } }, "whitelistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of whitelisted licenses.\n" }, "whitelistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" } }, "type": "object" } }, "aquasec:index/notification:Notification": { "description": "Provides a Aquasec Notification resource. This can be used to create and manage Aquasec Notification resources.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst teams = new aquasec.Notification(\"teams\", {\n properties: {\n url: \"\",\n },\n type: \"teams\",\n});\nconst slack = new aquasec.Notification(\"slack\", {\n properties: {\n url: \"\",\n },\n type: \"slack\",\n});\nconst webhook = new aquasec.Notification(\"webhook\", {\n properties: {\n url: \"\",\n },\n type: \"webhook\",\n});\nconst servicenow = new aquasec.Notification(\"servicenow\", {\n properties: {\n board_name: \"\",\n instance_name: \"\",\n password: \"\",\n url: \"\",\n user: \"\",\n },\n type: \"serviceNow\",\n});\nconst jiraWithToken = new aquasec.Notification(\"jiraWithToken\", {\n properties: {\n definition_of_done: \"Done\",\n project_key: \"\",\n summary: \"SOME_TEXT\",\n token: \"\",\n url: \"\",\n },\n type: \"jira\",\n});\nconst jiraWithCreds = new aquasec.Notification(\"jiraWithCreds\", {\n properties: {\n password: \"\",\n project_key: \"\",\n summary: \"SOME_TEXT\",\n url: \"\",\n user: \"\",\n },\n type: \"jira\",\n});\nconst emailWithCreds = new aquasec.Notification(\"emailWithCreds\", {\n properties: {\n host: \"\",\n password: \"\",\n port: \"\",\n recipients: \"\",\n sender: \"\",\n user: \"\",\n },\n type: \"email\",\n});\nconst emailWithMx = new aquasec.Notification(\"emailWithMx\", {\n properties: {\n port: \"\",\n recipients: \"\",\n sender: \"\",\n use_mx: \"true\",\n },\n type: \"email\",\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nteams = aquasec.Notification(\"teams\",\n properties={\n \"url\": \"\",\n },\n type=\"teams\")\nslack = aquasec.Notification(\"slack\",\n properties={\n \"url\": \"\",\n },\n type=\"slack\")\nwebhook = aquasec.Notification(\"webhook\",\n properties={\n \"url\": \"\",\n },\n type=\"webhook\")\nservicenow = aquasec.Notification(\"servicenow\",\n properties={\n \"board_name\": \"\",\n \"instance_name\": \"\",\n \"password\": \"\",\n \"url\": \"\",\n \"user\": \"\",\n },\n type=\"serviceNow\")\njira_with_token = aquasec.Notification(\"jiraWithToken\",\n properties={\n \"definition_of_done\": \"Done\",\n \"project_key\": \"\",\n \"summary\": \"SOME_TEXT\",\n \"token\": \"\",\n \"url\": \"\",\n },\n type=\"jira\")\njira_with_creds = aquasec.Notification(\"jiraWithCreds\",\n properties={\n \"password\": \"\",\n \"project_key\": \"\",\n \"summary\": \"SOME_TEXT\",\n \"url\": \"\",\n \"user\": \"\",\n },\n type=\"jira\")\nemail_with_creds = aquasec.Notification(\"emailWithCreds\",\n properties={\n \"host\": \"\",\n \"password\": \"\",\n \"port\": \"\",\n \"recipients\": \"\",\n \"sender\": \"\",\n \"user\": \"\",\n },\n type=\"email\")\nemail_with_mx = aquasec.Notification(\"emailWithMx\",\n properties={\n \"port\": \"\",\n \"recipients\": \"\",\n \"sender\": \"\",\n \"use_mx\": \"true\",\n },\n type=\"email\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() => \n{\n var teams = new Aquasec.Notification(\"teams\", new()\n {\n Properties = \n {\n { \"url\", \"\" },\n },\n Type = \"teams\",\n });\n\n var slack = new Aquasec.Notification(\"slack\", new()\n {\n Properties = \n {\n { \"url\", \"\" },\n },\n Type = \"slack\",\n });\n\n var webhook = new Aquasec.Notification(\"webhook\", new()\n {\n Properties = \n {\n { \"url\", \"\" },\n },\n Type = \"webhook\",\n });\n\n var servicenow = new Aquasec.Notification(\"servicenow\", new()\n {\n Properties = \n {\n { \"board_name\", \"\" },\n { \"instance_name\", \"\" },\n { \"password\", \"\" },\n { \"url\", \"\" },\n { \"user\", \"\" },\n },\n Type = \"serviceNow\",\n });\n\n var jiraWithToken = new Aquasec.Notification(\"jiraWithToken\", new()\n {\n Properties = \n {\n { \"definition_of_done\", \"Done\" },\n { \"project_key\", \"\" },\n { \"summary\", \"SOME_TEXT\" },\n { \"token\", \"\" },\n { \"url\", \"\" },\n },\n Type = \"jira\",\n });\n\n var jiraWithCreds = new Aquasec.Notification(\"jiraWithCreds\", new()\n {\n Properties = \n {\n { \"password\", \"\" },\n { \"project_key\", \"\" },\n { \"summary\", \"SOME_TEXT\" },\n { \"url\", \"\" },\n { \"user\", \"\" },\n },\n Type = \"jira\",\n });\n\n var emailWithCreds = new Aquasec.Notification(\"emailWithCreds\", new()\n {\n Properties = \n {\n { \"host\", \"\" },\n { \"password\", \"\" },\n { \"port\", \"\" },\n { \"recipients\", \"\" },\n { \"sender\", \"\" },\n { \"user\", \"\" },\n },\n Type = \"email\",\n });\n\n var emailWithMx = new Aquasec.Notification(\"emailWithMx\", new()\n {\n Properties = \n {\n { \"port\", \"\" },\n { \"recipients\", \"\" },\n { \"sender\", \"\" },\n { \"use_mx\", \"true\" },\n },\n Type = \"email\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewNotification(ctx, \"teams\", &aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"url\": pulumi.String(\"\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"teams\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewNotification(ctx, \"slack\", &aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"url\": pulumi.String(\"\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"slack\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewNotification(ctx, \"webhook\", &aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"url\": pulumi.String(\"\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"webhook\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewNotification(ctx, \"servicenow\", &aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"board_name\": pulumi.String(\"\"),\n\t\t\t\t\"instance_name\": pulumi.String(\"\"),\n\t\t\t\t\"password\": pulumi.String(\"\"),\n\t\t\t\t\"url\": pulumi.String(\"\"),\n\t\t\t\t\"user\": pulumi.String(\"\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"serviceNow\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewNotification(ctx, \"jiraWithToken\", &aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"definition_of_done\": pulumi.String(\"Done\"),\n\t\t\t\t\"project_key\": pulumi.String(\"\"),\n\t\t\t\t\"summary\": pulumi.String(\"SOME_TEXT\"),\n\t\t\t\t\"token\": pulumi.String(\"\"),\n\t\t\t\t\"url\": pulumi.String(\"\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"jira\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewNotification(ctx, \"jiraWithCreds\", &aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"password\": pulumi.String(\"\"),\n\t\t\t\t\"project_key\": pulumi.String(\"\"),\n\t\t\t\t\"summary\": pulumi.String(\"SOME_TEXT\"),\n\t\t\t\t\"url\": pulumi.String(\"\"),\n\t\t\t\t\"user\": pulumi.String(\"\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"jira\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewNotification(ctx, \"emailWithCreds\", &aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"host\": pulumi.String(\"\"),\n\t\t\t\t\"password\": pulumi.String(\"\"),\n\t\t\t\t\"port\": pulumi.String(\"\"),\n\t\t\t\t\"recipients\": pulumi.String(\"\"),\n\t\t\t\t\"sender\": pulumi.String(\"\"),\n\t\t\t\t\"user\": pulumi.String(\"\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"email\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewNotification(ctx, \"emailWithMx\", &aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"port\": pulumi.String(\"\"),\n\t\t\t\t\"recipients\": pulumi.String(\"\"),\n\t\t\t\t\"sender\": pulumi.String(\"\"),\n\t\t\t\t\"use_mx\": pulumi.String(\"true\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"email\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.Notification;\nimport com.pulumi.aquasec.NotificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var teams = new Notification(\"teams\", NotificationArgs.builder()\n .properties(Map.of(\"url\", \"\"))\n .type(\"teams\")\n .build());\n\n var slack = new Notification(\"slack\", NotificationArgs.builder()\n .properties(Map.of(\"url\", \"\"))\n .type(\"slack\")\n .build());\n\n var webhook = new Notification(\"webhook\", NotificationArgs.builder()\n .properties(Map.of(\"url\", \"\"))\n .type(\"webhook\")\n .build());\n\n var servicenow = new Notification(\"servicenow\", NotificationArgs.builder()\n .properties(Map.ofEntries(\n Map.entry(\"board_name\", \"\"),\n Map.entry(\"instance_name\", \"\"),\n Map.entry(\"password\", \"\"),\n Map.entry(\"url\", \"\"),\n Map.entry(\"user\", \"\")\n ))\n .type(\"serviceNow\")\n .build());\n\n var jiraWithToken = new Notification(\"jiraWithToken\", NotificationArgs.builder()\n .properties(Map.ofEntries(\n Map.entry(\"definition_of_done\", \"Done\"),\n Map.entry(\"project_key\", \"\"),\n Map.entry(\"summary\", \"SOME_TEXT\"),\n Map.entry(\"token\", \"\"),\n Map.entry(\"url\", \"\")\n ))\n .type(\"jira\")\n .build());\n\n var jiraWithCreds = new Notification(\"jiraWithCreds\", NotificationArgs.builder()\n .properties(Map.ofEntries(\n Map.entry(\"password\", \"\"),\n Map.entry(\"project_key\", \"\"),\n Map.entry(\"summary\", \"SOME_TEXT\"),\n Map.entry(\"url\", \"\"),\n Map.entry(\"user\", \"\")\n ))\n .type(\"jira\")\n .build());\n\n var emailWithCreds = new Notification(\"emailWithCreds\", NotificationArgs.builder()\n .properties(Map.ofEntries(\n Map.entry(\"host\", \"\"),\n Map.entry(\"password\", \"\"),\n Map.entry(\"port\", \"\"),\n Map.entry(\"recipients\", \"\"),\n Map.entry(\"sender\", \"\"),\n Map.entry(\"user\", \"\")\n ))\n .type(\"email\")\n .build());\n\n var emailWithMx = new Notification(\"emailWithMx\", NotificationArgs.builder()\n .properties(Map.ofEntries(\n Map.entry(\"port\", \"\"),\n Map.entry(\"recipients\", \"\"),\n Map.entry(\"sender\", \"\"),\n Map.entry(\"use_mx\", true)\n ))\n .type(\"email\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n teams:\n type: aquasec:Notification\n properties:\n properties:\n url: \n type: teams\n slack:\n type: aquasec:Notification\n properties:\n properties:\n url: \n type: slack\n webhook:\n type: aquasec:Notification\n properties:\n properties:\n url: \n type: webhook\n servicenow:\n type: aquasec:Notification\n properties:\n properties:\n board_name:\n instance_name:\n password: \n url: \n user: \n type: serviceNow\n jiraWithToken:\n type: aquasec:Notification\n properties:\n properties:\n definition_of_done: Done\n project_key: \n summary: SOME_TEXT\n token: \n url: \n type: jira\n jiraWithCreds:\n type: aquasec:Notification\n properties:\n properties:\n password: \n project_key: \n summary: SOME_TEXT\n url: \n user: \n type: jira\n emailWithCreds:\n type: aquasec:Notification\n properties:\n properties:\n host: \n password: \n port: \n recipients: \n sender: \n user: \n type: email\n emailWithMx:\n type: aquasec:Notification\n properties:\n properties:\n port: \n recipients: \n sender: \n use_mx: true\n type: email\n```\n\n", "properties": { "author": { "type": "string", "description": "The user that created the notification\n" }, "lastUpdated": { "type": "string", "description": "Notification last update time\n" }, "name": { "type": "string", "description": "Notification name\n" }, "properties": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Notification properties, please check the examples for setting it\n" }, "template": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Notification Template\n" }, "type": { "type": "string", "description": "Notifications types, allowed values: slack\\ jira\\ email\\ teams\\ webhook\\ splunk\\ serviceNow\n" } }, "type": "object", "required": [ "author", "lastUpdated", "name", "properties", "template", "type" ], "inputProperties": { "name": { "type": "string", "description": "Notification name\n" }, "properties": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Notification properties, please check the examples for setting it\n" }, "type": { "type": "string", "description": "Notifications types, allowed values: slack\\ jira\\ email\\ teams\\ webhook\\ splunk\\ serviceNow\n" } }, "requiredInputs": [ "properties", "type" ], "stateInputs": { "description": "Input properties used for looking up and filtering Notification resources.\n", "properties": { "author": { "type": "string", "description": "The user that created the notification\n" }, "lastUpdated": { "type": "string", "description": "Notification last update time\n" }, "name": { "type": "string", "description": "Notification name\n" }, "properties": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Notification properties, please check the examples for setting it\n" }, "template": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Notification Template\n" }, "type": { "type": "string", "description": "Notifications types, allowed values: slack\\ jira\\ email\\ teams\\ webhook\\ splunk\\ serviceNow\n" } }, "type": "object" } }, "aquasec:index/notificationSlack:NotificationSlack": { "description": "Provides an Aquasec Notification Slack resource\n\n> **Note about resource deprecation**\nResource aquasec.NotificationSlack is deprecated, please use aquasec.Notification instead\n", "properties": { "channel": { "type": "string" }, "enabled": { "type": "boolean" }, "icon": { "type": "string" }, "mainText": { "type": "string" }, "name": { "type": "string" }, "serviceKey": { "type": "string" }, "type": { "type": "string" }, "userName": { "type": "string" }, "webhookUrl": { "type": "string" } }, "type": "object", "required": [ "channel", "enabled", "name", "type", "userName", "webhookUrl" ], "inputProperties": { "channel": { "type": "string" }, "enabled": { "type": "boolean" }, "icon": { "type": "string" }, "mainText": { "type": "string" }, "name": { "type": "string" }, "serviceKey": { "type": "string" }, "type": { "type": "string" }, "userName": { "type": "string" }, "webhookUrl": { "type": "string" } }, "requiredInputs": [ "channel", "enabled", "type", "userName", "webhookUrl" ], "stateInputs": { "description": "Input properties used for looking up and filtering NotificationSlack resources.\n", "properties": { "channel": { "type": "string" }, "enabled": { "type": "boolean" }, "icon": { "type": "string" }, "mainText": { "type": "string" }, "name": { "type": "string" }, "serviceKey": { "type": "string" }, "type": { "type": "string" }, "userName": { "type": "string" }, "webhookUrl": { "type": "string" } }, "type": "object" } }, "aquasec:index/permissionsSets:PermissionsSets": { "description": "The `aquasec.PermissionsSets` resource manages your Permission Set within Aqua.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst myTerraformPermSet = new aquasec.PermissionsSets(\"myTerraformPermSet\", {\n actions: [\n \"acl_policies.read\",\n \"acl_policies.write\",\n \"image_profiles.read\",\n \"image_profiles.write\",\n \"network_policies.read\",\n \"network_policies.write\",\n \"runtime_policies.read\",\n \"runtime_policies.write\",\n \"response_policies.read\",\n \"response_policies.write\",\n \"image_assurance.read\",\n \"image_assurance.write\",\n \"dashboard.read\",\n \"dashboard.write\",\n \"risk_explorer.read\",\n \"images.read\",\n \"images.write\",\n \"risks.host_images.read\",\n \"risks.host_images.write\",\n \"functions.read\",\n \"functions.write\",\n \"enforcers.read\",\n \"enforcers.write\",\n \"containers.read\",\n \"services.read\",\n \"services.write\",\n \"infrastructure.read\",\n \"infrastructure.write\",\n \"risks.vulnerabilities.read\",\n \"risks.vulnerabilities.write\",\n \"risks.benchmark.read\",\n \"risks.benchmark.write\",\n \"audits.read\",\n \"secrets.read\",\n \"secrets.write\",\n \"settings.read\",\n \"settings.write\",\n \"integrations.read\",\n \"integrations.write\",\n \"registries_integrations.read\",\n \"registries_integrations.write\",\n \"scan.read\",\n \"gateways.read\",\n \"gateways.write\",\n \"consoles.read\",\n \"web_hook.read\",\n \"incidents.read\",\n ],\n description: \"Test Permissions Sets created by Terraform\",\n isSuper: false,\n uiAccess: true,\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nmy_terraform_perm_set = aquasec.PermissionsSets(\"myTerraformPermSet\",\n actions=[\n \"acl_policies.read\",\n \"acl_policies.write\",\n \"image_profiles.read\",\n \"image_profiles.write\",\n \"network_policies.read\",\n \"network_policies.write\",\n \"runtime_policies.read\",\n \"runtime_policies.write\",\n \"response_policies.read\",\n \"response_policies.write\",\n \"image_assurance.read\",\n \"image_assurance.write\",\n \"dashboard.read\",\n \"dashboard.write\",\n \"risk_explorer.read\",\n \"images.read\",\n \"images.write\",\n \"risks.host_images.read\",\n \"risks.host_images.write\",\n \"functions.read\",\n \"functions.write\",\n \"enforcers.read\",\n \"enforcers.write\",\n \"containers.read\",\n \"services.read\",\n \"services.write\",\n \"infrastructure.read\",\n \"infrastructure.write\",\n \"risks.vulnerabilities.read\",\n \"risks.vulnerabilities.write\",\n \"risks.benchmark.read\",\n \"risks.benchmark.write\",\n \"audits.read\",\n \"secrets.read\",\n \"secrets.write\",\n \"settings.read\",\n \"settings.write\",\n \"integrations.read\",\n \"integrations.write\",\n \"registries_integrations.read\",\n \"registries_integrations.write\",\n \"scan.read\",\n \"gateways.read\",\n \"gateways.write\",\n \"consoles.read\",\n \"web_hook.read\",\n \"incidents.read\",\n ],\n description=\"Test Permissions Sets created by Terraform\",\n is_super=False,\n ui_access=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() => \n{\n var myTerraformPermSet = new Aquasec.PermissionsSets(\"myTerraformPermSet\", new()\n {\n Actions = new[]\n {\n \"acl_policies.read\",\n \"acl_policies.write\",\n \"image_profiles.read\",\n \"image_profiles.write\",\n \"network_policies.read\",\n \"network_policies.write\",\n \"runtime_policies.read\",\n \"runtime_policies.write\",\n \"response_policies.read\",\n \"response_policies.write\",\n \"image_assurance.read\",\n \"image_assurance.write\",\n \"dashboard.read\",\n \"dashboard.write\",\n \"risk_explorer.read\",\n \"images.read\",\n \"images.write\",\n \"risks.host_images.read\",\n \"risks.host_images.write\",\n \"functions.read\",\n \"functions.write\",\n \"enforcers.read\",\n \"enforcers.write\",\n \"containers.read\",\n \"services.read\",\n \"services.write\",\n \"infrastructure.read\",\n \"infrastructure.write\",\n \"risks.vulnerabilities.read\",\n \"risks.vulnerabilities.write\",\n \"risks.benchmark.read\",\n \"risks.benchmark.write\",\n \"audits.read\",\n \"secrets.read\",\n \"secrets.write\",\n \"settings.read\",\n \"settings.write\",\n \"integrations.read\",\n \"integrations.write\",\n \"registries_integrations.read\",\n \"registries_integrations.write\",\n \"scan.read\",\n \"gateways.read\",\n \"gateways.write\",\n \"consoles.read\",\n \"web_hook.read\",\n \"incidents.read\",\n },\n Description = \"Test Permissions Sets created by Terraform\",\n IsSuper = false,\n UiAccess = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewPermissionsSets(ctx, \"myTerraformPermSet\", &aquasec.PermissionsSetsArgs{\n\t\t\tActions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"acl_policies.read\"),\n\t\t\t\tpulumi.String(\"acl_policies.write\"),\n\t\t\t\tpulumi.String(\"image_profiles.read\"),\n\t\t\t\tpulumi.String(\"image_profiles.write\"),\n\t\t\t\tpulumi.String(\"network_policies.read\"),\n\t\t\t\tpulumi.String(\"network_policies.write\"),\n\t\t\t\tpulumi.String(\"runtime_policies.read\"),\n\t\t\t\tpulumi.String(\"runtime_policies.write\"),\n\t\t\t\tpulumi.String(\"response_policies.read\"),\n\t\t\t\tpulumi.String(\"response_policies.write\"),\n\t\t\t\tpulumi.String(\"image_assurance.read\"),\n\t\t\t\tpulumi.String(\"image_assurance.write\"),\n\t\t\t\tpulumi.String(\"dashboard.read\"),\n\t\t\t\tpulumi.String(\"dashboard.write\"),\n\t\t\t\tpulumi.String(\"risk_explorer.read\"),\n\t\t\t\tpulumi.String(\"images.read\"),\n\t\t\t\tpulumi.String(\"images.write\"),\n\t\t\t\tpulumi.String(\"risks.host_images.read\"),\n\t\t\t\tpulumi.String(\"risks.host_images.write\"),\n\t\t\t\tpulumi.String(\"functions.read\"),\n\t\t\t\tpulumi.String(\"functions.write\"),\n\t\t\t\tpulumi.String(\"enforcers.read\"),\n\t\t\t\tpulumi.String(\"enforcers.write\"),\n\t\t\t\tpulumi.String(\"containers.read\"),\n\t\t\t\tpulumi.String(\"services.read\"),\n\t\t\t\tpulumi.String(\"services.write\"),\n\t\t\t\tpulumi.String(\"infrastructure.read\"),\n\t\t\t\tpulumi.String(\"infrastructure.write\"),\n\t\t\t\tpulumi.String(\"risks.vulnerabilities.read\"),\n\t\t\t\tpulumi.String(\"risks.vulnerabilities.write\"),\n\t\t\t\tpulumi.String(\"risks.benchmark.read\"),\n\t\t\t\tpulumi.String(\"risks.benchmark.write\"),\n\t\t\t\tpulumi.String(\"audits.read\"),\n\t\t\t\tpulumi.String(\"secrets.read\"),\n\t\t\t\tpulumi.String(\"secrets.write\"),\n\t\t\t\tpulumi.String(\"settings.read\"),\n\t\t\t\tpulumi.String(\"settings.write\"),\n\t\t\t\tpulumi.String(\"integrations.read\"),\n\t\t\t\tpulumi.String(\"integrations.write\"),\n\t\t\t\tpulumi.String(\"registries_integrations.read\"),\n\t\t\t\tpulumi.String(\"registries_integrations.write\"),\n\t\t\t\tpulumi.String(\"scan.read\"),\n\t\t\t\tpulumi.String(\"gateways.read\"),\n\t\t\t\tpulumi.String(\"gateways.write\"),\n\t\t\t\tpulumi.String(\"consoles.read\"),\n\t\t\t\tpulumi.String(\"web_hook.read\"),\n\t\t\t\tpulumi.String(\"incidents.read\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"Test Permissions Sets created by Terraform\"),\n\t\t\tIsSuper: pulumi.Bool(false),\n\t\t\tUiAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.PermissionsSets;\nimport com.pulumi.aquasec.PermissionsSetsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myTerraformPermSet = new PermissionsSets(\"myTerraformPermSet\", PermissionsSetsArgs.builder()\n .actions( \n \"acl_policies.read\",\n \"acl_policies.write\",\n \"image_profiles.read\",\n \"image_profiles.write\",\n \"network_policies.read\",\n \"network_policies.write\",\n \"runtime_policies.read\",\n \"runtime_policies.write\",\n \"response_policies.read\",\n \"response_policies.write\",\n \"image_assurance.read\",\n \"image_assurance.write\",\n \"dashboard.read\",\n \"dashboard.write\",\n \"risk_explorer.read\",\n \"images.read\",\n \"images.write\",\n \"risks.host_images.read\",\n \"risks.host_images.write\",\n \"functions.read\",\n \"functions.write\",\n \"enforcers.read\",\n \"enforcers.write\",\n \"containers.read\",\n \"services.read\",\n \"services.write\",\n \"infrastructure.read\",\n \"infrastructure.write\",\n \"risks.vulnerabilities.read\",\n \"risks.vulnerabilities.write\",\n \"risks.benchmark.read\",\n \"risks.benchmark.write\",\n \"audits.read\",\n \"secrets.read\",\n \"secrets.write\",\n \"settings.read\",\n \"settings.write\",\n \"integrations.read\",\n \"integrations.write\",\n \"registries_integrations.read\",\n \"registries_integrations.write\",\n \"scan.read\",\n \"gateways.read\",\n \"gateways.write\",\n \"consoles.read\",\n \"web_hook.read\",\n \"incidents.read\")\n .description(\"Test Permissions Sets created by Terraform\")\n .isSuper(false)\n .uiAccess(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myTerraformPermSet:\n type: aquasec:PermissionsSets\n properties:\n actions:\n - acl_policies.read\n - acl_policies.write\n - image_profiles.read\n - image_profiles.write\n - network_policies.read\n - network_policies.write\n - runtime_policies.read\n - runtime_policies.write\n - response_policies.read\n - response_policies.write\n - image_assurance.read\n - image_assurance.write\n - dashboard.read\n - dashboard.write\n - risk_explorer.read\n - images.read\n - images.write\n - risks.host_images.read\n - risks.host_images.write\n - functions.read\n - functions.write\n - enforcers.read\n - enforcers.write\n - containers.read\n - services.read\n - services.write\n - infrastructure.read\n - infrastructure.write\n - risks.vulnerabilities.read\n - risks.vulnerabilities.write\n - risks.benchmark.read\n - risks.benchmark.write\n - audits.read\n - secrets.read\n - secrets.write\n - settings.read\n - settings.write\n - integrations.read\n - integrations.write\n - registries_integrations.read\n - registries_integrations.write\n - scan.read\n - gateways.read\n - gateways.write\n - consoles.read\n - web_hook.read\n - incidents.read\n description: Test Permissions Sets created by Terraform\n isSuper: false\n uiAccess: true\n```\n\n", "properties": { "actions": { "type": "array", "items": { "type": "string" }, "description": "List of allowed actions for the Permission Set (not relevant if 'is_super' is true).\n" }, "author": { "type": "string", "description": "The name of the user who created the Permission Set.\n" }, "description": { "type": "string", "description": "Free text description for the Permission Set.\n" }, "isSuper": { "type": "boolean", "description": "Give the Permission Set full access, meaning all actions are allowed without restriction.\n" }, "name": { "type": "string", "description": "The name of the Permission Set, comprised of alphanumeric characters and '-', '_', ' ', ':', '.', '@', '!', '^'.\n" }, "uiAccess": { "type": "boolean", "description": "Whether to allow UI access for users with this Permission Set.\n" }, "updatedAt": { "type": "string", "description": "The date of the last modification of the Role.\n" } }, "type": "object", "required": [ "actions", "author", "name", "uiAccess", "updatedAt" ], "inputProperties": { "actions": { "type": "array", "items": { "type": "string" }, "description": "List of allowed actions for the Permission Set (not relevant if 'is_super' is true).\n" }, "description": { "type": "string", "description": "Free text description for the Permission Set.\n" }, "isSuper": { "type": "boolean", "description": "Give the Permission Set full access, meaning all actions are allowed without restriction.\n" }, "name": { "type": "string", "description": "The name of the Permission Set, comprised of alphanumeric characters and '-', '_', ' ', ':', '.', '@', '!', '^'.\n", "willReplaceOnChanges": true }, "uiAccess": { "type": "boolean", "description": "Whether to allow UI access for users with this Permission Set.\n" } }, "requiredInputs": [ "actions", "uiAccess" ], "stateInputs": { "description": "Input properties used for looking up and filtering PermissionsSets resources.\n", "properties": { "actions": { "type": "array", "items": { "type": "string" }, "description": "List of allowed actions for the Permission Set (not relevant if 'is_super' is true).\n" }, "author": { "type": "string", "description": "The name of the user who created the Permission Set.\n" }, "description": { "type": "string", "description": "Free text description for the Permission Set.\n" }, "isSuper": { "type": "boolean", "description": "Give the Permission Set full access, meaning all actions are allowed without restriction.\n" }, "name": { "type": "string", "description": "The name of the Permission Set, comprised of alphanumeric characters and '-', '_', ' ', ':', '.', '@', '!', '^'.\n", "willReplaceOnChanges": true }, "uiAccess": { "type": "boolean", "description": "Whether to allow UI access for users with this Permission Set.\n" }, "updatedAt": { "type": "string", "description": "The date of the last modification of the Role.\n" } }, "type": "object" } }, "aquasec:index/role:Role": { "description": "The `aquasec.Role` resource manages your roles within Aqua.\n\nThe roles created must have permission set and at least one Role Application Scope that is already present within Aqua.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst iaC = new aquasec.Role(\"iaC\", {\n description: \"RoleIaC\",\n permission: \"PermissionIaC\",\n roleName: \"RoleIaC\",\n scopes: [\"Global\"],\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nia_c = aquasec.Role(\"iaC\",\n description=\"RoleIaC\",\n permission=\"PermissionIaC\",\n role_name=\"RoleIaC\",\n scopes=[\"Global\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() => \n{\n var iaC = new Aquasec.Role(\"iaC\", new()\n {\n Description = \"RoleIaC\",\n Permission = \"PermissionIaC\",\n RoleName = \"RoleIaC\",\n Scopes = new[]\n {\n \"Global\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewRole(ctx, \"iaC\", &aquasec.RoleArgs{\n\t\t\tDescription: pulumi.String(\"RoleIaC\"),\n\t\t\tPermission: pulumi.String(\"PermissionIaC\"),\n\t\t\tRoleName: pulumi.String(\"RoleIaC\"),\n\t\t\tScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Global\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.Role;\nimport com.pulumi.aquasec.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var iaC = new Role(\"iaC\", RoleArgs.builder()\n .description(\"RoleIaC\")\n .permission(\"PermissionIaC\")\n .roleName(\"RoleIaC\")\n .scopes(\"Global\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iaC:\n type: aquasec:Role\n properties:\n description: RoleIaC\n permission: PermissionIaC\n roleName: RoleIaC\n scopes:\n - Global\n```\n\n", "properties": { "author": { "type": "string", "description": "The name of the user who created the role. Only returned from the API for existing permissions, not part of the permission creation/modification structure.\n" }, "description": { "type": "string", "description": "Free text description for the role.\n" }, "permission": { "type": "string", "description": "The name of the Permission Set that will affect the users assigned to this specific Role.\n" }, "roleName": { "type": "string", "description": "The name of the role, comprised of alphanumeric characters and '-', '_', ' ', ':', '.', '@', '!', '^'.\n" }, "scopes": { "type": "array", "items": { "type": "string" }, "description": "List of Application Scopes that will affect the users assigned to this specific Role.\n" }, "updatedAt": { "type": "string", "description": "The date of the last modification of the role.\n" } }, "type": "object", "required": [ "author", "permission", "roleName", "scopes", "updatedAt" ], "inputProperties": { "description": { "type": "string", "description": "Free text description for the role.\n" }, "permission": { "type": "string", "description": "The name of the Permission Set that will affect the users assigned to this specific Role.\n" }, "roleName": { "type": "string", "description": "The name of the role, comprised of alphanumeric characters and '-', '_', ' ', ':', '.', '@', '!', '^'.\n", "willReplaceOnChanges": true }, "scopes": { "type": "array", "items": { "type": "string" }, "description": "List of Application Scopes that will affect the users assigned to this specific Role.\n" } }, "requiredInputs": [ "permission", "roleName", "scopes" ], "stateInputs": { "description": "Input properties used for looking up and filtering Role resources.\n", "properties": { "author": { "type": "string", "description": "The name of the user who created the role. Only returned from the API for existing permissions, not part of the permission creation/modification structure.\n" }, "description": { "type": "string", "description": "Free text description for the role.\n" }, "permission": { "type": "string", "description": "The name of the Permission Set that will affect the users assigned to this specific Role.\n" }, "roleName": { "type": "string", "description": "The name of the role, comprised of alphanumeric characters and '-', '_', ' ', ':', '.', '@', '!', '^'.\n", "willReplaceOnChanges": true }, "scopes": { "type": "array", "items": { "type": "string" }, "description": "List of Application Scopes that will affect the users assigned to this specific Role.\n" }, "updatedAt": { "type": "string", "description": "The date of the last modification of the role.\n" } }, "type": "object" } }, "aquasec:index/roleMapping:RoleMapping": { "description": "## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst roleMappingRoleMapping = new aquasec.RoleMapping(\"roleMappingRoleMapping\", {saml: {\n roleMapping: {\n Administrator: \"group1\",\n Scanner: \"group2|group3\",\n },\n}});\nexport const roleMapping = roleMappingRoleMapping;\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nrole_mapping_role_mapping = aquasec.RoleMapping(\"roleMappingRoleMapping\", saml=aquasec.RoleMappingSamlArgs(\n role_mapping={\n \"Administrator\": \"group1\",\n \"Scanner\": \"group2|group3\",\n },\n))\npulumi.export(\"roleMapping\", role_mapping_role_mapping)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() => \n{\n var roleMappingRoleMapping = new Aquasec.RoleMapping(\"roleMappingRoleMapping\", new()\n {\n Saml = new Aquasec.Inputs.RoleMappingSamlArgs\n {\n RoleMapping = \n {\n { \"Administrator\", \"group1\" },\n { \"Scanner\", \"group2|group3\" },\n },\n },\n });\n\n return new Dictionary\n {\n [\"roleMapping\"] = roleMappingRoleMapping,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\troleMappingRoleMapping, err := aquasec.NewRoleMapping(ctx, \"roleMappingRoleMapping\", &aquasec.RoleMappingArgs{\n\t\t\tSaml: &aquasec.RoleMappingSamlArgs{\n\t\t\t\tRoleMapping: pulumi.StringMap{\n\t\t\t\t\t\"Administrator\": pulumi.String(\"group1\"),\n\t\t\t\t\t\"Scanner\": pulumi.String(\"group2|group3\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"roleMapping\", roleMappingRoleMapping)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.RoleMapping;\nimport com.pulumi.aquasec.RoleMappingArgs;\nimport com.pulumi.aquasec.inputs.RoleMappingSamlArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var roleMappingRoleMapping = new RoleMapping(\"roleMappingRoleMapping\", RoleMappingArgs.builder()\n .saml(RoleMappingSamlArgs.builder()\n .roleMapping(Map.ofEntries(\n Map.entry(\"Administrator\", \"group1\"),\n Map.entry(\"Scanner\", \"group2|group3\")\n ))\n .build())\n .build());\n\n ctx.export(\"roleMapping\", roleMappingRoleMapping);\n }\n}\n```\n```yaml\nresources:\n roleMappingRoleMapping:\n type: aquasec:RoleMapping\n properties:\n saml:\n roleMapping:\n Administrator: group1\n Scanner: group2|group3\noutputs:\n roleMapping: ${roleMappingRoleMapping}\n```\n\n", "properties": { "ldap": { "$ref": "#/types/aquasec:index%2FRoleMappingLdap:RoleMappingLdap", "description": "LDAP Authentication\n" }, "oauth2": { "$ref": "#/types/aquasec:index%2FRoleMappingOauth2:RoleMappingOauth2", "description": "Oauth2 Authentication\n" }, "openid": { "$ref": "#/types/aquasec:index%2FRoleMappingOpenid:RoleMappingOpenid", "description": "OpenId Authentication\n" }, "saml": { "$ref": "#/types/aquasec:index%2FRoleMappingSaml:RoleMappingSaml", "description": "SAML Authentication\n" } }, "type": "object", "inputProperties": { "ldap": { "$ref": "#/types/aquasec:index%2FRoleMappingLdap:RoleMappingLdap", "description": "LDAP Authentication\n" }, "oauth2": { "$ref": "#/types/aquasec:index%2FRoleMappingOauth2:RoleMappingOauth2", "description": "Oauth2 Authentication\n" }, "openid": { "$ref": "#/types/aquasec:index%2FRoleMappingOpenid:RoleMappingOpenid", "description": "OpenId Authentication\n" }, "saml": { "$ref": "#/types/aquasec:index%2FRoleMappingSaml:RoleMappingSaml", "description": "SAML Authentication\n" } }, "stateInputs": { "description": "Input properties used for looking up and filtering RoleMapping resources.\n", "properties": { "ldap": { "$ref": "#/types/aquasec:index%2FRoleMappingLdap:RoleMappingLdap", "description": "LDAP Authentication\n" }, "oauth2": { "$ref": "#/types/aquasec:index%2FRoleMappingOauth2:RoleMappingOauth2", "description": "Oauth2 Authentication\n" }, "openid": { "$ref": "#/types/aquasec:index%2FRoleMappingOpenid:RoleMappingOpenid", "description": "OpenId Authentication\n" }, "saml": { "$ref": "#/types/aquasec:index%2FRoleMappingSaml:RoleMappingSaml", "description": "SAML Authentication\n" } }, "type": "object" } }, "aquasec:index/roleMappingSaas:RoleMappingSaas": { "description": "## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst rolesMappingSaasRoleMappingSaas = new aquasec.RoleMappingSaas(\"rolesMappingSaasRoleMappingSaas\", {\n samlGroups: [\n \"group1\",\n \"group2\",\n ],\n cspRole: \"Administrator\",\n});\nexport const rolesMappingSaas = rolesMappingSaasRoleMappingSaas;\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nroles_mapping_saas_role_mapping_saas = aquasec.RoleMappingSaas(\"rolesMappingSaasRoleMappingSaas\",\n saml_groups=[\n \"group1\",\n \"group2\",\n ],\n csp_role=\"Administrator\")\npulumi.export(\"rolesMappingSaas\", roles_mapping_saas_role_mapping_saas)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() => \n{\n var rolesMappingSaasRoleMappingSaas = new Aquasec.RoleMappingSaas(\"rolesMappingSaasRoleMappingSaas\", new()\n {\n SamlGroups = new[]\n {\n \"group1\",\n \"group2\",\n },\n CspRole = \"Administrator\",\n });\n\n return new Dictionary\n {\n [\"rolesMappingSaas\"] = rolesMappingSaasRoleMappingSaas,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trolesMappingSaasRoleMappingSaas, err := aquasec.NewRoleMappingSaas(ctx, \"rolesMappingSaasRoleMappingSaas\", &aquasec.RoleMappingSaasArgs{\n\t\t\tSamlGroups: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"group1\"),\n\t\t\t\tpulumi.String(\"group2\"),\n\t\t\t},\n\t\t\tCspRole: pulumi.String(\"Administrator\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"rolesMappingSaas\", rolesMappingSaasRoleMappingSaas)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.RoleMappingSaas;\nimport com.pulumi.aquasec.RoleMappingSaasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var rolesMappingSaasRoleMappingSaas = new RoleMappingSaas(\"rolesMappingSaasRoleMappingSaas\", RoleMappingSaasArgs.builder()\n .samlGroups( \n \"group1\",\n \"group2\")\n .cspRole(\"Administrator\")\n .build());\n\n ctx.export(\"rolesMappingSaas\", rolesMappingSaasRoleMappingSaas);\n }\n}\n```\n```yaml\nresources:\n rolesMappingSaasRoleMappingSaas:\n type: aquasec:RoleMappingSaas\n properties:\n samlGroups:\n - group1\n - group2\n cspRole: Administrator\noutputs:\n rolesMappingSaas: ${rolesMappingSaasRoleMappingSaas}\n```\n\n", "properties": { "accountId": { "type": "integer" }, "created": { "type": "string" }, "cspRole": { "type": "string" }, "roleMappingId": { "type": "integer" }, "samlGroups": { "type": "array", "items": { "type": "string" } } }, "type": "object", "required": [ "accountId", "created", "cspRole", "roleMappingId", "samlGroups" ], "inputProperties": { "cspRole": { "type": "string", "willReplaceOnChanges": true }, "samlGroups": { "type": "array", "items": { "type": "string" } } }, "requiredInputs": [ "cspRole", "samlGroups" ], "stateInputs": { "description": "Input properties used for looking up and filtering RoleMappingSaas resources.\n", "properties": { "accountId": { "type": "integer" }, "created": { "type": "string" }, "cspRole": { "type": "string", "willReplaceOnChanges": true }, "roleMappingId": { "type": "integer" }, "samlGroups": { "type": "array", "items": { "type": "string" } } }, "type": "object" } }, "aquasec:index/service:Service": { "properties": { "applicationScopes": { "type": "array", "items": { "type": "string" }, "description": "Indicates the application scope of the service.\n" }, "author": { "type": "string", "description": "Username of the account that created the service.\n" }, "containersCount": { "type": "integer", "description": "The number of containers associated with the service.\n" }, "description": { "type": "string", "description": "A textual description of the service record; maximum 500 characters.\n" }, "enforce": { "type": "boolean", "description": "Enforcement status of the service.\n" }, "evaluated": { "type": "boolean", "description": "Whether the service has been evaluated for security vulnerabilities.\n" }, "isRegistered": { "type": "boolean", "description": "Indicates if registered or not.\n" }, "lastupdate": { "type": "integer", "description": "Timestamp of the last update in Unix time format.\n" }, "monitoring": { "type": "boolean", "description": "Indicates if monitoring is enabled or not\n" }, "name": { "type": "string", "description": "The name of the service. It is recommended not to use whitespace characters in the name.\n" }, "notEvaluatedCount": { "type": "integer", "description": "The number of container that are not evaluated.\n" }, "policies": { "type": "array", "items": { "type": "string" }, "description": "The service's policies; an array of container firewall policy names.\n" }, "priority": { "type": "integer", "description": "Rules priority, must be between 1-100.\n" }, "scopeExpression": { "type": "string", "description": "Logical expression of how to compute the dependency of the scope variables.\n" }, "scopeVariables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FServiceScopeVariable:ServiceScopeVariable" }, "description": "List of scope attributes.\n" }, "target": { "type": "string", "description": "Type of the workload. container or host.\n" }, "unregisteredCount": { "type": "integer", "description": "The number of containers allocated to the service that are not registered.\n" }, "vulnerabilitiesHigh": { "type": "integer", "description": "Number of high severity vulnerabilities.\n" }, "vulnerabilitiesLow": { "type": "integer", "description": "Number of low severity vulnerabilities.\n" }, "vulnerabilitiesMalware": { "type": "integer", "description": "Number of malware.\n" }, "vulnerabilitiesMedium": { "type": "integer", "description": "Number of medium severity vulnerabilities.\n" }, "vulnerabilitiesNegligible": { "type": "integer", "description": "Number of negligible vulnerabilities.\n" }, "vulnerabilitiesScoreAverage": { "type": "integer", "description": "The CVSS average vulnerabilities score.\n" }, "vulnerabilitiesSensitive": { "type": "integer", "description": "Number of sensitive vulnerabilities.\n" }, "vulnerabilitiesTotal": { "type": "integer", "description": "Total number of vulnerabilities.\n" } }, "type": "object", "required": [ "applicationScopes", "author", "containersCount", "evaluated", "isRegistered", "lastupdate", "name", "notEvaluatedCount", "policies", "target", "unregisteredCount", "vulnerabilitiesHigh", "vulnerabilitiesLow", "vulnerabilitiesMalware", "vulnerabilitiesMedium", "vulnerabilitiesNegligible", "vulnerabilitiesScoreAverage", "vulnerabilitiesSensitive", "vulnerabilitiesTotal" ], "inputProperties": { "applicationScopes": { "type": "array", "items": { "type": "string" }, "description": "Indicates the application scope of the service.\n" }, "description": { "type": "string", "description": "A textual description of the service record; maximum 500 characters.\n" }, "enforce": { "type": "boolean", "description": "Enforcement status of the service.\n" }, "monitoring": { "type": "boolean", "description": "Indicates if monitoring is enabled or not\n" }, "name": { "type": "string", "description": "The name of the service. It is recommended not to use whitespace characters in the name.\n", "willReplaceOnChanges": true }, "policies": { "type": "array", "items": { "type": "string" }, "description": "The service's policies; an array of container firewall policy names.\n" }, "priority": { "type": "integer", "description": "Rules priority, must be between 1-100.\n" }, "scopeExpression": { "type": "string", "description": "Logical expression of how to compute the dependency of the scope variables.\n" }, "scopeVariables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FServiceScopeVariable:ServiceScopeVariable" }, "description": "List of scope attributes.\n" }, "target": { "type": "string", "description": "Type of the workload. container or host.\n" } }, "requiredInputs": [ "applicationScopes", "policies", "target" ], "stateInputs": { "description": "Input properties used for looking up and filtering Service resources.\n", "properties": { "applicationScopes": { "type": "array", "items": { "type": "string" }, "description": "Indicates the application scope of the service.\n" }, "author": { "type": "string", "description": "Username of the account that created the service.\n" }, "containersCount": { "type": "integer", "description": "The number of containers associated with the service.\n" }, "description": { "type": "string", "description": "A textual description of the service record; maximum 500 characters.\n" }, "enforce": { "type": "boolean", "description": "Enforcement status of the service.\n" }, "evaluated": { "type": "boolean", "description": "Whether the service has been evaluated for security vulnerabilities.\n" }, "isRegistered": { "type": "boolean", "description": "Indicates if registered or not.\n" }, "lastupdate": { "type": "integer", "description": "Timestamp of the last update in Unix time format.\n" }, "monitoring": { "type": "boolean", "description": "Indicates if monitoring is enabled or not\n" }, "name": { "type": "string", "description": "The name of the service. It is recommended not to use whitespace characters in the name.\n", "willReplaceOnChanges": true }, "notEvaluatedCount": { "type": "integer", "description": "The number of container that are not evaluated.\n" }, "policies": { "type": "array", "items": { "type": "string" }, "description": "The service's policies; an array of container firewall policy names.\n" }, "priority": { "type": "integer", "description": "Rules priority, must be between 1-100.\n" }, "scopeExpression": { "type": "string", "description": "Logical expression of how to compute the dependency of the scope variables.\n" }, "scopeVariables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FServiceScopeVariable:ServiceScopeVariable" }, "description": "List of scope attributes.\n" }, "target": { "type": "string", "description": "Type of the workload. container or host.\n" }, "unregisteredCount": { "type": "integer", "description": "The number of containers allocated to the service that are not registered.\n" }, "vulnerabilitiesHigh": { "type": "integer", "description": "Number of high severity vulnerabilities.\n" }, "vulnerabilitiesLow": { "type": "integer", "description": "Number of low severity vulnerabilities.\n" }, "vulnerabilitiesMalware": { "type": "integer", "description": "Number of malware.\n" }, "vulnerabilitiesMedium": { "type": "integer", "description": "Number of medium severity vulnerabilities.\n" }, "vulnerabilitiesNegligible": { "type": "integer", "description": "Number of negligible vulnerabilities.\n" }, "vulnerabilitiesScoreAverage": { "type": "integer", "description": "The CVSS average vulnerabilities score.\n" }, "vulnerabilitiesSensitive": { "type": "integer", "description": "Number of sensitive vulnerabilities.\n" }, "vulnerabilitiesTotal": { "type": "integer", "description": "Total number of vulnerabilities.\n" } }, "type": "object" } }, "aquasec:index/user:User": { "description": "The `aquasec.User` resource manages your users within Aqua.\n\nThe users created must have at least one Role that is already present within Aqua.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst iaC = new aquasec.User(\"iaC\", {\n userId: \"IaC\",\n password: _var.password,\n roles: [\"infrastructure\"],\n email: \"infrastructure@example.com\",\n firstTime: true,\n});\n// Display name for this user\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nia_c = aquasec.User(\"iaC\",\n user_id=\"IaC\",\n password=var[\"password\"],\n roles=[\"infrastructure\"],\n email=\"infrastructure@example.com\",\n first_time=True)\n# Display name for this user\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() => \n{\n var iaC = new Aquasec.User(\"iaC\", new()\n {\n UserId = \"IaC\",\n Password = @var.Password,\n Roles = new[]\n {\n \"infrastructure\",\n },\n Email = \"infrastructure@example.com\",\n FirstTime = true,\n });\n\n // Display name for this user\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewUser(ctx, \"iaC\", &aquasec.UserArgs{\n\t\t\tUserId: pulumi.String(\"IaC\"),\n\t\t\tPassword: pulumi.Any(_var.Password),\n\t\t\tRoles: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"infrastructure\"),\n\t\t\t},\n\t\t\tEmail: pulumi.String(\"infrastructure@example.com\"),\n\t\t\tFirstTime: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.User;\nimport com.pulumi.aquasec.UserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var iaC = new User(\"iaC\", UserArgs.builder()\n .userId(\"IaC\")\n .password(var_.password())\n .roles(\"infrastructure\")\n .email(\"infrastructure@example.com\")\n .firstTime(true)\n .build());\n\n // Display name for this user\n }\n}\n```\n```yaml\nresources:\n iaC:\n type: aquasec:User\n properties:\n userId: IaC\n password: ${var.password}\n roles:\n - infrastructure\n # optional fields\n email: infrastructure@example.com\n firstTime: true\n```\n\n", "properties": { "email": { "type": "string", "description": "The user Email.\n" }, "firstTime": { "type": "boolean", "description": "If the user must change the password first login. Applicable only one time, Later for user password resets use aqua console.\n" }, "isSuper": { "type": "boolean", "description": "Give the Permission Set full access, meaning all actions are allowed without restriction.\n" }, "name": { "type": "string", "description": "The user name.\n" }, "password": { "type": "string", "description": "Login password for the user; string, required, at least 8 characters long.\n" }, "passwordConfirm": { "type": "string", "description": "Password confirmation.\n" }, "plan": { "type": "string", "description": "User's Aqua plan (Developer / Team / Advanced).\n" }, "role": { "type": "string", "description": "The first role that assigned to the user for backward compatibility.\n" }, "roles": { "type": "array", "items": { "type": "string" }, "description": "The roles that will be assigned to the user.\n" }, "type": { "type": "string", "description": "The user type (Aqua, LDAP, SAML, OAuth2, OpenID, Tenant Manager).\n" }, "uiAccess": { "type": "boolean", "description": "Whether to allow UI access for users with this Permission Set.\n" }, "userId": { "type": "string", "description": "The user ID.\n" } }, "type": "object", "required": [ "isSuper", "name", "password", "plan", "role", "roles", "type", "uiAccess", "userId" ], "inputProperties": { "email": { "type": "string", "description": "The user Email.\n" }, "firstTime": { "type": "boolean", "description": "If the user must change the password first login. Applicable only one time, Later for user password resets use aqua console.\n" }, "name": { "type": "string", "description": "The user name.\n" }, "password": { "type": "string", "description": "Login password for the user; string, required, at least 8 characters long.\n" }, "passwordConfirm": { "type": "string", "description": "Password confirmation.\n" }, "roles": { "type": "array", "items": { "type": "string" }, "description": "The roles that will be assigned to the user.\n" }, "userId": { "type": "string", "description": "The user ID.\n", "willReplaceOnChanges": true } }, "requiredInputs": [ "password", "roles", "userId" ], "stateInputs": { "description": "Input properties used for looking up and filtering User resources.\n", "properties": { "email": { "type": "string", "description": "The user Email.\n" }, "firstTime": { "type": "boolean", "description": "If the user must change the password first login. Applicable only one time, Later for user password resets use aqua console.\n" }, "isSuper": { "type": "boolean", "description": "Give the Permission Set full access, meaning all actions are allowed without restriction.\n" }, "name": { "type": "string", "description": "The user name.\n" }, "password": { "type": "string", "description": "Login password for the user; string, required, at least 8 characters long.\n" }, "passwordConfirm": { "type": "string", "description": "Password confirmation.\n" }, "plan": { "type": "string", "description": "User's Aqua plan (Developer / Team / Advanced).\n" }, "role": { "type": "string", "description": "The first role that assigned to the user for backward compatibility.\n" }, "roles": { "type": "array", "items": { "type": "string" }, "description": "The roles that will be assigned to the user.\n" }, "type": { "type": "string", "description": "The user type (Aqua, LDAP, SAML, OAuth2, OpenID, Tenant Manager).\n" }, "uiAccess": { "type": "boolean", "description": "Whether to allow UI access for users with this Permission Set.\n" }, "userId": { "type": "string", "description": "The user ID.\n", "willReplaceOnChanges": true } }, "type": "object" } }, "aquasec:index/userSaas:UserSaas": { "description": "The `aquasec.UserSaas` resource manages your saas users within Aqua.\n\nThe users created must have at least one Csp Role that is already present within Aqua.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst iaC1 = new aquasec.UserSaas(\"iaC1\", {\n accountAdmin: true,\n cspRoles: [],\n email: \"infrastructure1@example.com\",\n});\nconst iaC2 = new aquasec.UserSaas(\"iaC2\", {\n accountAdmin: false,\n cspRoles: [\"Default\"],\n email: \"infrastructure2@example.com\",\n groups: [{\n groupAdmin: false,\n name: \"IacGroupName\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nia_c1 = aquasec.UserSaas(\"iaC1\",\n account_admin=True,\n csp_roles=[],\n email=\"infrastructure1@example.com\")\nia_c2 = aquasec.UserSaas(\"iaC2\",\n account_admin=False,\n csp_roles=[\"Default\"],\n email=\"infrastructure2@example.com\",\n groups=[aquasec.UserSaasGroupArgs(\n group_admin=False,\n name=\"IacGroupName\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() => \n{\n var iaC1 = new Aquasec.UserSaas(\"iaC1\", new()\n {\n AccountAdmin = true,\n CspRoles = new[] {},\n Email = \"infrastructure1@example.com\",\n });\n\n var iaC2 = new Aquasec.UserSaas(\"iaC2\", new()\n {\n AccountAdmin = false,\n CspRoles = new[]\n {\n \"Default\",\n },\n Email = \"infrastructure2@example.com\",\n Groups = new[]\n {\n new Aquasec.Inputs.UserSaasGroupArgs\n {\n GroupAdmin = false,\n Name = \"IacGroupName\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewUserSaas(ctx, \"iaC1\", &aquasec.UserSaasArgs{\n\t\t\tAccountAdmin: pulumi.Bool(true),\n\t\t\tCspRoles: pulumi.StringArray{},\n\t\t\tEmail: pulumi.String(\"infrastructure1@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewUserSaas(ctx, \"iaC2\", &aquasec.UserSaasArgs{\n\t\t\tAccountAdmin: pulumi.Bool(false),\n\t\t\tCspRoles: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Default\"),\n\t\t\t},\n\t\t\tEmail: pulumi.String(\"infrastructure2@example.com\"),\n\t\t\tGroups: aquasec.UserSaasGroupArray{\n\t\t\t\t&aquasec.UserSaasGroupArgs{\n\t\t\t\t\tGroupAdmin: pulumi.Bool(false),\n\t\t\t\t\tName: pulumi.String(\"IacGroupName\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.UserSaas;\nimport com.pulumi.aquasec.UserSaasArgs;\nimport com.pulumi.aquasec.inputs.UserSaasGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var iaC1 = new UserSaas(\"iaC1\", UserSaasArgs.builder()\n .accountAdmin(true)\n .cspRoles()\n .email(\"infrastructure1@example.com\")\n .build());\n\n var iaC2 = new UserSaas(\"iaC2\", UserSaasArgs.builder()\n .accountAdmin(false)\n .cspRoles(\"Default\")\n .email(\"infrastructure2@example.com\")\n .groups(UserSaasGroupArgs.builder()\n .groupAdmin(false)\n .name(\"IacGroupName\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iaC1:\n type: aquasec:UserSaas\n properties:\n accountAdmin: true\n cspRoles: []\n email: infrastructure1@example.com\n iaC2:\n type: aquasec:UserSaas\n properties:\n accountAdmin: false\n cspRoles:\n - Default\n email: infrastructure2@example.com\n # optional\n groups:\n - groupAdmin: false\n name: IacGroupName\n```\n\n", "properties": { "accountAdmin": { "type": "boolean" }, "confirmed": { "type": "boolean" }, "created": { "type": "string" }, "cspRoles": { "type": "array", "items": { "type": "string" } }, "email": { "type": "string" }, "groups": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FUserSaasGroup:UserSaasGroup" } }, "logins": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FUserSaasLogin:UserSaasLogin" } }, "multiaccount": { "type": "boolean" }, "passwordReset": { "type": "boolean" }, "sendAnnouncements": { "type": "boolean" }, "sendNewPlugins": { "type": "boolean" }, "sendNewRisks": { "type": "boolean" }, "sendScanResults": { "type": "boolean" }, "userId": { "type": "string" } }, "type": "object", "required": [ "accountAdmin", "confirmed", "created", "cspRoles", "email", "logins", "multiaccount", "passwordReset", "sendAnnouncements", "sendNewPlugins", "sendNewRisks", "sendScanResults", "userId" ], "inputProperties": { "accountAdmin": { "type": "boolean" }, "cspRoles": { "type": "array", "items": { "type": "string" } }, "email": { "type": "string" }, "groups": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FUserSaasGroup:UserSaasGroup" } } }, "requiredInputs": [ "accountAdmin", "cspRoles", "email" ], "stateInputs": { "description": "Input properties used for looking up and filtering UserSaas resources.\n", "properties": { "accountAdmin": { "type": "boolean" }, "confirmed": { "type": "boolean" }, "created": { "type": "string" }, "cspRoles": { "type": "array", "items": { "type": "string" } }, "email": { "type": "string" }, "groups": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FUserSaasGroup:UserSaasGroup" } }, "logins": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FUserSaasLogin:UserSaasLogin" } }, "multiaccount": { "type": "boolean" }, "passwordReset": { "type": "boolean" }, "sendAnnouncements": { "type": "boolean" }, "sendNewPlugins": { "type": "boolean" }, "sendNewRisks": { "type": "boolean" }, "sendScanResults": { "type": "boolean" }, "userId": { "type": "string", "willReplaceOnChanges": true } }, "type": "object" } }, "aquasec:index/vmwareAssurancePolicy:VmwareAssurancePolicy": { "properties": { "aggregatedVulnerability": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Aggregated vulnerability information.\n" }, "allowedImages": { "type": "array", "items": { "type": "string" }, "description": "List of explicitly allowed images.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" } }, "assuranceType": { "type": "string", "description": "What type of assurance policy is described.\n" }, "auditOnFailure": { "type": "boolean", "description": "Indicates if auditing for failures.\n" }, "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "autoScanConfigured": { "type": "boolean" }, "autoScanEnabled": { "type": "boolean" }, "autoScanTimes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyAutoScanTime:VmwareAssurancePolicyAutoScanTime" } }, "blacklistPermissions": { "type": "array", "items": { "type": "string" }, "description": "List of function's forbidden permissions.\n" }, "blacklistPermissionsEnabled": { "type": "boolean", "description": "Indicates if blacklist permissions is relevant.\n" }, "blacklistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of blacklisted licenses.\n" }, "blacklistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" }, "blockFailed": { "type": "boolean", "description": "Indicates if failed images are blocked.\n" }, "controlExcludeNoFix": { "type": "boolean" }, "customChecks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyCustomCheck:VmwareAssurancePolicyCustomCheck" }, "description": "List of Custom user scripts for checks.\n" }, "customChecksEnabled": { "type": "boolean", "description": "Indicates if scanning should include custom checks.\n" }, "customSeverity": { "type": "string" }, "customSeverityEnabled": { "type": "boolean" }, "cvesBlackListEnabled": { "type": "boolean", "description": "Indicates if CVEs blacklist is relevant.\n" }, "cvesBlackLists": { "type": "array", "items": { "type": "string" }, "description": "List of cves blacklisted items.\n" }, "cvesWhiteListEnabled": { "type": "boolean", "description": "Indicates if cves whitelist is relevant.\n" }, "cvesWhiteLists": { "type": "array", "items": { "type": "string" }, "description": "List of cves whitelisted licenses\n" }, "cvssSeverity": { "type": "string", "description": "Identifier of the cvss severity.\n" }, "cvssSeverityEnabled": { "type": "boolean", "description": "Indicates if the cvss severity is scanned.\n" }, "cvssSeverityExcludeNoFix": { "type": "boolean", "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" }, "description": { "type": "string" }, "disallowExploitTypes": { "type": "array", "items": { "type": "string" } }, "disallowMalware": { "type": "boolean", "description": "Indicates if malware should block the image.\n" }, "dockerCisEnabled": { "type": "boolean", "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, "domain": { "type": "string", "description": "Name of the container image.\n" }, "domainName": { "type": "string" }, "dtaEnabled": { "type": "boolean" }, "dtaSeverity": { "type": "string" }, "enabled": { "type": "boolean" }, "enforce": { "type": "boolean" }, "enforceAfterDays": { "type": "integer" }, "enforceExcessivePermissions": { "type": "boolean" }, "exceptionalMonitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" } }, "failCicd": { "type": "boolean", "description": "Indicates if cicd failures will fail the image.\n" }, "forbiddenLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyForbiddenLabel:VmwareAssurancePolicyForbiddenLabel" } }, "forbiddenLabelsEnabled": { "type": "boolean" }, "forceMicroenforcer": { "type": "boolean" }, "functionIntegrityEnabled": { "type": "boolean" }, "ignoreBaseImageVln": { "type": "boolean" }, "ignoreRecentlyPublishedVln": { "type": "boolean" }, "ignoreRecentlyPublishedVlnPeriod": { "type": "integer" }, "ignoreRiskResourcesEnabled": { "type": "boolean", "description": "Indicates if risk resources are ignored.\n" }, "ignoredRiskResources": { "type": "array", "items": { "type": "string" }, "description": "List of ignored risk resources.\n" }, "ignoredSensitiveResources": { "type": "array", "items": { "type": "string" } }, "images": { "type": "array", "items": { "type": "string" }, "description": "List of images.\n" }, "kubeCisEnabled": { "type": "boolean", "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, "kubernetesControls": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyKubernetesControl:VmwareAssurancePolicyKubernetesControl" }, "description": "List of Kubernetes controls.\n" }, "kubernetesControlsAvdIds": { "type": "array", "items": { "type": "string" } }, "kubernetesControlsNames": { "type": "array", "items": { "type": "string" } }, "labels": { "type": "array", "items": { "type": "string" }, "description": "List of labels.\n" }, "lastupdate": { "type": "string" }, "linuxCisEnabled": { "type": "boolean" }, "malwareAction": { "type": "string" }, "maximumScore": { "type": "number", "description": "Value of allowed maximum score.\n" }, "maximumScoreEnabled": { "type": "boolean", "description": "Indicates if exceeding the maximum score is scanned.\n" }, "maximumScoreExcludeNoFix": { "type": "boolean" }, "monitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "name": { "type": "string" }, "onlyNoneRootUsers": { "type": "boolean", "description": "Indicates if raise a warning for images that should only be run as root.\n" }, "openshiftHardeningEnabled": { "type": "boolean" }, "packagesBlackListEnabled": { "type": "boolean", "description": "Indicates if packages blacklist is relevant.\n" }, "packagesBlackLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyPackagesBlackList:VmwareAssurancePolicyPackagesBlackList" }, "description": "List of blacklisted images.\n" }, "packagesWhiteListEnabled": { "type": "boolean", "description": "Indicates if packages whitelist is relevant.\n" }, "packagesWhiteLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyPackagesWhiteList:VmwareAssurancePolicyPackagesWhiteList" }, "description": "List of whitelisted images.\n" }, "partialResultsImageFail": { "type": "boolean" }, "permission": { "type": "string" }, "policySettings": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyPolicySettings:VmwareAssurancePolicyPolicySettings" }, "readOnly": { "type": "boolean" }, "registries": { "type": "array", "items": { "type": "string" }, "description": "List of registries.\n" }, "registry": { "type": "string" }, "requiredLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyRequiredLabel:VmwareAssurancePolicyRequiredLabel" } }, "requiredLabelsEnabled": { "type": "boolean" }, "scanMalwareInArchives": { "type": "boolean" }, "scanNfsMounts": { "type": "boolean" }, "scanProcessMemory": { "type": "boolean" }, "scanSensitiveData": { "type": "boolean", "description": "Indicates if scan should include sensitive data in the image.\n" }, "scanWindowsRegistry": { "type": "boolean" }, "scapEnabled": { "type": "boolean", "description": "Indicates if scanning should include scap.\n" }, "scapFiles": { "type": "array", "items": { "type": "string" }, "description": "List of SCAP user scripts for checks.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyScope:VmwareAssurancePolicyScope" } }, "trustedBaseImages": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyTrustedBaseImage:VmwareAssurancePolicyTrustedBaseImage" }, "description": "List of trusted images.\n" }, "trustedBaseImagesEnabled": { "type": "boolean", "description": "Indicates if list of trusted base images is relevant.\n" }, "vulnerabilityExploitability": { "type": "boolean" }, "vulnerabilityScoreRanges": { "type": "array", "items": { "type": "integer" } }, "whitelistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of whitelisted licenses.\n" }, "whitelistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" } }, "type": "object", "required": [ "applicationScopes", "assuranceType", "author", "autoScanTimes", "customSeverity", "ignoreRecentlyPublishedVlnPeriod", "lastupdate", "name", "permission", "policySettings", "scopes" ], "inputProperties": { "aggregatedVulnerability": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Aggregated vulnerability information.\n" }, "allowedImages": { "type": "array", "items": { "type": "string" }, "description": "List of explicitly allowed images.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" } }, "assuranceType": { "type": "string", "description": "What type of assurance policy is described.\n" }, "auditOnFailure": { "type": "boolean", "description": "Indicates if auditing for failures.\n" }, "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "autoScanConfigured": { "type": "boolean" }, "autoScanEnabled": { "type": "boolean" }, "autoScanTimes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyAutoScanTime:VmwareAssurancePolicyAutoScanTime" } }, "blacklistPermissions": { "type": "array", "items": { "type": "string" }, "description": "List of function's forbidden permissions.\n" }, "blacklistPermissionsEnabled": { "type": "boolean", "description": "Indicates if blacklist permissions is relevant.\n" }, "blacklistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of blacklisted licenses.\n" }, "blacklistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" }, "blockFailed": { "type": "boolean", "description": "Indicates if failed images are blocked.\n" }, "controlExcludeNoFix": { "type": "boolean" }, "customChecks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyCustomCheck:VmwareAssurancePolicyCustomCheck" }, "description": "List of Custom user scripts for checks.\n" }, "customChecksEnabled": { "type": "boolean", "description": "Indicates if scanning should include custom checks.\n" }, "customSeverity": { "type": "string" }, "customSeverityEnabled": { "type": "boolean" }, "cvesBlackListEnabled": { "type": "boolean", "description": "Indicates if CVEs blacklist is relevant.\n" }, "cvesBlackLists": { "type": "array", "items": { "type": "string" }, "description": "List of cves blacklisted items.\n" }, "cvesWhiteListEnabled": { "type": "boolean", "description": "Indicates if cves whitelist is relevant.\n" }, "cvesWhiteLists": { "type": "array", "items": { "type": "string" }, "description": "List of cves whitelisted licenses\n" }, "cvssSeverity": { "type": "string", "description": "Identifier of the cvss severity.\n" }, "cvssSeverityEnabled": { "type": "boolean", "description": "Indicates if the cvss severity is scanned.\n" }, "cvssSeverityExcludeNoFix": { "type": "boolean", "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" }, "description": { "type": "string" }, "disallowExploitTypes": { "type": "array", "items": { "type": "string" } }, "disallowMalware": { "type": "boolean", "description": "Indicates if malware should block the image.\n" }, "dockerCisEnabled": { "type": "boolean", "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, "domain": { "type": "string", "description": "Name of the container image.\n" }, "domainName": { "type": "string" }, "dtaEnabled": { "type": "boolean" }, "dtaSeverity": { "type": "string" }, "enabled": { "type": "boolean" }, "enforce": { "type": "boolean" }, "enforceAfterDays": { "type": "integer" }, "enforceExcessivePermissions": { "type": "boolean" }, "exceptionalMonitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" } }, "failCicd": { "type": "boolean", "description": "Indicates if cicd failures will fail the image.\n" }, "forbiddenLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyForbiddenLabel:VmwareAssurancePolicyForbiddenLabel" } }, "forbiddenLabelsEnabled": { "type": "boolean" }, "forceMicroenforcer": { "type": "boolean" }, "functionIntegrityEnabled": { "type": "boolean" }, "ignoreBaseImageVln": { "type": "boolean" }, "ignoreRecentlyPublishedVln": { "type": "boolean" }, "ignoreRecentlyPublishedVlnPeriod": { "type": "integer" }, "ignoreRiskResourcesEnabled": { "type": "boolean", "description": "Indicates if risk resources are ignored.\n" }, "ignoredRiskResources": { "type": "array", "items": { "type": "string" }, "description": "List of ignored risk resources.\n" }, "ignoredSensitiveResources": { "type": "array", "items": { "type": "string" } }, "images": { "type": "array", "items": { "type": "string" }, "description": "List of images.\n" }, "kubeCisEnabled": { "type": "boolean", "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, "kubernetesControls": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyKubernetesControl:VmwareAssurancePolicyKubernetesControl" }, "description": "List of Kubernetes controls.\n" }, "kubernetesControlsAvdIds": { "type": "array", "items": { "type": "string" } }, "kubernetesControlsNames": { "type": "array", "items": { "type": "string" } }, "labels": { "type": "array", "items": { "type": "string" }, "description": "List of labels.\n" }, "lastupdate": { "type": "string" }, "linuxCisEnabled": { "type": "boolean" }, "malwareAction": { "type": "string" }, "maximumScore": { "type": "number", "description": "Value of allowed maximum score.\n" }, "maximumScoreEnabled": { "type": "boolean", "description": "Indicates if exceeding the maximum score is scanned.\n" }, "maximumScoreExcludeNoFix": { "type": "boolean" }, "monitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "name": { "type": "string", "willReplaceOnChanges": true }, "onlyNoneRootUsers": { "type": "boolean", "description": "Indicates if raise a warning for images that should only be run as root.\n" }, "openshiftHardeningEnabled": { "type": "boolean" }, "packagesBlackListEnabled": { "type": "boolean", "description": "Indicates if packages blacklist is relevant.\n" }, "packagesBlackLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyPackagesBlackList:VmwareAssurancePolicyPackagesBlackList" }, "description": "List of blacklisted images.\n" }, "packagesWhiteListEnabled": { "type": "boolean", "description": "Indicates if packages whitelist is relevant.\n" }, "packagesWhiteLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyPackagesWhiteList:VmwareAssurancePolicyPackagesWhiteList" }, "description": "List of whitelisted images.\n" }, "partialResultsImageFail": { "type": "boolean" }, "permission": { "type": "string" }, "policySettings": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyPolicySettings:VmwareAssurancePolicyPolicySettings" }, "readOnly": { "type": "boolean" }, "registries": { "type": "array", "items": { "type": "string" }, "description": "List of registries.\n" }, "registry": { "type": "string" }, "requiredLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyRequiredLabel:VmwareAssurancePolicyRequiredLabel" } }, "requiredLabelsEnabled": { "type": "boolean" }, "scanMalwareInArchives": { "type": "boolean" }, "scanNfsMounts": { "type": "boolean" }, "scanProcessMemory": { "type": "boolean" }, "scanSensitiveData": { "type": "boolean", "description": "Indicates if scan should include sensitive data in the image.\n" }, "scanWindowsRegistry": { "type": "boolean" }, "scapEnabled": { "type": "boolean", "description": "Indicates if scanning should include scap.\n" }, "scapFiles": { "type": "array", "items": { "type": "string" }, "description": "List of SCAP user scripts for checks.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyScope:VmwareAssurancePolicyScope" } }, "trustedBaseImages": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyTrustedBaseImage:VmwareAssurancePolicyTrustedBaseImage" }, "description": "List of trusted images.\n" }, "trustedBaseImagesEnabled": { "type": "boolean", "description": "Indicates if list of trusted base images is relevant.\n" }, "vulnerabilityExploitability": { "type": "boolean" }, "vulnerabilityScoreRanges": { "type": "array", "items": { "type": "integer" } }, "whitelistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of whitelisted licenses.\n" }, "whitelistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" } }, "requiredInputs": [ "applicationScopes" ], "stateInputs": { "description": "Input properties used for looking up and filtering VmwareAssurancePolicy resources.\n", "properties": { "aggregatedVulnerability": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Aggregated vulnerability information.\n" }, "allowedImages": { "type": "array", "items": { "type": "string" }, "description": "List of explicitly allowed images.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" } }, "assuranceType": { "type": "string", "description": "What type of assurance policy is described.\n" }, "auditOnFailure": { "type": "boolean", "description": "Indicates if auditing for failures.\n" }, "author": { "type": "string", "description": "Name of user account that created the policy.\n" }, "autoScanConfigured": { "type": "boolean" }, "autoScanEnabled": { "type": "boolean" }, "autoScanTimes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyAutoScanTime:VmwareAssurancePolicyAutoScanTime" } }, "blacklistPermissions": { "type": "array", "items": { "type": "string" }, "description": "List of function's forbidden permissions.\n" }, "blacklistPermissionsEnabled": { "type": "boolean", "description": "Indicates if blacklist permissions is relevant.\n" }, "blacklistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of blacklisted licenses.\n" }, "blacklistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" }, "blockFailed": { "type": "boolean", "description": "Indicates if failed images are blocked.\n" }, "controlExcludeNoFix": { "type": "boolean" }, "customChecks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyCustomCheck:VmwareAssurancePolicyCustomCheck" }, "description": "List of Custom user scripts for checks.\n" }, "customChecksEnabled": { "type": "boolean", "description": "Indicates if scanning should include custom checks.\n" }, "customSeverity": { "type": "string" }, "customSeverityEnabled": { "type": "boolean" }, "cvesBlackListEnabled": { "type": "boolean", "description": "Indicates if CVEs blacklist is relevant.\n" }, "cvesBlackLists": { "type": "array", "items": { "type": "string" }, "description": "List of cves blacklisted items.\n" }, "cvesWhiteListEnabled": { "type": "boolean", "description": "Indicates if cves whitelist is relevant.\n" }, "cvesWhiteLists": { "type": "array", "items": { "type": "string" }, "description": "List of cves whitelisted licenses\n" }, "cvssSeverity": { "type": "string", "description": "Identifier of the cvss severity.\n" }, "cvssSeverityEnabled": { "type": "boolean", "description": "Indicates if the cvss severity is scanned.\n" }, "cvssSeverityExcludeNoFix": { "type": "boolean", "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" }, "description": { "type": "string" }, "disallowExploitTypes": { "type": "array", "items": { "type": "string" } }, "disallowMalware": { "type": "boolean", "description": "Indicates if malware should block the image.\n" }, "dockerCisEnabled": { "type": "boolean", "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, "domain": { "type": "string", "description": "Name of the container image.\n" }, "domainName": { "type": "string" }, "dtaEnabled": { "type": "boolean" }, "dtaSeverity": { "type": "string" }, "enabled": { "type": "boolean" }, "enforce": { "type": "boolean" }, "enforceAfterDays": { "type": "integer" }, "enforceExcessivePermissions": { "type": "boolean" }, "exceptionalMonitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "excludeApplicationScopes": { "type": "array", "items": { "type": "string" } }, "failCicd": { "type": "boolean", "description": "Indicates if cicd failures will fail the image.\n" }, "forbiddenLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyForbiddenLabel:VmwareAssurancePolicyForbiddenLabel" } }, "forbiddenLabelsEnabled": { "type": "boolean" }, "forceMicroenforcer": { "type": "boolean" }, "functionIntegrityEnabled": { "type": "boolean" }, "ignoreBaseImageVln": { "type": "boolean" }, "ignoreRecentlyPublishedVln": { "type": "boolean" }, "ignoreRecentlyPublishedVlnPeriod": { "type": "integer" }, "ignoreRiskResourcesEnabled": { "type": "boolean", "description": "Indicates if risk resources are ignored.\n" }, "ignoredRiskResources": { "type": "array", "items": { "type": "string" }, "description": "List of ignored risk resources.\n" }, "ignoredSensitiveResources": { "type": "array", "items": { "type": "string" } }, "images": { "type": "array", "items": { "type": "string" }, "description": "List of images.\n" }, "kubeCisEnabled": { "type": "boolean", "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, "kubernetesControls": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyKubernetesControl:VmwareAssurancePolicyKubernetesControl" }, "description": "List of Kubernetes controls.\n" }, "kubernetesControlsAvdIds": { "type": "array", "items": { "type": "string" } }, "kubernetesControlsNames": { "type": "array", "items": { "type": "string" } }, "labels": { "type": "array", "items": { "type": "string" }, "description": "List of labels.\n" }, "lastupdate": { "type": "string" }, "linuxCisEnabled": { "type": "boolean" }, "malwareAction": { "type": "string" }, "maximumScore": { "type": "number", "description": "Value of allowed maximum score.\n" }, "maximumScoreEnabled": { "type": "boolean", "description": "Indicates if exceeding the maximum score is scanned.\n" }, "maximumScoreExcludeNoFix": { "type": "boolean" }, "monitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, "name": { "type": "string", "willReplaceOnChanges": true }, "onlyNoneRootUsers": { "type": "boolean", "description": "Indicates if raise a warning for images that should only be run as root.\n" }, "openshiftHardeningEnabled": { "type": "boolean" }, "packagesBlackListEnabled": { "type": "boolean", "description": "Indicates if packages blacklist is relevant.\n" }, "packagesBlackLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyPackagesBlackList:VmwareAssurancePolicyPackagesBlackList" }, "description": "List of blacklisted images.\n" }, "packagesWhiteListEnabled": { "type": "boolean", "description": "Indicates if packages whitelist is relevant.\n" }, "packagesWhiteLists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyPackagesWhiteList:VmwareAssurancePolicyPackagesWhiteList" }, "description": "List of whitelisted images.\n" }, "partialResultsImageFail": { "type": "boolean" }, "permission": { "type": "string" }, "policySettings": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyPolicySettings:VmwareAssurancePolicyPolicySettings" }, "readOnly": { "type": "boolean" }, "registries": { "type": "array", "items": { "type": "string" }, "description": "List of registries.\n" }, "registry": { "type": "string" }, "requiredLabels": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyRequiredLabel:VmwareAssurancePolicyRequiredLabel" } }, "requiredLabelsEnabled": { "type": "boolean" }, "scanMalwareInArchives": { "type": "boolean" }, "scanNfsMounts": { "type": "boolean" }, "scanProcessMemory": { "type": "boolean" }, "scanSensitiveData": { "type": "boolean", "description": "Indicates if scan should include sensitive data in the image.\n" }, "scanWindowsRegistry": { "type": "boolean" }, "scapEnabled": { "type": "boolean", "description": "Indicates if scanning should include scap.\n" }, "scapFiles": { "type": "array", "items": { "type": "string" }, "description": "List of SCAP user scripts for checks.\n" }, "scopes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyScope:VmwareAssurancePolicyScope" } }, "trustedBaseImages": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FVmwareAssurancePolicyTrustedBaseImage:VmwareAssurancePolicyTrustedBaseImage" }, "description": "List of trusted images.\n" }, "trustedBaseImagesEnabled": { "type": "boolean", "description": "Indicates if list of trusted base images is relevant.\n" }, "vulnerabilityExploitability": { "type": "boolean" }, "vulnerabilityScoreRanges": { "type": "array", "items": { "type": "integer" } }, "whitelistedLicenses": { "type": "array", "items": { "type": "string" }, "description": "List of whitelisted licenses.\n" }, "whitelistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" } }, "type": "object" } } }, "functions": { "aquasec:index/getAcknowledges:getAcknowledges": { "description": "The data source `aquasec.getAcknowledges` provides a method to query all acknowledges within the Aqua\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumi/aquasec\";\n\nconst acknowledgesAcknowledges = aquasec.getAcknowledges({});\nexport const acknowledges = acknowledgesAcknowledges;\n```\n```python\nimport pulumi\nimport pulumi_aquasec as aquasec\n\nacknowledges_acknowledges = aquasec.get_acknowledges()\npulumi.export(\"acknowledges\", acknowledges_acknowledges)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumi.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var acknowledgesAcknowledges = Aquasec.GetAcknowledges.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"acknowledges\"] = acknowledgesAcknowledges,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tacknowledgesAcknowledges, err := aquasec.GetAcknowledges(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"acknowledges\", acknowledgesAcknowledges)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.AquasecFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var acknowledgesAcknowledges = AquasecFunctions.getAcknowledges();\n\n ctx.export(\"acknowledges\", acknowledgesAcknowledges.applyValue(getAcknowledgesResult -\u003e getAcknowledgesResult));\n }\n}\n```\n```yaml\nvariables:\n acknowledgesAcknowledges:\n fn::invoke:\n Function: aquasec:getAcknowledges\n Arguments: {}\noutputs:\n acknowledges: ${acknowledgesAcknowledges}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "outputs": { "description": "A collection of values returned by getAcknowledges.\n", "properties": { "acknowledges": { "description": "A list of existing security acknowledges.\n", "items": { "$ref": "#/types/aquasec:index%2FgetAcknowledgesAcknowledge:getAcknowledgesAcknowledge" }, "type": "array" }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" } }, "required": [ "acknowledges", "id" ], "type": "object" } }, "aquasec:index/getApplicationScope:getApplicationScope": { "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumi/aquasec\";\n\nconst default = aquasec.getApplicationScope({\n name: \"Global\",\n});\nexport const scopes = _default;\n```\n```python\nimport pulumi\nimport pulumi_aquasec as aquasec\n\ndefault = aquasec.get_application_scope(name=\"Global\")\npulumi.export(\"scopes\", default)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumi.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Aquasec.GetApplicationScope.Invoke(new()\n {\n Name = \"Global\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"scopes\"] = @default,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := aquasec.LookupApplicationScope(ctx, \u0026aquasec.LookupApplicationScopeArgs{\n\t\t\tName: \"Global\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"scopes\", _default)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.AquasecFunctions;\nimport com.pulumi.aquasec.inputs.GetApplicationScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = AquasecFunctions.getApplicationScope(GetApplicationScopeArgs.builder()\n .name(\"Global\")\n .build());\n\n ctx.export(\"scopes\", default_);\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n Function: aquasec:getApplicationScope\n Arguments:\n name: Global\noutputs:\n scopes: ${default}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getApplicationScope.\n", "properties": { "categories": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetApplicationScopeCategory:getApplicationScopeCategory" }, "description": "Artifacts (of applications) / Workloads (containers) / Infrastructure (elements).\n" }, "name": { "type": "string", "description": "Name of an application scope.\n" } }, "type": "object", "required": [ "name" ] }, "outputs": { "description": "A collection of values returned by getApplicationScope.\n", "properties": { "author": { "description": "Username of the account that created the service.\n", "type": "string" }, "categories": { "description": "Artifacts (of applications) / Workloads (containers) / Infrastructure (elements).\n", "items": { "$ref": "#/types/aquasec:index%2FgetApplicationScopeCategory:getApplicationScopeCategory" }, "type": "array" }, "description": { "description": "Description of the application scope.\n", "type": "string" }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "name": { "description": "Name of an application scope.\n", "type": "string" }, "ownerEmail": { "description": "Name of an application scope.\n", "type": "string" } }, "required": [ "author", "description", "id", "name", "ownerEmail" ], "type": "object" } }, "aquasec:index/getAquaLabels:getAquaLabels": { "description": "The data source `aquasec.getAquaLabels` provides a method to query all aqua labels within the Aqua account management.The fields returned from this query are detailed in the Schema section below.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumi/aquasec\";\n\nconst aquaLabels = aquasec.getAquaLabels({});\nexport const scopes = aquaLabels;\n```\n```python\nimport pulumi\nimport pulumi_aquasec as aquasec\n\naqua_labels = aquasec.get_aqua_labels()\npulumi.export(\"scopes\", aqua_labels)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumi.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var aquaLabels = Aquasec.GetAquaLabels.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"scopes\"] = aquaLabels,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\taquaLabels, err := aquasec.GetAquaLabels(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"scopes\", aquaLabels)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.AquasecFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var aquaLabels = AquasecFunctions.getAquaLabels();\n\n ctx.export(\"scopes\", aquaLabels.applyValue(getAquaLabelsResult -\u003e getAquaLabelsResult));\n }\n}\n```\n```yaml\nvariables:\n aquaLabels:\n fn::invoke:\n Function: aquasec:getAquaLabels\n Arguments: {}\noutputs:\n # Print all Aqua labels\n scopes: ${aquaLabels}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "outputs": { "description": "A collection of values returned by getAquaLabels.\n", "properties": { "aquaLabels": { "items": { "$ref": "#/types/aquasec:index%2FgetAquaLabelsAquaLabel:getAquaLabelsAquaLabel" }, "type": "array" }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" } }, "required": [ "aquaLabels", "id" ], "type": "object" } }, "aquasec:index/getContainerRuntimePolicy:getContainerRuntimePolicy": { "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumi/aquasec\";\n\nconst containerRuntimePolicy = aquasec.getContainerRuntimePolicy({\n name: \"FunctionRuntimePolicyName\",\n});\nexport const containerRuntimePolicyDetails = containerRuntimePolicy;\n```\n```python\nimport pulumi\nimport pulumi_aquasec as aquasec\n\ncontainer_runtime_policy = aquasec.get_container_runtime_policy(name=\"FunctionRuntimePolicyName\")\npulumi.export(\"containerRuntimePolicyDetails\", container_runtime_policy)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumi.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var containerRuntimePolicy = Aquasec.GetContainerRuntimePolicy.Invoke(new()\n {\n Name = \"FunctionRuntimePolicyName\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"containerRuntimePolicyDetails\"] = containerRuntimePolicy,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcontainerRuntimePolicy, err := aquasec.LookupContainerRuntimePolicy(ctx, \u0026aquasec.LookupContainerRuntimePolicyArgs{\n\t\t\tName: \"FunctionRuntimePolicyName\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"containerRuntimePolicyDetails\", containerRuntimePolicy)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.AquasecFunctions;\nimport com.pulumi.aquasec.inputs.GetContainerRuntimePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var containerRuntimePolicy = AquasecFunctions.getContainerRuntimePolicy(GetContainerRuntimePolicyArgs.builder()\n .name(\"FunctionRuntimePolicyName\")\n .build());\n\n ctx.export(\"containerRuntimePolicyDetails\", containerRuntimePolicy.applyValue(getContainerRuntimePolicyResult -\u003e getContainerRuntimePolicyResult));\n }\n}\n```\n```yaml\nvariables:\n containerRuntimePolicy:\n fn::invoke:\n Function: aquasec:getContainerRuntimePolicy\n Arguments:\n name: FunctionRuntimePolicyName\noutputs:\n containerRuntimePolicyDetails: ${containerRuntimePolicy}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getContainerRuntimePolicy.\n", "properties": { "allowedExecutables": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetContainerRuntimePolicyAllowedExecutable:getContainerRuntimePolicyAllowedExecutable" }, "description": "Allowed executables configuration.\n" }, "allowedRegistries": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetContainerRuntimePolicyAllowedRegistry:getContainerRuntimePolicyAllowedRegistry" }, "description": "Allowed registries configuration.\n" }, "auditing": { "$ref": "#/types/aquasec:index%2FgetContainerRuntimePolicyAuditing:getContainerRuntimePolicyAuditing" }, "containerExec": { "$ref": "#/types/aquasec:index%2FgetContainerRuntimePolicyContainerExec:getContainerRuntimePolicyContainerExec" }, "fileBlock": { "$ref": "#/types/aquasec:index%2FgetContainerRuntimePolicyFileBlock:getContainerRuntimePolicyFileBlock" }, "fileIntegrityMonitorings": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetContainerRuntimePolicyFileIntegrityMonitoring:getContainerRuntimePolicyFileIntegrityMonitoring" }, "description": "Configuration for file integrity monitoring.\n" }, "limitContainerPrivileges": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetContainerRuntimePolicyLimitContainerPrivilege:getContainerRuntimePolicyLimitContainerPrivilege" }, "description": "Container privileges configuration.\n" }, "malwareScanOptions": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetContainerRuntimePolicyMalwareScanOption:getContainerRuntimePolicyMalwareScanOption" }, "description": "Configuration for Real-Time Malware Protection.\n" }, "name": { "type": "string", "description": "Name of the container runtime policy\n" }, "portBlock": { "$ref": "#/types/aquasec:index%2FgetContainerRuntimePolicyPortBlock:getContainerRuntimePolicyPortBlock" }, "readonlyFiles": { "$ref": "#/types/aquasec:index%2FgetContainerRuntimePolicyReadonlyFiles:getContainerRuntimePolicyReadonlyFiles" }, "restrictedVolumes": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetContainerRuntimePolicyRestrictedVolume:getContainerRuntimePolicyRestrictedVolume" }, "description": "Restricted volumes configuration.\n" } }, "type": "object", "required": [ "name" ] }, "outputs": { "description": "A collection of values returned by getContainerRuntimePolicy.\n", "properties": { "allowedExecutables": { "description": "Allowed executables configuration.\n", "items": { "$ref": "#/types/aquasec:index%2FgetContainerRuntimePolicyAllowedExecutable:getContainerRuntimePolicyAllowedExecutable" }, "type": "array" }, "allowedRegistries": { "description": "Allowed registries configuration.\n", "items": { "$ref": "#/types/aquasec:index%2FgetContainerRuntimePolicyAllowedRegistry:getContainerRuntimePolicyAllowedRegistry" }, "type": "array" }, "applicationScopes": { "description": "Indicates the application scope of the service.\n", "items": { "type": "string" }, "type": "array" }, "auditAllNetworkActivity": { "description": "If true, all network activity will be audited.\n", "type": "boolean" }, "auditAllProcessesActivity": { "description": "If true, all process activity will be audited.\n", "type": "boolean" }, "auditFullCommandArguments": { "description": "If true, full command arguments will be audited.\n", "type": "boolean" }, "auditing": { "$ref": "#/types/aquasec:index%2FgetContainerRuntimePolicyAuditing:getContainerRuntimePolicyAuditing" }, "author": { "description": "Username of the account that created the service.\n", "type": "string" }, "blockAccessHostNetwork": { "description": "If true, prevent containers from running with access to host network.\n", "type": "boolean" }, "blockAddingCapabilities": { "description": "If true, prevent containers from running with adding capabilities with `--cap-add` privilege.\n", "type": "boolean" }, "blockContainerExec": { "description": "If true, exec into a container is prevented.\n", "type": "boolean" }, "blockCryptocurrencyMining": { "description": "Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining\n", "type": "boolean" }, "blockFilelessExec": { "description": "Detect and prevent running in-memory execution\n", "type": "boolean" }, "blockLowPortBinding": { "description": "If true, prevent containers from running with the capability to bind in port lower than 1024.\n", "type": "boolean" }, "blockNonCompliantImages": { "description": "If true, running non-compliant image in the container is prevented.\n", "type": "boolean" }, "blockNonCompliantWorkloads": { "description": "If true, running containers in non-compliant pods is prevented.\n", "type": "boolean" }, "blockNonK8sContainers": { "description": "If true, running non-kubernetes containers is prevented.\n", "type": "boolean" }, "blockPrivilegedContainers": { "description": "If true, prevent containers from running with privileged container capability.\n", "type": "boolean" }, "blockReverseShell": { "description": "If true, reverse shell is prevented.\n", "type": "boolean" }, "blockRootUser": { "description": "If true, prevent containers from running with root user.\n", "type": "boolean" }, "blockUnregisteredImages": { "description": "If true, running images in the container that are not registered in Aqua is prevented.\n", "type": "boolean" }, "blockUseIpcNamespace": { "description": "If true, prevent containers from running with the privilege to use the IPC namespace.\n", "type": "boolean" }, "blockUsePidNamespace": { "description": "If true, prevent containers from running with the privilege to use the PID namespace.\n", "type": "boolean" }, "blockUseUserNamespace": { "description": "If true, prevent containers from running with the privilege to use the user namespace.\n", "type": "boolean" }, "blockUseUtsNamespace": { "description": "If true, prevent containers from running with the privilege to use the UTS namespace.\n", "type": "boolean" }, "blockedCapabilities": { "description": "If true, prevents containers from using specific Unix capabilities.\n", "items": { "type": "string" }, "type": "array" }, "blockedExecutables": { "description": "List of executables that are prevented from running in containers.\n", "items": { "type": "string" }, "type": "array" }, "blockedFiles": { "description": "List of files that are prevented from being read, modified and executed in the containers.\n", "items": { "type": "string" }, "type": "array" }, "blockedInboundPorts": { "description": "List of blocked inbound ports.\n", "items": { "type": "string" }, "type": "array" }, "blockedOutboundPorts": { "description": "List of blocked outbound ports.\n", "items": { "type": "string" }, "type": "array" }, "blockedPackages": { "description": "Prevent containers from reading, writing, or executing all files in the list of packages.\n", "items": { "type": "string" }, "type": "array" }, "blockedVolumes": { "description": "List of volumes that are prevented from being mounted in the containers.\n", "items": { "type": "string" }, "type": "array" }, "containerExec": { "$ref": "#/types/aquasec:index%2FgetContainerRuntimePolicyContainerExec:getContainerRuntimePolicyContainerExec" }, "containerExecAllowedProcesses": { "description": "List of processes that will be allowed.\n", "items": { "type": "string" }, "type": "array" }, "description": { "description": "The description of the container runtime policy\n", "type": "string" }, "enableDriftPrevention": { "description": "If true, executables that are not in the original image is prevented from running.\n", "type": "boolean" }, "enableForkGuard": { "description": "If true, fork bombs are prevented in the containers.\n", "type": "boolean" }, "enableIpReputationSecurity": { "description": "If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.\n", "type": "boolean" }, "enablePortScanDetection": { "description": "If true, detects port scanning behavior in the container.\n", "type": "boolean" }, "enabled": { "description": "Indicates if the runtime policy is enabled or not.\n", "type": "boolean" }, "enforce": { "description": "Indicates that policy should effect container execution (not just for audit).\n", "type": "boolean" }, "enforceAfterDays": { "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n", "type": "integer" }, "exceptionalReadonlyFilesAndDirectories": { "description": "List of files and directories to be excluded from the read-only list.\n", "items": { "type": "string" }, "type": "array" }, "execLockdownWhiteLists": { "description": "Specify processes that will be allowed\n", "items": { "type": "string" }, "type": "array" }, "fileBlock": { "$ref": "#/types/aquasec:index%2FgetContainerRuntimePolicyFileBlock:getContainerRuntimePolicyFileBlock" }, "fileIntegrityMonitorings": { "description": "Configuration for file integrity monitoring.\n", "items": { "$ref": "#/types/aquasec:index%2FgetContainerRuntimePolicyFileIntegrityMonitoring:getContainerRuntimePolicyFileIntegrityMonitoring" }, "type": "array" }, "forkGuardProcessLimit": { "description": "Process limit for the fork guard.\n", "type": "integer" }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "limitContainerPrivileges": { "description": "Container privileges configuration.\n", "items": { "$ref": "#/types/aquasec:index%2FgetContainerRuntimePolicyLimitContainerPrivilege:getContainerRuntimePolicyLimitContainerPrivilege" }, "type": "array" }, "limitNewPrivileges": { "description": "If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode)\n", "type": "boolean" }, "malwareScanOptions": { "description": "Configuration for Real-Time Malware Protection.\n", "items": { "$ref": "#/types/aquasec:index%2FgetContainerRuntimePolicyMalwareScanOption:getContainerRuntimePolicyMalwareScanOption" }, "type": "array" }, "monitorSystemTimeChanges": { "description": "If true, system time changes will be monitored.\n", "type": "boolean" }, "name": { "description": "Name of the container runtime policy\n", "type": "string" }, "portBlock": { "$ref": "#/types/aquasec:index%2FgetContainerRuntimePolicyPortBlock:getContainerRuntimePolicyPortBlock" }, "readonlyFiles": { "$ref": "#/types/aquasec:index%2FgetContainerRuntimePolicyReadonlyFiles:getContainerRuntimePolicyReadonlyFiles" }, "readonlyFilesAndDirectories": { "description": "List of files and directories to be restricted as read-only\n", "items": { "type": "string" }, "type": "array" }, "restrictedVolumes": { "description": "Restricted volumes configuration.\n", "items": { "$ref": "#/types/aquasec:index%2FgetContainerRuntimePolicyRestrictedVolume:getContainerRuntimePolicyRestrictedVolume" }, "type": "array" }, "reverseShellAllowedIps": { "description": "List of IPs/ CIDRs that will be allowed\n", "items": { "type": "string" }, "type": "array" }, "reverseShellAllowedProcesses": { "description": "List of processes that will be allowed\n", "items": { "type": "string" }, "type": "array" }, "scopeExpression": { "description": "Logical expression of how to compute the dependency of the scope variables.\n", "type": "string" }, "scopeVariables": { "description": "List of scope attributes.\n", "items": { "$ref": "#/types/aquasec:index%2FgetContainerRuntimePolicyScopeVariable:getContainerRuntimePolicyScopeVariable" }, "type": "array" } }, "required": [ "applicationScopes", "auditAllNetworkActivity", "auditAllProcessesActivity", "auditFullCommandArguments", "author", "blockAccessHostNetwork", "blockAddingCapabilities", "blockContainerExec", "blockCryptocurrencyMining", "blockFilelessExec", "blockLowPortBinding", "blockNonCompliantImages", "blockNonCompliantWorkloads", "blockNonK8sContainers", "blockPrivilegedContainers", "blockReverseShell", "blockRootUser", "blockUnregisteredImages", "blockUseIpcNamespace", "blockUsePidNamespace", "blockUseUserNamespace", "blockUseUtsNamespace", "blockedCapabilities", "blockedExecutables", "blockedFiles", "blockedInboundPorts", "blockedOutboundPorts", "blockedPackages", "blockedVolumes", "containerExecAllowedProcesses", "description", "enableDriftPrevention", "enableForkGuard", "enableIpReputationSecurity", "enablePortScanDetection", "enabled", "enforce", "enforceAfterDays", "exceptionalReadonlyFilesAndDirectories", "execLockdownWhiteLists", "forkGuardProcessLimit", "id", "limitNewPrivileges", "monitorSystemTimeChanges", "name", "readonlyFilesAndDirectories", "reverseShellAllowedIps", "reverseShellAllowedProcesses", "scopeExpression", "scopeVariables" ], "type": "object" } }, "aquasec:index/getEnforcerGroups:getEnforcerGroups": { "description": "The data source `aquasec.EnforcerGroups` provides an Enforcer group template that generates a configuration file, which is subsequently used to generate one or more Enforcers using a Docker command.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumi/aquasec\";\n\nconst groups = aquasec.getEnforcerGroups({\n groupId: \"IacGroup\",\n});\nexport const groupDetails = groups;\n```\n```python\nimport pulumi\nimport pulumi_aquasec as aquasec\n\ngroups = aquasec.get_enforcer_groups(group_id=\"IacGroup\")\npulumi.export(\"groupDetails\", groups)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumi.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var groups = Aquasec.GetEnforcerGroups.Invoke(new()\n {\n GroupId = \"IacGroup\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"groupDetails\"] = groups,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgroups, err := aquasec.LookupEnforcerGroups(ctx, \u0026aquasec.LookupEnforcerGroupsArgs{\n\t\t\tGroupId: \"IacGroup\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"groupDetails\", groups)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.AquasecFunctions;\nimport com.pulumi.aquasec.inputs.GetEnforcerGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var groups = AquasecFunctions.getEnforcerGroups(GetEnforcerGroupsArgs.builder()\n .groupId(\"IacGroup\")\n .build());\n\n ctx.export(\"groupDetails\", groups.applyValue(getEnforcerGroupsResult -\u003e getEnforcerGroupsResult));\n }\n}\n```\n```yaml\nvariables:\n groups:\n fn::invoke:\n Function: aquasec:getEnforcerGroups\n Arguments:\n groupId: IacGroup\noutputs:\n groupDetails: ${groups}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getEnforcerGroups.\n", "properties": { "forensics": { "type": "boolean", "description": "Select Enabled to send activity logs in your containers to the Aqua Server for forensics purposes.\n" }, "groupId": { "type": "string", "description": "The ID of the Enforcer group.\n" }, "hostForensics": { "type": "boolean", "description": "Select Enabled to send activity logs in your host to the Aqua Server for forensics purposes.\n" } }, "type": "object", "required": [ "groupId" ] }, "outputs": { "description": "A collection of values returned by getEnforcerGroups.\n", "properties": { "admissionControl": { "description": "Selecting this option will allow the KubeEnforcer to block the deployment of container images that have failed any of these Container Runtime Policy controls:\\\n\t\t\t* Block Non-Compliant Images\\\n\t\t\t* Block Non-Compliant Workloads\\\n\t\t\t* Block Unregistered Images\\\n\t\t\tThis functionality can work only when the KubeEnforcer is deployed in Enforce mode.\n", "type": "boolean" }, "allowKubeEnforcerAudit": { "description": "Allow kube enforcer audit.\n", "type": "boolean" }, "allowedApplications": { "description": "List of application names to allow on the hosts. if provided, only containers of the listed applications will be allowed to run.\n", "items": { "type": "string" }, "type": "array" }, "allowedLabels": { "description": "List of label names to allow on the hosts.\n", "items": { "type": "string" }, "type": "array" }, "allowedRegistries": { "description": "List of registry names to allow on the hosts.\n", "items": { "type": "string" }, "type": "array" }, "antivirusProtection": { "description": "This setting is available only when you have license for `Advanced Malware Protection`. Send true to make use of the license and enable the `Real-time Malware Protection` control in the Host Runtime policies.\n", "type": "boolean" }, "aquaVersion": { "description": "Aqua server version\n", "type": "string" }, "auditAll": { "description": "Agent will send extra audit messages to the server for success operations from inside the container (runtime).\n", "type": "boolean" }, "autoCopySecrets": { "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected. Select this option if you want Aqua Enterprise to copy the secrets defined above to the Pod Enforcer namespace and container. Otherwise, you can choose to copy these secrets by other means.\n", "type": "boolean" }, "autoDiscoverConfigureRegistries": { "description": "This option is available only if `Enable workload discovery` is selected. If selected, the KubeEnforcer will add previously unknown image registries from the cluster to Aqua.\n", "type": "boolean" }, "autoDiscoveryEnabled": { "description": "When this option is selected, the KubeEnforcer will discover workloads on its cluster.\n", "type": "boolean" }, "autoScanDiscoveredImagesRunningContainers": { "description": "This option is available only if `Enable workload discovery` is selected. If selected, the KubeEnforcer will automatically register images running as workloads (and scan the discovered images for security issues).\n", "type": "boolean" }, "behavioralEngine": { "description": "If `Enabled`, detects suspicious activity in your containers and displays potential security threats in the Incidents and Audits pages.\n", "type": "boolean" }, "blockAdmissionControl": { "description": "This applies only if both `Enable admission control` and Enforce mode are set. This additional option must be selected for admission control to work if the KubeEnforcer is not connected to any Gateway. If this option is not selected, admission control will be disabled; this will have no effect on containers already running.\n", "type": "boolean" }, "commands": { "description": "The installation command.\n", "items": { "$ref": "#/types/aquasec:index%2FgetEnforcerGroupsCommand:getEnforcerGroupsCommand" }, "type": "array" }, "connectedCount": { "description": "Number of connected enforcers in the enforcer group.\n", "type": "integer" }, "containerActivityProtection": { "description": "When set to `True` applies Container Runtime Policies, Image Profiles, and Firewall Policies to containers.\n", "type": "boolean" }, "containerAntivirusProtection": { "description": "This setting is available only when you have license for `Advanced Malware Protection`. Send true to make use of the license and enable the `Real-time Malware Protection` control in the Container Runtime policies.\n", "type": "boolean" }, "description": { "description": "A description for the Aqua Enforcer group.\n", "type": "string" }, "disconnectedCount": { "description": "Number of disconnected enforcers in the enforcer group.\n", "type": "integer" }, "enforce": { "description": "Whether the enforce mode is enabled on the Enforcers.\n", "type": "boolean" }, "enforcerImageName": { "description": "The specific Aqua Enforcer product image (with image tag) to be deployed.\n", "type": "string" }, "forensics": { "description": "Select Enabled to send activity logs in your containers to the Aqua Server for forensics purposes.\n", "type": "boolean" }, "gatewayAddress": { "description": "Gateway Address\n", "type": "string" }, "gatewayName": { "description": "Gateway Name\n", "type": "string" }, "gateways": { "description": "List of Aqua gateway IDs for the Enforcers.\n", "items": { "type": "string" }, "type": "array" }, "groupId": { "description": "The ID of the Enforcer group.\n", "type": "string" }, "highVulns": { "description": "Number of high vulnerabilities in the enforcers that in this enforcer group.\n", "type": "integer" }, "hostAssurance": { "description": "When set to `True` enables host scanning and respective Host Assurance controls.\n", "type": "boolean" }, "hostBehavioralEngine": { "description": "When set to `True` enables these Host Runtime Policy controls: `OS Users and Groups Allowed` and `OS Users and Groups Blocked`\n", "type": "boolean" }, "hostForensics": { "description": "Select Enabled to send activity logs in your host to the Aqua Server for forensics purposes.\n", "type": "boolean" }, "hostNetworkProtection": { "description": "When set to `True` applies Firewall Policies to hosts, and allows recording network maps for Aqua services. The Network Firewall setting must be disabled when deploying the Aqua Enforcer on a machine running Rocky Linux. See https://docs.aquasec.com/docs/platform-support-limitations-rocky-linux for further information\n", "type": "boolean" }, "hostOs": { "description": "The OS type for the host\n", "type": "string" }, "hostProtection": { "description": "When set to `True` enables all Host Runtime Policy controls except for `OS Users and Groups Allowed` and `OS Users and Groups Blocked`.\n", "type": "boolean" }, "hostUserProtection": { "description": "When set to `True` enables these Host Runtime Policy controls: `OS Users and Groups Allowed` and `OS Users and Groups Blocked`\n", "type": "boolean" }, "hostsCount": { "description": "Number of enforcers in the enforcer group.\n", "type": "integer" }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "imageAssurance": { "description": "When Set to `True` enables selected controls: Container Runtime Policy (`Block Non-Compliant Images`, `Block Unregistered Images`, and `Registries Allowed`) and Default Image Assurance Policy (`Images Blocked`).\n", "type": "boolean" }, "installCommand": { "description": "Enforcer install command\n", "type": "string" }, "kubeBenchImageName": { "description": "See https://docs.aquasec.com/docs/securing-kubernetes-applications#section-configuration-hardening, The KubeEnforcer can deploy the Aqua Security kube-bench open-source product to perform Kubernetes CIS benchmark testing of nodes.\n\t\t\tThis field specifies the path and file name of the kube-bench product image for the KubeEnforcer to deploy; it will be filled in automatically. You can optionally enter a different value.\n", "type": "string" }, "lastUpdate": { "description": "The last date and time the batch token was updated in UNIX time.\n", "type": "integer" }, "logicalName": { "description": "Name for the batch install record.\n", "type": "string" }, "lowVulns": { "description": "Number of low vulnerabilities in the enforcers that in this enforcer group.\n", "type": "integer" }, "medVulns": { "description": "Number of medium vulnerabilities in the enforcers that in this enforcer group.\n", "type": "integer" }, "microEnforcerCertsSecretsName": { "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected.\n", "type": "string" }, "microEnforcerImageName": { "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected. This field specifies the path and file name of the KubeEnforcer product image to be deployed; it will be filled in automatically. You can optionally enter a different value.\n", "type": "string" }, "microEnforcerInjection": { "description": "This applies only if both `Enable admission control` and Enforce mode are set. This additional option must be selected for admission control to work if the KubeEnforcer is not connected to any Gateway. If this option is not selected, admission control will be disabled; this will have no effect on containers already running.\n", "type": "boolean" }, "microEnforcerSecretsName": { "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected.\n", "type": "string" }, "negVulns": { "description": "Number of negligible vulnerabilities in the enforcers that in this enforcer group.\n", "type": "integer" }, "networkProtection": { "description": "When set to `True` applies Firewall Policies to containers, and allows recording network maps for Aqua services. The Network Firewall setting must be disabled when deploying the Aqua Enforcer on a machine running Rocky Linux. See https://docs.aquasec.com/docs/platform-support-limitations-rocky-linux for further information.\n", "type": "boolean" }, "orchestrators": { "description": "The orchestrator for which you are creating the Enforcer group.\n", "items": { "$ref": "#/types/aquasec:index%2FgetEnforcerGroupsOrchestrator:getEnforcerGroupsOrchestrator" }, "type": "array" }, "pasDeploymentLink": { "description": "pas deployment link\n", "type": "string" }, "permission": { "description": "Permission Action\n", "type": "string" }, "riskExplorerAutoDiscovery": { "description": "When set to `True` allows Enforcers to be discovered in the Risk Explorer.\n", "type": "boolean" }, "runtimePolicyName": { "description": "Function Runtime Policy that will applay on the nano enforcer.\n", "type": "string" }, "runtimeType": { "description": "The container runtime environment.\n", "type": "string" }, "syncHostImages": { "description": "When set to `True` configures Enforcers to discover local host images. Discovered images will be listed under Images \u003e Host Images, as well as under Infrastructure (in the Images tab for applicable hosts).\n", "type": "boolean" }, "syscallEnabled": { "description": "When set to `True` allows profiling and monitoring system calls made by running containers.\n", "type": "boolean" }, "token": { "description": "The batch install token.\n", "type": "string" }, "type": { "description": "Enforcer Type.\n", "type": "string" }, "userAccessControl": { "description": "When set to `True` applies User Access Control Policies to containers. Note that Aqua Enforcers must be deployed with the AQUA*RUNC*INTERCEPTION environment variable set to 0 in order to use User Access Control Policies.\n", "type": "boolean" } }, "required": [ "admissionControl", "allowKubeEnforcerAudit", "allowedApplications", "allowedLabels", "allowedRegistries", "antivirusProtection", "aquaVersion", "auditAll", "autoCopySecrets", "autoDiscoverConfigureRegistries", "autoDiscoveryEnabled", "autoScanDiscoveredImagesRunningContainers", "behavioralEngine", "blockAdmissionControl", "commands", "connectedCount", "containerActivityProtection", "containerAntivirusProtection", "description", "disconnectedCount", "enforce", "enforcerImageName", "gatewayAddress", "gatewayName", "gateways", "groupId", "highVulns", "hostAssurance", "hostBehavioralEngine", "hostNetworkProtection", "hostOs", "hostProtection", "hostUserProtection", "hostsCount", "id", "imageAssurance", "installCommand", "kubeBenchImageName", "lastUpdate", "logicalName", "lowVulns", "medVulns", "microEnforcerCertsSecretsName", "microEnforcerImageName", "microEnforcerInjection", "microEnforcerSecretsName", "negVulns", "networkProtection", "orchestrators", "pasDeploymentLink", "permission", "riskExplorerAutoDiscovery", "runtimePolicyName", "runtimeType", "syncHostImages", "syscallEnabled", "token", "type", "userAccessControl" ], "type": "object" } }, "aquasec:index/getFirewallPolicy:getFirewallPolicy": { "inputs": { "description": "A collection of arguments for invoking getFirewallPolicy.\n", "properties": { "name": { "type": "string", "description": "Name of the policy, no longer than 128 characters and no slash characters.\n" }, "outboundNetworks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetFirewallPolicyOutboundNetwork:getFirewallPolicyOutboundNetwork" }, "description": "Information on network addresses that are allowed to receive data or requests.\n" } }, "type": "object", "required": [ "name" ] }, "outputs": { "description": "A collection of values returned by getFirewallPolicy.\n", "properties": { "author": { "description": "Username of the account that created the policy.\n", "type": "string" }, "blockIcmpPing": { "description": "Indicates whether policy includes blocking incoming 'ping' requests.\n", "type": "boolean" }, "blockMetadataService": { "description": "Indicates whether policy includes blocking metadata services of the cloud.\n", "type": "boolean" }, "description": { "description": "Description of the Firewall Policy.\n", "type": "string" }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "inboundNetworks": { "description": "Information on network addresses that are allowed to pass in data or requests.\n", "items": { "$ref": "#/types/aquasec:index%2FgetFirewallPolicyInboundNetwork:getFirewallPolicyInboundNetwork" }, "type": "array" }, "lastupdate": { "description": "Timestamp of the last update in Unix time format.\n", "type": "integer" }, "name": { "description": "Name of the policy, no longer than 128 characters and no slash characters.\n", "type": "string" }, "outboundNetworks": { "description": "Information on network addresses that are allowed to receive data or requests.\n", "items": { "$ref": "#/types/aquasec:index%2FgetFirewallPolicyOutboundNetwork:getFirewallPolicyOutboundNetwork" }, "type": "array" }, "type": { "description": "Indicates the class of protection defined by the firewall.\n", "type": "string" }, "version": { "description": "Aqua version functionality supported\n", "type": "string" } }, "required": [ "author", "blockIcmpPing", "blockMetadataService", "description", "id", "inboundNetworks", "lastupdate", "name", "type", "version" ], "type": "object" } }, "aquasec:index/getFunctionAssurancePolicy:getFunctionAssurancePolicy": { "inputs": { "description": "A collection of arguments for invoking getFunctionAssurancePolicy.\n", "properties": { "name": { "type": "string" } }, "type": "object", "required": [ "name" ] }, "outputs": { "description": "A collection of values returned by getFunctionAssurancePolicy.\n", "properties": { "allowedImages": { "description": "List of explicitly allowed images.\n", "items": { "type": "string" }, "type": "array" }, "applicationScopes": { "items": { "type": "string" }, "type": "array" }, "auditOnFailure": { "description": "Indicates if auditing for failures.\n", "type": "boolean" }, "author": { "description": "Name of user account that created the policy.\n", "type": "string" }, "autoScanConfigured": { "type": "boolean" }, "autoScanEnabled": { "type": "boolean" }, "autoScanTimes": { "items": { "$ref": "#/types/aquasec:index%2FgetFunctionAssurancePolicyAutoScanTime:getFunctionAssurancePolicyAutoScanTime" }, "type": "array" }, "blacklistPermissions": { "description": "List of function's forbidden permissions.\n", "items": { "type": "string" }, "type": "array" }, "blacklistPermissionsEnabled": { "description": "Indicates if blacklist permissions is relevant.\n", "type": "boolean" }, "blacklistedLicenses": { "description": "List of blacklisted licenses.\n", "items": { "type": "string" }, "type": "array" }, "blacklistedLicensesEnabled": { "description": "Indicates if license blacklist is relevant.\n", "type": "boolean" }, "blockFailed": { "description": "Indicates if failed images are blocked.\n", "type": "boolean" }, "controlExcludeNoFix": { "type": "boolean" }, "customChecks": { "description": "List of Custom user scripts for checks.\n", "items": { "$ref": "#/types/aquasec:index%2FgetFunctionAssurancePolicyCustomCheck:getFunctionAssurancePolicyCustomCheck" }, "type": "array" }, "customChecksEnabled": { "description": "Indicates if scanning should include custom checks.\n", "type": "boolean" }, "customSeverityEnabled": { "type": "boolean" }, "cvesBlackListEnabled": { "description": "Indicates if CVEs blacklist is relevant.\n", "type": "boolean" }, "cvesBlackLists": { "description": "List of CVEs blacklisted items.\n", "items": { "type": "string" }, "type": "array" }, "cvesWhiteListEnabled": { "description": "Indicates if CVEs whitelist is relevant.\n", "type": "boolean" }, "cvesWhiteLists": { "description": "List of cves whitelisted licenses\n", "items": { "type": "string" }, "type": "array" }, "cvssSeverity": { "description": "Identifier of the cvss severity.\n", "type": "string" }, "cvssSeverityEnabled": { "description": "Indicates if the cvss severity is scanned.\n", "type": "boolean" }, "cvssSeverityExcludeNoFix": { "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n", "type": "boolean" }, "description": { "type": "string" }, "disallowMalware": { "description": "Indicates if malware should block the image.\n", "type": "boolean" }, "dockerCisEnabled": { "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n", "type": "boolean" }, "domain": { "description": "Name of the container image.\n", "type": "string" }, "domainName": { "type": "string" }, "dtaEnabled": { "type": "boolean" }, "dtaSeverity": { "type": "string" }, "enabled": { "type": "boolean" }, "enforce": { "type": "boolean" }, "enforceAfterDays": { "type": "integer" }, "enforceExcessivePermissions": { "type": "boolean" }, "exceptionalMonitoredMalwarePaths": { "items": { "type": "string" }, "type": "array" }, "failCicd": { "description": "Indicates if cicd failures will fail the image.\n", "type": "boolean" }, "forbiddenLabels": { "items": { "$ref": "#/types/aquasec:index%2FgetFunctionAssurancePolicyForbiddenLabel:getFunctionAssurancePolicyForbiddenLabel" }, "type": "array" }, "forbiddenLabelsEnabled": { "type": "boolean" }, "forceMicroenforcer": { "type": "boolean" }, "functionIntegrityEnabled": { "type": "boolean" }, "id": { "description": "The ID of this resource.\n", "type": "string" }, "ignoreRecentlyPublishedVln": { "type": "boolean" }, "ignoreRecentlyPublishedVlnPeriod": { "type": "integer" }, "ignoreRiskResourcesEnabled": { "description": "Indicates if risk resources are ignored.\n", "type": "boolean" }, "ignoredRiskResources": { "description": "List of ignored risk resources.\n", "items": { "type": "string" }, "type": "array" }, "images": { "description": "List of images.\n", "items": { "type": "string" }, "type": "array" }, "kubeCisEnabled": { "description": "Performs a Kubernetes CIS benchmark check for the host.\n", "type": "boolean" }, "labels": { "description": "List of labels.\n", "items": { "type": "string" }, "type": "array" }, "malwareAction": { "type": "string" }, "maximumScore": { "description": "Value of allowed maximum score.\n", "type": "number" }, "maximumScoreEnabled": { "description": "Indicates if exceeding the maximum score is scanned.\n", "type": "boolean" }, "maximumScoreExcludeNoFix": { "description": "Indicates that policy should ignore cases that do not have a known fix.\n", "type": "boolean" }, "monitoredMalwarePaths": { "items": { "type": "string" }, "type": "array" }, "name": { "type": "string" }, "onlyNoneRootUsers": { "description": "Indicates if raise a warning for images that should only be run as root.\n", "type": "boolean" }, "packagesBlackListEnabled": { "description": "Indicates if packages blacklist is relevant.\n", "type": "boolean" }, "packagesBlackLists": { "description": "List of blacklisted images.\n", "items": { "$ref": "#/types/aquasec:index%2FgetFunctionAssurancePolicyPackagesBlackList:getFunctionAssurancePolicyPackagesBlackList" }, "type": "array" }, "packagesWhiteListEnabled": { "description": "Indicates if packages whitelist is relevant.\n", "type": "boolean" }, "packagesWhiteLists": { "description": "List of whitelisted images.\n", "items": { "$ref": "#/types/aquasec:index%2FgetFunctionAssurancePolicyPackagesWhiteList:getFunctionAssurancePolicyPackagesWhiteList" }, "type": "array" }, "partialResultsImageFail": { "type": "boolean" }, "readOnly": { "type": "boolean" }, "registries": { "description": "List of registries.\n", "items": { "type": "string" }, "type": "array" }, "registry": { "type": "string" }, "requiredLabels": { "items": { "$ref": "#/types/aquasec:index%2FgetFunctionAssurancePolicyRequiredLabel:getFunctionAssurancePolicyRequiredLabel" }, "type": "array" }, "requiredLabelsEnabled": { "type": "boolean" }, "scanNfsMounts": { "type": "boolean" }, "scanSensitiveData": { "description": "Indicates if scan should include sensitive data in the image.\n", "type": "boolean" }, "scapEnabled": { "description": "Indicates if scanning should include scap.\n", "type": "boolean" }, "scapFiles": { "description": "List of SCAP user scripts for checks.\n", "items": { "type": "string" }, "type": "array" }, "scopes": { "items": { "$ref": "#/types/aquasec:index%2FgetFunctionAssurancePolicyScope:getFunctionAssurancePolicyScope" }, "type": "array" }, "trustedBaseImages": { "description": "List of trusted images.\n", "items": { "$ref": "#/types/aquasec:index%2FgetFunctionAssurancePolicyTrustedBaseImage:getFunctionAssurancePolicyTrustedBaseImage" }, "type": "array" }, "trustedBaseImagesEnabled": { "description": "Indicates if list of trusted base images is relevant.\n", "type": "boolean" }, "whitelistedLicenses": { "description": "List of whitelisted licenses.\n", "items": { "type": "string" }, "type": "array" }, "whitelistedLicensesEnabled": { "description": "Indicates if license blacklist is relevant.\n", "type": "boolean" } }, "required": [ "allowedImages", "applicationScopes", "auditOnFailure", "author", "autoScanConfigured", "autoScanEnabled", "autoScanTimes", "blacklistPermissions", "blacklistPermissionsEnabled", "blacklistedLicenses", "blacklistedLicensesEnabled", "blockFailed", "controlExcludeNoFix", "customChecks", "customChecksEnabled", "customSeverityEnabled", "cvesBlackListEnabled", "cvesBlackLists", "cvesWhiteListEnabled", "cvesWhiteLists", "cvssSeverity", "cvssSeverityEnabled", "cvssSeverityExcludeNoFix", "description", "disallowMalware", "dockerCisEnabled", "domain", "domainName", "dtaEnabled", "dtaSeverity", "enabled", "enforce", "enforceAfterDays", "enforceExcessivePermissions", "exceptionalMonitoredMalwarePaths", "failCicd", "forbiddenLabels", "forbiddenLabelsEnabled", "forceMicroenforcer", "functionIntegrityEnabled", "id", "ignoreRecentlyPublishedVln", "ignoreRecentlyPublishedVlnPeriod", "ignoreRiskResourcesEnabled", "ignoredRiskResources", "images", "kubeCisEnabled", "labels", "malwareAction", "maximumScore", "maximumScoreEnabled", "maximumScoreExcludeNoFix", "monitoredMalwarePaths", "name", "onlyNoneRootUsers", "packagesBlackListEnabled", "packagesBlackLists", "packagesWhiteListEnabled", "packagesWhiteLists", "partialResultsImageFail", "readOnly", "registries", "registry", "requiredLabels", "requiredLabelsEnabled", "scanNfsMounts", "scanSensitiveData", "scapEnabled", "scapFiles", "scopes", "trustedBaseImages", "trustedBaseImagesEnabled", "whitelistedLicenses", "whitelistedLicensesEnabled" ], "type": "object" } }, "aquasec:index/getFunctionRuntimePolicy:getFunctionRuntimePolicy": { "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumi/aquasec\";\n\nconst functionRuntimePolicy = aquasec.getFunctionRuntimePolicy({\n name: \"FunctionRuntimePolicyName\",\n});\nexport const functionRuntimePolicyDetails = functionRuntimePolicy;\n```\n```python\nimport pulumi\nimport pulumi_aquasec as aquasec\n\nfunction_runtime_policy = aquasec.get_function_runtime_policy(name=\"FunctionRuntimePolicyName\")\npulumi.export(\"functionRuntimePolicyDetails\", function_runtime_policy)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumi.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var functionRuntimePolicy = Aquasec.GetFunctionRuntimePolicy.Invoke(new()\n {\n Name = \"FunctionRuntimePolicyName\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"functionRuntimePolicyDetails\"] = functionRuntimePolicy,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfunctionRuntimePolicy, err := aquasec.LookupFunctionRuntimePolicy(ctx, \u0026aquasec.LookupFunctionRuntimePolicyArgs{\n\t\t\tName: \"FunctionRuntimePolicyName\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"functionRuntimePolicyDetails\", functionRuntimePolicy)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.AquasecFunctions;\nimport com.pulumi.aquasec.inputs.GetFunctionRuntimePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var functionRuntimePolicy = AquasecFunctions.getFunctionRuntimePolicy(GetFunctionRuntimePolicyArgs.builder()\n .name(\"FunctionRuntimePolicyName\")\n .build());\n\n ctx.export(\"functionRuntimePolicyDetails\", functionRuntimePolicy.applyValue(getFunctionRuntimePolicyResult -\u003e getFunctionRuntimePolicyResult));\n }\n}\n```\n```yaml\nvariables:\n functionRuntimePolicy:\n fn::invoke:\n Function: aquasec:getFunctionRuntimePolicy\n Arguments:\n name: FunctionRuntimePolicyName\noutputs:\n functionRuntimePolicyDetails: ${functionRuntimePolicy}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getFunctionRuntimePolicy.\n", "properties": { "driftPreventions": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetFunctionRuntimePolicyDriftPrevention:getFunctionRuntimePolicyDriftPrevention" }, "description": "Drift prevention configuration.\n" }, "executableBlacklists": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetFunctionRuntimePolicyExecutableBlacklist:getFunctionRuntimePolicyExecutableBlacklist" }, "description": "Executable blacklist configuration.\n" }, "name": { "type": "string", "description": "Name of the function runtime policy\n" } }, "type": "object", "required": [ "name" ] }, "outputs": { "description": "A collection of values returned by getFunctionRuntimePolicy.\n", "properties": { "applicationScopes": { "description": "Indicates the application scope of the service.\n", "items": { "type": "string" }, "type": "array" }, "author": { "description": "Username of the account that created the service.\n", "type": "string" }, "blockMaliciousExecutables": { "description": "If true, prevent creation of malicious executables in functions during their runtime post invocation.\n", "type": "boolean" }, "blockMaliciousExecutablesAllowedProcesses": { "description": "List of processes that will be allowed\n", "items": { "type": "string" }, "type": "array" }, "blockRunningExecutablesInTmpFolder": { "description": "If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.\n", "type": "boolean" }, "blockedExecutables": { "description": "List of executables that are prevented from running in containers.\n", "items": { "type": "string" }, "type": "array" }, "description": { "description": "The description of the function runtime policy\n", "type": "string" }, "driftPreventions": { "description": "Drift prevention configuration.\n", "items": { "$ref": "#/types/aquasec:index%2FgetFunctionRuntimePolicyDriftPrevention:getFunctionRuntimePolicyDriftPrevention" }, "type": "array" }, "enabled": { "description": "Indicates if the runtime policy is enabled or not.\n", "type": "boolean" }, "enforce": { "description": "Indicates that policy should effect container execution (not just for audit).\n", "type": "boolean" }, "executableBlacklists": { "description": "Executable blacklist configuration.\n", "items": { "$ref": "#/types/aquasec:index%2FgetFunctionRuntimePolicyExecutableBlacklist:getFunctionRuntimePolicyExecutableBlacklist" }, "type": "array" }, "honeypotAccessKey": { "description": "Honeypot User ID (Access Key)\n", "type": "string" }, "honeypotApplyOns": { "description": "List of options to apply the honeypot on (Environment Vairable, Layer, File)\n", "items": { "type": "string" }, "type": "array" }, "honeypotSecretKey": { "description": "Honeypot User Password (Secret Key)\n", "secret": true, "type": "string" }, "honeypotServerlessAppName": { "description": "Serverless application name\n", "type": "string" }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "name": { "description": "Name of the function runtime policy\n", "type": "string" }, "scopeExpression": { "description": "Logical expression of how to compute the dependency of the scope variables.\n", "type": "string" }, "scopeVariables": { "description": "List of scope attributes.\n", "items": { "$ref": "#/types/aquasec:index%2FgetFunctionRuntimePolicyScopeVariable:getFunctionRuntimePolicyScopeVariable" }, "type": "array" } }, "required": [ "applicationScopes", "author", "blockMaliciousExecutables", "blockMaliciousExecutablesAllowedProcesses", "blockRunningExecutablesInTmpFolder", "blockedExecutables", "description", "enabled", "enforce", "honeypotAccessKey", "honeypotApplyOns", "honeypotSecretKey", "honeypotServerlessAppName", "id", "name", "scopeExpression", "scopeVariables" ], "type": "object" } }, "aquasec:index/getGateways:getGateways": { "description": "The data source `aquasec.getGateways` provides a method to query all gateways within the Aqua\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumi/aquasec\";\n\nconst testgateway = aquasec.getGateways({});\nexport const gatewayData = testgateway;\nexport const gatewayName = testgateway.then(testgateway =\u003e testgateway.gateways?.[0]?.id);\nexport const gatewayStatus = testgateway.then(testgateway =\u003e testgateway.gateways?.[0]?.status);\nexport const gatewayDescription = testgateway.then(testgateway =\u003e testgateway.gateways?.[0]?.description);\nexport const gatewayVersion = testgateway.then(testgateway =\u003e testgateway.gateways?.[0]?.version);\nexport const gatewayHostname = testgateway.then(testgateway =\u003e testgateway.gateways?.[0]?.hostname);\nexport const gatewayGrpcAddress = testgateway.then(testgateway =\u003e testgateway.gateways?.[0]?.grpcAddress);\n```\n```python\nimport pulumi\nimport pulumi_aquasec as aquasec\n\ntestgateway = aquasec.get_gateways()\npulumi.export(\"gatewayData\", testgateway)\npulumi.export(\"gatewayName\", testgateway.gateways[0].id)\npulumi.export(\"gatewayStatus\", testgateway.gateways[0].status)\npulumi.export(\"gatewayDescription\", testgateway.gateways[0].description)\npulumi.export(\"gatewayVersion\", testgateway.gateways[0].version)\npulumi.export(\"gatewayHostname\", testgateway.gateways[0].hostname)\npulumi.export(\"gatewayGrpcAddress\", testgateway.gateways[0].grpc_address)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumi.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testgateway = Aquasec.GetGateways.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"gatewayData\"] = testgateway,\n [\"gatewayName\"] = testgateway.Apply(getGatewaysResult =\u003e getGatewaysResult.Gateways[0]?.Id),\n [\"gatewayStatus\"] = testgateway.Apply(getGatewaysResult =\u003e getGatewaysResult.Gateways[0]?.Status),\n [\"gatewayDescription\"] = testgateway.Apply(getGatewaysResult =\u003e getGatewaysResult.Gateways[0]?.Description),\n [\"gatewayVersion\"] = testgateway.Apply(getGatewaysResult =\u003e getGatewaysResult.Gateways[0]?.Version),\n [\"gatewayHostname\"] = testgateway.Apply(getGatewaysResult =\u003e getGatewaysResult.Gateways[0]?.Hostname),\n [\"gatewayGrpcAddress\"] = testgateway.Apply(getGatewaysResult =\u003e getGatewaysResult.Gateways[0]?.GrpcAddress),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestgateway, err := aquasec.GetGateways(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"gatewayData\", testgateway)\n\t\tctx.Export(\"gatewayName\", testgateway.Gateways[0].Id)\n\t\tctx.Export(\"gatewayStatus\", testgateway.Gateways[0].Status)\n\t\tctx.Export(\"gatewayDescription\", testgateway.Gateways[0].Description)\n\t\tctx.Export(\"gatewayVersion\", testgateway.Gateways[0].Version)\n\t\tctx.Export(\"gatewayHostname\", testgateway.Gateways[0].Hostname)\n\t\tctx.Export(\"gatewayGrpcAddress\", testgateway.Gateways[0].GrpcAddress)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.AquasecFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testgateway = AquasecFunctions.getGateways();\n\n ctx.export(\"gatewayData\", testgateway.applyValue(getGatewaysResult -\u003e getGatewaysResult));\n ctx.export(\"gatewayName\", testgateway.applyValue(getGatewaysResult -\u003e getGatewaysResult.gateways()[0].id()));\n ctx.export(\"gatewayStatus\", testgateway.applyValue(getGatewaysResult -\u003e getGatewaysResult.gateways()[0].status()));\n ctx.export(\"gatewayDescription\", testgateway.applyValue(getGatewaysResult -\u003e getGatewaysResult.gateways()[0].description()));\n ctx.export(\"gatewayVersion\", testgateway.applyValue(getGatewaysResult -\u003e getGatewaysResult.gateways()[0].version()));\n ctx.export(\"gatewayHostname\", testgateway.applyValue(getGatewaysResult -\u003e getGatewaysResult.gateways()[0].hostname()));\n ctx.export(\"gatewayGrpcAddress\", testgateway.applyValue(getGatewaysResult -\u003e getGatewaysResult.gateways()[0].grpcAddress()));\n }\n}\n```\n```yaml\nvariables:\n testgateway:\n fn::invoke:\n Function: aquasec:getGateways\n Arguments: {}\noutputs:\n gatewayData: ${testgateway}\n gatewayName: ${testgateway.gateways[0].id}\n gatewayStatus: ${testgateway.gateways[0].status}\n gatewayDescription: ${testgateway.gateways[0].description}\n gatewayVersion: ${testgateway.gateways[0].version}\n gatewayHostname: ${testgateway.gateways[0].hostname}\n gatewayGrpcAddress: ${testgateway.gateways[0].grpcAddress}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "outputs": { "description": "A collection of values returned by getGateways.\n", "properties": { "gateways": { "description": "A list of existing gateways' parameters.\n", "items": { "$ref": "#/types/aquasec:index%2FgetGatewaysGateway:getGatewaysGateway" }, "type": "array" }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" } }, "required": [ "gateways", "id" ], "type": "object" } }, "aquasec:index/getGroups:getGroups": { "description": "The data source `aquasec.getGroups` provides a method to query all groups within the Aqua CSPMgroup database. The fields returned from this query are detailed in the Schema section below.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumi/aquasec\";\n\nconst groups = aquasec.getGroups({});\nexport const firstGroupName = groups.then(groups =\u003e groups.groups?.[0]?.name);\n```\n```python\nimport pulumi\nimport pulumi_aquasec as aquasec\n\ngroups = aquasec.get_groups()\npulumi.export(\"firstGroupName\", groups.groups[0].name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumi.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var groups = Aquasec.GetGroups.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"firstGroupName\"] = groups.Apply(getGroupsResult =\u003e getGroupsResult.Groups[0]?.Name),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgroups, err := aquasec.GetGroups(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"firstGroupName\", groups.Groups[0].Name)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.AquasecFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var groups = AquasecFunctions.getGroups();\n\n ctx.export(\"firstGroupName\", groups.applyValue(getGroupsResult -\u003e getGroupsResult.groups()[0].name()));\n }\n}\n```\n```yaml\nvariables:\n groups:\n fn::invoke:\n Function: aquasec:getGroups\n Arguments: {}\noutputs:\n firstGroupName: ${groups.groups[0].name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "outputs": { "description": "A collection of values returned by getGroups.\n", "properties": { "groups": { "items": { "$ref": "#/types/aquasec:index%2FgetGroupsGroup:getGroupsGroup" }, "type": "array" }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" } }, "required": [ "groups", "id" ], "type": "object" } }, "aquasec:index/getHostAssurancePolicy:getHostAssurancePolicy": { "inputs": { "description": "A collection of arguments for invoking getHostAssurancePolicy.\n", "properties": { "name": { "type": "string" } }, "type": "object", "required": [ "name" ] }, "outputs": { "description": "A collection of values returned by getHostAssurancePolicy.\n", "properties": { "allowedImages": { "description": "List of explicitly allowed images.\n", "items": { "type": "string" }, "type": "array" }, "applicationScopes": { "items": { "type": "string" }, "type": "array" }, "auditOnFailure": { "description": "Indicates if auditing for failures.\n", "type": "boolean" }, "author": { "description": "Name of user account that created the policy.\n", "type": "string" }, "autoScanConfigured": { "type": "boolean" }, "autoScanEnabled": { "type": "boolean" }, "autoScanTimes": { "items": { "$ref": "#/types/aquasec:index%2FgetHostAssurancePolicyAutoScanTime:getHostAssurancePolicyAutoScanTime" }, "type": "array" }, "blacklistPermissions": { "description": "List of function's forbidden permissions.\n", "items": { "type": "string" }, "type": "array" }, "blacklistPermissionsEnabled": { "description": "Indicates if blacklist permissions is relevant.\n", "type": "boolean" }, "blacklistedLicenses": { "description": "List of blacklisted licenses.\n", "items": { "type": "string" }, "type": "array" }, "blacklistedLicensesEnabled": { "description": "Indicates if license blacklist is relevant.\n", "type": "boolean" }, "blockFailed": { "description": "Indicates if failed images are blocked.\n", "type": "boolean" }, "controlExcludeNoFix": { "type": "boolean" }, "customChecks": { "description": "List of Custom user scripts for checks.\n", "items": { "$ref": "#/types/aquasec:index%2FgetHostAssurancePolicyCustomCheck:getHostAssurancePolicyCustomCheck" }, "type": "array" }, "customChecksEnabled": { "description": "Indicates if scanning should include custom checks.\n", "type": "boolean" }, "customSeverityEnabled": { "type": "boolean" }, "cvesBlackListEnabled": { "description": "Indicates if CVEs blacklist is relevant.\n", "type": "boolean" }, "cvesBlackLists": { "description": "List of CVEs blacklisted items.\n", "items": { "type": "string" }, "type": "array" }, "cvesWhiteListEnabled": { "description": "Indicates if CVEs whitelist is relevant.\n", "type": "boolean" }, "cvesWhiteLists": { "description": "List of cves whitelisted licenses\n", "items": { "type": "string" }, "type": "array" }, "cvssSeverity": { "description": "Identifier of the cvss severity.\n", "type": "string" }, "cvssSeverityEnabled": { "description": "Indicates if the cvss severity is scanned.\n", "type": "boolean" }, "cvssSeverityExcludeNoFix": { "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n", "type": "boolean" }, "description": { "type": "string" }, "disallowMalware": { "description": "Indicates if malware should block the image.\n", "type": "boolean" }, "dockerCisEnabled": { "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n", "type": "boolean" }, "domain": { "description": "Name of the container image.\n", "type": "string" }, "domainName": { "type": "string" }, "dtaEnabled": { "type": "boolean" }, "dtaSeverity": { "type": "string" }, "enabled": { "type": "boolean" }, "enforce": { "type": "boolean" }, "enforceAfterDays": { "type": "integer" }, "enforceExcessivePermissions": { "type": "boolean" }, "exceptionalMonitoredMalwarePaths": { "items": { "type": "string" }, "type": "array" }, "failCicd": { "description": "Indicates if cicd failures will fail the image.\n", "type": "boolean" }, "forbiddenLabels": { "items": { "$ref": "#/types/aquasec:index%2FgetHostAssurancePolicyForbiddenLabel:getHostAssurancePolicyForbiddenLabel" }, "type": "array" }, "forbiddenLabelsEnabled": { "type": "boolean" }, "forceMicroenforcer": { "type": "boolean" }, "functionIntegrityEnabled": { "type": "boolean" }, "id": { "description": "The ID of this resource.\n", "type": "string" }, "ignoreRecentlyPublishedVln": { "type": "boolean" }, "ignoreRecentlyPublishedVlnPeriod": { "type": "integer" }, "ignoreRiskResourcesEnabled": { "description": "Indicates if risk resources are ignored.\n", "type": "boolean" }, "ignoredRiskResources": { "description": "List of ignored risk resources.\n", "items": { "type": "string" }, "type": "array" }, "images": { "description": "List of images.\n", "items": { "type": "string" }, "type": "array" }, "kubeCisEnabled": { "description": "Performs a Kubernetes CIS benchmark check for the host.\n", "type": "boolean" }, "labels": { "description": "List of labels.\n", "items": { "type": "string" }, "type": "array" }, "malwareAction": { "type": "string" }, "maximumScore": { "description": "Value of allowed maximum score.\n", "type": "number" }, "maximumScoreEnabled": { "description": "Indicates if exceeding the maximum score is scanned.\n", "type": "boolean" }, "maximumScoreExcludeNoFix": { "description": "Indicates that policy should ignore cases that do not have a known fix.\n", "type": "boolean" }, "monitoredMalwarePaths": { "items": { "type": "string" }, "type": "array" }, "name": { "type": "string" }, "onlyNoneRootUsers": { "description": "Indicates if raise a warning for images that should only be run as root.\n", "type": "boolean" }, "packagesBlackListEnabled": { "description": "Indicates if packages blacklist is relevant.\n", "type": "boolean" }, "packagesBlackLists": { "description": "List of blacklisted images.\n", "items": { "$ref": "#/types/aquasec:index%2FgetHostAssurancePolicyPackagesBlackList:getHostAssurancePolicyPackagesBlackList" }, "type": "array" }, "packagesWhiteListEnabled": { "description": "Indicates if packages whitelist is relevant.\n", "type": "boolean" }, "packagesWhiteLists": { "description": "List of whitelisted images.\n", "items": { "$ref": "#/types/aquasec:index%2FgetHostAssurancePolicyPackagesWhiteList:getHostAssurancePolicyPackagesWhiteList" }, "type": "array" }, "partialResultsImageFail": { "type": "boolean" }, "readOnly": { "type": "boolean" }, "registries": { "description": "List of registries.\n", "items": { "type": "string" }, "type": "array" }, "registry": { "type": "string" }, "requiredLabels": { "items": { "$ref": "#/types/aquasec:index%2FgetHostAssurancePolicyRequiredLabel:getHostAssurancePolicyRequiredLabel" }, "type": "array" }, "requiredLabelsEnabled": { "type": "boolean" }, "scanNfsMounts": { "type": "boolean" }, "scanSensitiveData": { "description": "Indicates if scan should include sensitive data in the image.\n", "type": "boolean" }, "scapEnabled": { "description": "Indicates if scanning should include scap.\n", "type": "boolean" }, "scapFiles": { "description": "List of SCAP user scripts for checks.\n", "items": { "type": "string" }, "type": "array" }, "scopes": { "items": { "$ref": "#/types/aquasec:index%2FgetHostAssurancePolicyScope:getHostAssurancePolicyScope" }, "type": "array" }, "trustedBaseImages": { "description": "List of trusted images.\n", "items": { "$ref": "#/types/aquasec:index%2FgetHostAssurancePolicyTrustedBaseImage:getHostAssurancePolicyTrustedBaseImage" }, "type": "array" }, "trustedBaseImagesEnabled": { "description": "Indicates if list of trusted base images is relevant.\n", "type": "boolean" }, "whitelistedLicenses": { "description": "List of whitelisted licenses.\n", "items": { "type": "string" }, "type": "array" }, "whitelistedLicensesEnabled": { "description": "Indicates if license blacklist is relevant.\n", "type": "boolean" } }, "required": [ "allowedImages", "applicationScopes", "auditOnFailure", "author", "autoScanConfigured", "autoScanEnabled", "autoScanTimes", "blacklistPermissions", "blacklistPermissionsEnabled", "blacklistedLicenses", "blacklistedLicensesEnabled", "blockFailed", "controlExcludeNoFix", "customChecks", "customChecksEnabled", "customSeverityEnabled", "cvesBlackListEnabled", "cvesBlackLists", "cvesWhiteListEnabled", "cvesWhiteLists", "cvssSeverity", "cvssSeverityEnabled", "cvssSeverityExcludeNoFix", "description", "disallowMalware", "dockerCisEnabled", "domain", "domainName", "dtaEnabled", "dtaSeverity", "enabled", "enforce", "enforceAfterDays", "enforceExcessivePermissions", "exceptionalMonitoredMalwarePaths", "failCicd", "forbiddenLabels", "forbiddenLabelsEnabled", "forceMicroenforcer", "functionIntegrityEnabled", "id", "ignoreRecentlyPublishedVln", "ignoreRecentlyPublishedVlnPeriod", "ignoreRiskResourcesEnabled", "ignoredRiskResources", "images", "kubeCisEnabled", "labels", "malwareAction", "maximumScore", "maximumScoreEnabled", "maximumScoreExcludeNoFix", "monitoredMalwarePaths", "name", "onlyNoneRootUsers", "packagesBlackListEnabled", "packagesBlackLists", "packagesWhiteListEnabled", "packagesWhiteLists", "partialResultsImageFail", "readOnly", "registries", "registry", "requiredLabels", "requiredLabelsEnabled", "scanNfsMounts", "scanSensitiveData", "scapEnabled", "scapFiles", "scopes", "trustedBaseImages", "trustedBaseImagesEnabled", "whitelistedLicenses", "whitelistedLicensesEnabled" ], "type": "object" } }, "aquasec:index/getHostRuntimePolicy:getHostRuntimePolicy": { "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumi/aquasec\";\n\nconst hostRuntimePolicy = aquasec.getHostRuntimePolicy({\n name: \"hostRuntimePolicyName\",\n});\nexport const hostRuntimePolicyDetails = hostRuntimePolicy;\n```\n```python\nimport pulumi\nimport pulumi_aquasec as aquasec\n\nhost_runtime_policy = aquasec.get_host_runtime_policy(name=\"hostRuntimePolicyName\")\npulumi.export(\"hostRuntimePolicyDetails\", host_runtime_policy)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumi.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hostRuntimePolicy = Aquasec.GetHostRuntimePolicy.Invoke(new()\n {\n Name = \"hostRuntimePolicyName\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"hostRuntimePolicyDetails\"] = hostRuntimePolicy,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thostRuntimePolicy, err := aquasec.LookupHostRuntimePolicy(ctx, \u0026aquasec.LookupHostRuntimePolicyArgs{\n\t\t\tName: \"hostRuntimePolicyName\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"hostRuntimePolicyDetails\", hostRuntimePolicy)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.AquasecFunctions;\nimport com.pulumi.aquasec.inputs.GetHostRuntimePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var hostRuntimePolicy = AquasecFunctions.getHostRuntimePolicy(GetHostRuntimePolicyArgs.builder()\n .name(\"hostRuntimePolicyName\")\n .build());\n\n ctx.export(\"hostRuntimePolicyDetails\", hostRuntimePolicy.applyValue(getHostRuntimePolicyResult -\u003e getHostRuntimePolicyResult));\n }\n}\n```\n```yaml\nvariables:\n hostRuntimePolicy:\n fn::invoke:\n Function: aquasec:getHostRuntimePolicy\n Arguments:\n name: hostRuntimePolicyName\noutputs:\n hostRuntimePolicyDetails: ${hostRuntimePolicy}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getHostRuntimePolicy.\n", "properties": { "auditing": { "$ref": "#/types/aquasec:index%2FgetHostRuntimePolicyAuditing:getHostRuntimePolicyAuditing" }, "fileIntegrityMonitorings": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetHostRuntimePolicyFileIntegrityMonitoring:getHostRuntimePolicyFileIntegrityMonitoring" }, "description": "Configuration for file integrity monitoring.\n" }, "malwareScanOptions": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetHostRuntimePolicyMalwareScanOption:getHostRuntimePolicyMalwareScanOption" }, "description": "Configuration for Real-Time Malware Protection.\n" }, "name": { "type": "string", "description": "Name of the host runtime policy\n" }, "packageBlocks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetHostRuntimePolicyPackageBlock:getHostRuntimePolicyPackageBlock" } } }, "type": "object", "required": [ "name" ] }, "outputs": { "description": "A collection of values returned by getHostRuntimePolicy.\n", "properties": { "applicationScopes": { "description": "Indicates the application scope of the service.\n", "items": { "type": "string" }, "type": "array" }, "auditAllOsUserActivity": { "description": "If true, all process activity will be audited.\n", "type": "boolean" }, "auditBruteForceLogin": { "description": "Detects brute force login attempts\n", "type": "boolean" }, "auditFullCommandArguments": { "description": "If true, full command arguments will be audited.\n", "type": "boolean" }, "auditHostFailedLoginEvents": { "description": "If true, host failed logins will be audited.\n", "type": "boolean" }, "auditHostSuccessfulLoginEvents": { "description": "If true, host successful logins will be audited.\n", "type": "boolean" }, "auditUserAccountManagement": { "description": "If true, account management will be audited.\n", "type": "boolean" }, "auditing": { "$ref": "#/types/aquasec:index%2FgetHostRuntimePolicyAuditing:getHostRuntimePolicyAuditing" }, "author": { "description": "Username of the account that created the service.\n", "type": "string" }, "blockCryptocurrencyMining": { "description": "Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining\n", "type": "boolean" }, "blockedFiles": { "description": "List of files that are prevented from being read, modified and executed in the containers.\n", "items": { "type": "string" }, "type": "array" }, "description": { "description": "The description of the host runtime policy\n", "type": "string" }, "enableIpReputation": { "description": "If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.\n", "type": "boolean" }, "enabled": { "description": "Indicates if the runtime policy is enabled or not.\n", "type": "boolean" }, "enforce": { "description": "Indicates that policy should effect container execution (not just for audit).\n", "type": "boolean" }, "enforceAfterDays": { "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n", "type": "integer" }, "fileIntegrityMonitorings": { "description": "Configuration for file integrity monitoring.\n", "items": { "$ref": "#/types/aquasec:index%2FgetHostRuntimePolicyFileIntegrityMonitoring:getHostRuntimePolicyFileIntegrityMonitoring" }, "type": "array" }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "malwareScanOptions": { "description": "Configuration for Real-Time Malware Protection.\n", "items": { "$ref": "#/types/aquasec:index%2FgetHostRuntimePolicyMalwareScanOption:getHostRuntimePolicyMalwareScanOption" }, "type": "array" }, "monitorSystemLogIntegrity": { "description": "If true, system log will be monitored.\n", "type": "boolean" }, "monitorSystemTimeChanges": { "description": "If true, system time changes will be monitored.\n", "type": "boolean" }, "monitorWindowsServices": { "description": "If true, windows service operations will be monitored.\n", "type": "boolean" }, "name": { "description": "Name of the host runtime policy\n", "type": "string" }, "osGroupsAlloweds": { "description": "List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.\n", "items": { "type": "string" }, "type": "array" }, "osGroupsBlockeds": { "description": "List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.\n", "items": { "type": "string" }, "type": "array" }, "osUsersAlloweds": { "description": "List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.\n", "items": { "type": "string" }, "type": "array" }, "osUsersBlockeds": { "description": "List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.\n", "items": { "type": "string" }, "type": "array" }, "packageBlocks": { "items": { "$ref": "#/types/aquasec:index%2FgetHostRuntimePolicyPackageBlock:getHostRuntimePolicyPackageBlock" }, "type": "array" }, "portScanningDetection": { "description": "If true, port scanning behaviors will be audited.\n", "type": "boolean" }, "scopeExpression": { "description": "Logical expression of how to compute the dependency of the scope variables.\n", "type": "string" }, "scopeVariables": { "description": "List of scope attributes.\n", "items": { "$ref": "#/types/aquasec:index%2FgetHostRuntimePolicyScopeVariable:getHostRuntimePolicyScopeVariable" }, "type": "array" }, "windowsRegistryMonitorings": { "description": "Configuration for windows registry monitoring.\n", "items": { "$ref": "#/types/aquasec:index%2FgetHostRuntimePolicyWindowsRegistryMonitoring:getHostRuntimePolicyWindowsRegistryMonitoring" }, "type": "array" }, "windowsRegistryProtections": { "description": "Configuration for windows registry protection.\n", "items": { "$ref": "#/types/aquasec:index%2FgetHostRuntimePolicyWindowsRegistryProtection:getHostRuntimePolicyWindowsRegistryProtection" }, "type": "array" } }, "required": [ "applicationScopes", "auditAllOsUserActivity", "auditBruteForceLogin", "auditFullCommandArguments", "auditHostFailedLoginEvents", "auditHostSuccessfulLoginEvents", "auditUserAccountManagement", "author", "blockCryptocurrencyMining", "blockedFiles", "description", "enableIpReputation", "enabled", "enforce", "enforceAfterDays", "id", "monitorSystemLogIntegrity", "monitorSystemTimeChanges", "monitorWindowsServices", "name", "osGroupsAlloweds", "osGroupsBlockeds", "osUsersAlloweds", "osUsersBlockeds", "portScanningDetection", "scopeExpression", "scopeVariables", "windowsRegistryMonitorings", "windowsRegistryProtections" ], "type": "object" } }, "aquasec:index/getImage:getImage": { "inputs": { "description": "A collection of arguments for invoking getImage.\n", "properties": { "registry": { "type": "string", "description": "The name of the registry where the image is stored.\n" }, "repository": { "type": "string", "description": "The name of the image's repository.\n" }, "tag": { "type": "string", "description": "The tag of the image.\n" } }, "type": "object", "required": [ "registry", "repository", "tag" ] }, "outputs": { "description": "A collection of values returned by getImage.\n", "properties": { "architecture": { "description": "The image architecture.\n", "type": "string" }, "assuranceChecksPerformeds": { "description": "The list of image assurance checks performed on the image.\n", "items": { "$ref": "#/types/aquasec:index%2FgetImageAssuranceChecksPerformed:getImageAssuranceChecksPerformed" }, "type": "array" }, "author": { "description": "The name of the user who registered the image.\n", "type": "string" }, "blacklisted": { "description": "Whether the image is blacklisted.\n", "type": "boolean" }, "comment": { "description": "The image creation comment.\n", "type": "string" }, "created": { "description": "The date and time when the image was registered.\n", "type": "string" }, "criticalVulnerabilities": { "description": "Number of critical severity vulnerabilities detected in the image.\n", "type": "integer" }, "defaultUser": { "description": "The default user of the image.\n", "type": "string" }, "digest": { "description": "The content digest of the image.\n", "type": "string" }, "disallowed": { "description": "Whether the image is disallowed (non-compliant).\n", "type": "boolean" }, "disallowedByAssuranceChecks": { "description": "Whether the image was disallowed because of Image Assurance Policies.\n", "type": "boolean" }, "dockerId": { "description": "The Docker image ID.\n", "type": "string" }, "dockerLabels": { "description": "Docker labels of the image.\n", "items": { "type": "string" }, "type": "array" }, "dockerVersion": { "description": "The Docker version used when building the image.\n", "type": "string" }, "dtaSeverityScore": { "description": "DTA severity score.\n", "type": "string" }, "dtaSkipped": { "description": "If DTA was skipped.\n", "type": "boolean" }, "dtaSkippedReason": { "description": "The reason why DTA was skipped.\n", "type": "string" }, "environmentVariables": { "description": "Environment variables in the image.\n", "items": { "type": "string" }, "type": "array" }, "highVulnerabilities": { "description": "Number of high severity vulnerabilities detected in the image.\n", "type": "integer" }, "histories": { "description": "The Docker history of the image.\n", "items": { "$ref": "#/types/aquasec:index%2FgetImageHistory:getImageHistory" }, "type": "array" }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "imageSize": { "description": "The size of the image in bytes.\n", "type": "integer" }, "imageType": { "description": "The type of the image.\n", "type": "string" }, "labels": { "description": "Aqua labels of the image.\n", "items": { "type": "string" }, "type": "array" }, "lowVulnerabilities": { "description": "Number of low severity vulnerabilities detected in the image.\n", "type": "integer" }, "malware": { "description": "Number of malware found on the image.\n", "type": "integer" }, "mediumVulnerabilities": { "description": "Number of medium severity vulnerabilities detected in the image.\n", "type": "integer" }, "name": { "description": "The name of the image.\n", "type": "string" }, "negligibleVulnerabilities": { "description": "Number of negligible severity vulnerabilities detected in the image.\n", "type": "integer" }, "newerImageExists": { "description": "Whether a new version of the image is available in the registry but is not scanned and registered yet.\n", "type": "boolean" }, "os": { "description": "The operating system detected in the image\n", "type": "string" }, "osVersion": { "description": "The version of the OS detected in the image.\n", "type": "string" }, "parent": { "description": "The ID of the parent image.\n", "type": "string" }, "partialResults": { "description": "Whether the image could only be partially scanned.\n", "type": "boolean" }, "pendingDisallowed": { "description": "Whether the image is non-compliant, but is pending this status due to running containers.\n", "type": "boolean" }, "permission": { "description": "Permission of the image.\n", "type": "string" }, "permissionAuthor": { "description": "The name of the user who last modified the image permissions.\n", "type": "string" }, "permissionComment": { "description": "The comment provided when the image permissions were last modified\n", "type": "string" }, "registry": { "description": "The name of the registry where the image is stored.\n", "type": "string" }, "registryType": { "description": "Type of the registry.\n", "type": "string" }, "repoDigests": { "description": "The repository digests.\n", "items": { "type": "string" }, "type": "array" }, "repository": { "description": "The name of the image's repository.\n", "type": "string" }, "scanDate": { "description": "The date and time when the image was last scanned.\n", "type": "string" }, "scanError": { "description": "If the image scan failed, the failure message.\n", "type": "string" }, "scanStatus": { "description": "The scan status of the image (either 'pending', 'in*progress', 'finished', 'failed' or 'not*started').\n", "type": "string" }, "sensitiveData": { "description": "Number of sensitive data detected in the image.\n", "type": "integer" }, "tag": { "description": "The tag of the image.\n", "type": "string" }, "totalVulnerabilities": { "description": "The total number of vulnerabilities detected in the image.\n", "type": "integer" }, "virtualSize": { "description": "The virtual size of the image.\n", "type": "integer" }, "vulnerabilities": { "description": "A list of all the vulnerabilities found in the image\n", "items": { "$ref": "#/types/aquasec:index%2FgetImageVulnerability:getImageVulnerability" }, "type": "array" }, "whitelisted": { "description": "Whether the image is whitelisted.\n", "type": "boolean" } }, "required": [ "architecture", "assuranceChecksPerformeds", "author", "blacklisted", "comment", "created", "criticalVulnerabilities", "defaultUser", "digest", "disallowed", "disallowedByAssuranceChecks", "dockerId", "dockerLabels", "dockerVersion", "dtaSeverityScore", "dtaSkipped", "dtaSkippedReason", "environmentVariables", "highVulnerabilities", "histories", "id", "imageSize", "imageType", "labels", "lowVulnerabilities", "malware", "mediumVulnerabilities", "name", "negligibleVulnerabilities", "newerImageExists", "os", "osVersion", "parent", "partialResults", "pendingDisallowed", "permission", "permissionAuthor", "permissionComment", "registry", "registryType", "repoDigests", "repository", "scanDate", "scanError", "scanStatus", "sensitiveData", "tag", "totalVulnerabilities", "virtualSize", "vulnerabilities", "whitelisted" ], "type": "object" } }, "aquasec:index/getImageAssurancePolicy:getImageAssurancePolicy": { "inputs": { "description": "A collection of arguments for invoking getImageAssurancePolicy.\n", "properties": { "name": { "type": "string" } }, "type": "object", "required": [ "name" ] }, "outputs": { "description": "A collection of values returned by getImageAssurancePolicy.\n", "properties": { "allowedImages": { "description": "List of explicitly allowed images.\n", "items": { "type": "string" }, "type": "array" }, "applicationScopes": { "items": { "type": "string" }, "type": "array" }, "auditOnFailure": { "description": "Indicates if auditing for failures.\n", "type": "boolean" }, "author": { "description": "Name of user account that created the policy.\n", "type": "string" }, "autoScanConfigured": { "type": "boolean" }, "autoScanEnabled": { "type": "boolean" }, "autoScanTimes": { "items": { "$ref": "#/types/aquasec:index%2FgetImageAssurancePolicyAutoScanTime:getImageAssurancePolicyAutoScanTime" }, "type": "array" }, "blacklistPermissions": { "description": "List of function's forbidden permissions.\n", "items": { "type": "string" }, "type": "array" }, "blacklistPermissionsEnabled": { "description": "Indicates if blacklist permissions is relevant.\n", "type": "boolean" }, "blacklistedLicenses": { "description": "List of blacklisted licenses.\n", "items": { "type": "string" }, "type": "array" }, "blacklistedLicensesEnabled": { "description": "Indicates if license blacklist is relevant.\n", "type": "boolean" }, "blockFailed": { "description": "Indicates if failed images are blocked.\n", "type": "boolean" }, "controlExcludeNoFix": { "type": "boolean" }, "customChecks": { "description": "List of Custom user scripts for checks.\n", "items": { "$ref": "#/types/aquasec:index%2FgetImageAssurancePolicyCustomCheck:getImageAssurancePolicyCustomCheck" }, "type": "array" }, "customChecksEnabled": { "description": "Indicates if scanning should include custom checks.\n", "type": "boolean" }, "customSeverityEnabled": { "type": "boolean" }, "cvesBlackListEnabled": { "description": "Indicates if CVEs blacklist is relevant.\n", "type": "boolean" }, "cvesBlackLists": { "description": "List of CVEs blacklisted items.\n", "items": { "type": "string" }, "type": "array" }, "cvesWhiteListEnabled": { "description": "Indicates if CVEs whitelist is relevant.\n", "type": "boolean" }, "cvesWhiteLists": { "description": "List of cves whitelisted licenses\n", "items": { "type": "string" }, "type": "array" }, "cvssSeverity": { "description": "Identifier of the cvss severity.\n", "type": "string" }, "cvssSeverityEnabled": { "description": "Indicates if the cvss severity is scanned.\n", "type": "boolean" }, "cvssSeverityExcludeNoFix": { "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n", "type": "boolean" }, "description": { "type": "string" }, "disallowMalware": { "description": "Indicates if malware should block the image.\n", "type": "boolean" }, "dockerCisEnabled": { "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n", "type": "boolean" }, "domain": { "description": "Name of the container image.\n", "type": "string" }, "domainName": { "type": "string" }, "dtaEnabled": { "type": "boolean" }, "dtaSeverity": { "type": "string" }, "enabled": { "type": "boolean" }, "enforce": { "type": "boolean" }, "enforceAfterDays": { "type": "integer" }, "enforceExcessivePermissions": { "type": "boolean" }, "exceptionalMonitoredMalwarePaths": { "items": { "type": "string" }, "type": "array" }, "failCicd": { "description": "Indicates if cicd failures will fail the image.\n", "type": "boolean" }, "forbiddenLabels": { "items": { "$ref": "#/types/aquasec:index%2FgetImageAssurancePolicyForbiddenLabel:getImageAssurancePolicyForbiddenLabel" }, "type": "array" }, "forbiddenLabelsEnabled": { "type": "boolean" }, "forceMicroenforcer": { "type": "boolean" }, "functionIntegrityEnabled": { "type": "boolean" }, "id": { "description": "The ID of this resource.\n", "type": "string" }, "ignoreRecentlyPublishedVln": { "type": "boolean" }, "ignoreRecentlyPublishedVlnPeriod": { "type": "integer" }, "ignoreRiskResourcesEnabled": { "description": "Indicates if risk resources are ignored.\n", "type": "boolean" }, "ignoredRiskResources": { "description": "List of ignored risk resources.\n", "items": { "type": "string" }, "type": "array" }, "images": { "description": "List of images.\n", "items": { "type": "string" }, "type": "array" }, "kubeCisEnabled": { "description": "Performs a Kubernetes CIS benchmark check for the host.\n", "type": "boolean" }, "labels": { "description": "List of labels.\n", "items": { "type": "string" }, "type": "array" }, "malwareAction": { "type": "string" }, "maximumScore": { "description": "Value of allowed maximum score.\n", "type": "number" }, "maximumScoreEnabled": { "description": "Indicates if exceeding the maximum score is scanned.\n", "type": "boolean" }, "maximumScoreExcludeNoFix": { "description": "Indicates that policy should ignore cases that do not have a known fix.\n", "type": "boolean" }, "monitoredMalwarePaths": { "items": { "type": "string" }, "type": "array" }, "name": { "type": "string" }, "onlyNoneRootUsers": { "description": "Indicates if raise a warning for images that should only be run as root.\n", "type": "boolean" }, "packagesBlackListEnabled": { "description": "Indicates if packages blacklist is relevant.\n", "type": "boolean" }, "packagesBlackLists": { "description": "List of blacklisted images.\n", "items": { "$ref": "#/types/aquasec:index%2FgetImageAssurancePolicyPackagesBlackList:getImageAssurancePolicyPackagesBlackList" }, "type": "array" }, "packagesWhiteListEnabled": { "description": "Indicates if packages whitelist is relevant.\n", "type": "boolean" }, "packagesWhiteLists": { "description": "List of whitelisted images.\n", "items": { "$ref": "#/types/aquasec:index%2FgetImageAssurancePolicyPackagesWhiteList:getImageAssurancePolicyPackagesWhiteList" }, "type": "array" }, "partialResultsImageFail": { "type": "boolean" }, "readOnly": { "type": "boolean" }, "registries": { "description": "List of registries.\n", "items": { "type": "string" }, "type": "array" }, "registry": { "type": "string" }, "requiredLabels": { "items": { "$ref": "#/types/aquasec:index%2FgetImageAssurancePolicyRequiredLabel:getImageAssurancePolicyRequiredLabel" }, "type": "array" }, "requiredLabelsEnabled": { "type": "boolean" }, "scanNfsMounts": { "type": "boolean" }, "scanSensitiveData": { "description": "Indicates if scan should include sensitive data in the image.\n", "type": "boolean" }, "scapEnabled": { "description": "Indicates if scanning should include scap.\n", "type": "boolean" }, "scapFiles": { "description": "List of SCAP user scripts for checks.\n", "items": { "type": "string" }, "type": "array" }, "scopes": { "items": { "$ref": "#/types/aquasec:index%2FgetImageAssurancePolicyScope:getImageAssurancePolicyScope" }, "type": "array" }, "trustedBaseImages": { "description": "List of trusted images.\n", "items": { "$ref": "#/types/aquasec:index%2FgetImageAssurancePolicyTrustedBaseImage:getImageAssurancePolicyTrustedBaseImage" }, "type": "array" }, "trustedBaseImagesEnabled": { "description": "Indicates if list of trusted base images is relevant.\n", "type": "boolean" }, "whitelistedLicenses": { "description": "List of whitelisted licenses.\n", "items": { "type": "string" }, "type": "array" }, "whitelistedLicensesEnabled": { "description": "Indicates if license blacklist is relevant.\n", "type": "boolean" } }, "required": [ "allowedImages", "applicationScopes", "auditOnFailure", "author", "autoScanConfigured", "autoScanEnabled", "autoScanTimes", "blacklistPermissions", "blacklistPermissionsEnabled", "blacklistedLicenses", "blacklistedLicensesEnabled", "blockFailed", "controlExcludeNoFix", "customChecks", "customChecksEnabled", "customSeverityEnabled", "cvesBlackListEnabled", "cvesBlackLists", "cvesWhiteListEnabled", "cvesWhiteLists", "cvssSeverity", "cvssSeverityEnabled", "cvssSeverityExcludeNoFix", "description", "disallowMalware", "dockerCisEnabled", "domain", "domainName", "dtaEnabled", "dtaSeverity", "enabled", "enforce", "enforceAfterDays", "enforceExcessivePermissions", "exceptionalMonitoredMalwarePaths", "failCicd", "forbiddenLabels", "forbiddenLabelsEnabled", "forceMicroenforcer", "functionIntegrityEnabled", "id", "ignoreRecentlyPublishedVln", "ignoreRecentlyPublishedVlnPeriod", "ignoreRiskResourcesEnabled", "ignoredRiskResources", "images", "kubeCisEnabled", "labels", "malwareAction", "maximumScore", "maximumScoreEnabled", "maximumScoreExcludeNoFix", "monitoredMalwarePaths", "name", "onlyNoneRootUsers", "packagesBlackListEnabled", "packagesBlackLists", "packagesWhiteListEnabled", "packagesWhiteLists", "partialResultsImageFail", "readOnly", "registries", "registry", "requiredLabels", "requiredLabelsEnabled", "scanNfsMounts", "scanSensitiveData", "scapEnabled", "scapFiles", "scopes", "trustedBaseImages", "trustedBaseImagesEnabled", "whitelistedLicenses", "whitelistedLicensesEnabled" ], "type": "object" } }, "aquasec:index/getIntegrationRegistries:getIntegrationRegistries": { "inputs": { "description": "A collection of arguments for invoking getIntegrationRegistries.\n", "properties": { "advancedSettingsCleanup": { "type": "boolean", "description": "Automatically clean up that don't match the pull criteria\n" }, "alwaysPullPatterns": { "type": "array", "items": { "type": "string" }, "description": "List of image patterns to pull always\n" }, "imageCreationDateCondition": { "type": "string", "description": "Additional condition for pulling and rescanning images, Defaults to 'none'\n" }, "lastupdate": { "type": "integer", "description": "The last time the registry was modified in UNIX time\n" }, "name": { "type": "string", "description": "The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces\n" }, "options": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetIntegrationRegistriesOption:getIntegrationRegistriesOption" } }, "pullImageAge": { "type": "string", "description": "When auto pull image enabled, sets maximum age of auto pulled images\n" }, "pullImageCount": { "type": "integer", "description": "When auto pull image enabled, sets maximum age of auto pulled images tags from each repository.\n" }, "pullImageTagPatterns": { "type": "array", "items": { "type": "string" }, "description": "List of image tags patterns to pull\n" }, "pullRepoPatternsExcludeds": { "type": "array", "items": { "type": "string" }, "description": "List of image patterns to exclude\n" }, "registryScanTimeout": { "type": "integer", "description": "Registry scan timeout in Minutes\n" }, "scannerNames": { "type": "array", "items": { "type": "string" }, "description": "List of scanner names\n" }, "scannerType": { "type": "string", "description": "Scanner type\n" }, "webhooks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetIntegrationRegistriesWebhook:getIntegrationRegistriesWebhook" }, "description": "When enabled, registry events are sent to the given Aqua webhook url\n" } }, "type": "object", "required": [ "name" ] }, "outputs": { "description": "A collection of values returned by getIntegrationRegistries.\n", "properties": { "advancedSettingsCleanup": { "description": "Automatically clean up that don't match the pull criteria\n", "type": "boolean" }, "alwaysPullPatterns": { "description": "List of image patterns to pull always\n", "items": { "type": "string" }, "type": "array" }, "autoCleanup": { "description": "Automatically clean up images and repositories which are no longer present in the registry from Aqua console\n", "type": "boolean" }, "autoPull": { "description": "Whether to automatically pull images from the registry on creation and daily\n", "type": "boolean" }, "autoPullInterval": { "description": "The interval in days to start pulling new images from the registry, Defaults to 1\n", "type": "integer" }, "autoPullMax": { "description": "Maximum number of repositories to pull every day, defaults to 100\n", "type": "integer" }, "autoPullRescan": { "description": "Whether to automatically pull and rescan images from the registry on creation and daily\n", "type": "boolean" }, "autoPullTime": { "description": "The time of day to start pulling new images from the registry, in the format HH:MM (24-hour clock), defaults to 03:00\n", "type": "string" }, "description": { "description": "The description of the registry\n", "type": "string" }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "imageCreationDateCondition": { "description": "Additional condition for pulling and rescanning images, Defaults to 'none'\n", "type": "string" }, "lastupdate": { "description": "The last time the registry was modified in UNIX time\n", "type": "integer" }, "name": { "description": "The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces\n", "type": "string" }, "options": { "items": { "$ref": "#/types/aquasec:index%2FgetIntegrationRegistriesOption:getIntegrationRegistriesOption" }, "type": "array" }, "password": { "description": "The password for registry authentication\n", "type": "string" }, "prefixes": { "description": "List of possible prefixes to image names pulled from the registry\n", "items": { "type": "string" }, "type": "array" }, "pullImageAge": { "description": "When auto pull image enabled, sets maximum age of auto pulled images\n", "type": "string" }, "pullImageCount": { "description": "When auto pull image enabled, sets maximum age of auto pulled images tags from each repository.\n", "type": "integer" }, "pullImageTagPatterns": { "description": "List of image tags patterns to pull\n", "items": { "type": "string" }, "type": "array" }, "pullRepoPatternsExcludeds": { "description": "List of image patterns to exclude\n", "items": { "type": "string" }, "type": "array" }, "registryScanTimeout": { "description": "Registry scan timeout in Minutes\n", "type": "integer" }, "scannerNames": { "description": "List of scanner names\n", "items": { "type": "string" }, "type": "array" }, "scannerType": { "description": "Scanner type\n", "type": "string" }, "type": { "description": "Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR).\n", "type": "string" }, "url": { "description": "The URL, address or region of the registry\n", "type": "string" }, "username": { "description": "The username for registry authentication.\n", "type": "string" }, "webhooks": { "description": "When enabled, registry events are sent to the given Aqua webhook url\n", "items": { "$ref": "#/types/aquasec:index%2FgetIntegrationRegistriesWebhook:getIntegrationRegistriesWebhook" }, "type": "array" } }, "required": [ "autoCleanup", "autoPull", "autoPullInterval", "autoPullMax", "autoPullRescan", "autoPullTime", "description", "id", "imageCreationDateCondition", "lastupdate", "name", "password", "prefixes", "pullImageAge", "pullImageCount", "scannerNames", "scannerType", "type", "url", "username" ], "type": "object" } }, "aquasec:index/getIntegrationRegistry:getIntegrationRegistry": { "deprecationMessage": "aquasec.index/getintegrationregistry.getIntegrationRegistry has been deprecated in favor of aquasec.index/getintegrationregistries.getIntegrationRegistries", "inputs": { "description": "A collection of arguments for invoking getIntegrationRegistry.\n", "properties": { "advancedSettingsCleanup": { "type": "boolean" }, "alwaysPullPatterns": { "type": "array", "items": { "type": "string" } }, "imageCreationDateCondition": { "type": "string" }, "lastupdate": { "type": "integer" }, "name": { "type": "string" }, "options": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetIntegrationRegistryOption:getIntegrationRegistryOption" } }, "pullImageAge": { "type": "string" }, "pullImageCount": { "type": "integer" }, "pullImageTagPatterns": { "type": "array", "items": { "type": "string" } }, "pullRepoPatternsExcludeds": { "type": "array", "items": { "type": "string" } }, "registryScanTimeout": { "type": "integer" }, "scannerNames": { "type": "array", "items": { "type": "string" } }, "scannerType": { "type": "string" }, "webhooks": { "type": "array", "items": { "$ref": "#/types/aquasec:index%2FgetIntegrationRegistryWebhook:getIntegrationRegistryWebhook" } } }, "type": "object", "required": [ "name" ] }, "outputs": { "description": "A collection of values returned by getIntegrationRegistry.\n", "properties": { "advancedSettingsCleanup": { "type": "boolean" }, "alwaysPullPatterns": { "items": { "type": "string" }, "type": "array" }, "autoCleanup": { "type": "boolean" }, "autoPull": { "type": "boolean" }, "autoPullInterval": { "type": "integer" }, "autoPullMax": { "type": "integer" }, "autoPullRescan": { "type": "boolean" }, "autoPullTime": { "type": "string" }, "description": { "type": "string" }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "imageCreationDateCondition": { "type": "string" }, "lastupdate": { "type": "integer" }, "name": { "type": "string" }, "options": { "items": { "$ref": "#/types/aquasec:index%2FgetIntegrationRegistryOption:getIntegrationRegistryOption" }, "type": "array" }, "password": { "type": "string" }, "prefixes": { "items": { "type": "string" }, "type": "array" }, "pullImageAge": { "type": "string" }, "pullImageCount": { "type": "integer" }, "pullImageTagPatterns": { "items": { "type": "string" }, "type": "array" }, "pullRepoPatternsExcludeds": { "items": { "type": "string" }, "type": "array" }, "registryScanTimeout": { "type": "integer" }, "scannerNames": { "items": { "type": "string" }, "type": "array" }, "scannerType": { "type": "string" }, "type": { "type": "string" }, "url": { "type": "string" }, "username": { "type": "string" }, "webhooks": { "items": { "$ref": "#/types/aquasec:index%2FgetIntegrationRegistryWebhook:getIntegrationRegistryWebhook" }, "type": "array" } }, "required": [ "autoCleanup", "autoPull", "autoPullInterval", "autoPullMax", "autoPullRescan", "autoPullTime", "description", "id", "imageCreationDateCondition", "lastupdate", "name", "password", "prefixes", "pullImageAge", "pullImageCount", "scannerNames", "scannerType", "type", "url", "username" ], "type": "object" } }, "aquasec:index/getIntegrationState:getIntegrationState": { "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumi/aquasec\";\n\nconst integrationState = aquasec.getIntegrationState({});\nexport const aquasecIntegrationState = integrationState;\n```\n```python\nimport pulumi\nimport pulumi_aquasec as aquasec\n\nintegration_state = aquasec.get_integration_state()\npulumi.export(\"aquasecIntegrationState\", integration_state)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumi.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var integrationState = Aquasec.GetIntegrationState.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"aquasecIntegrationState\"] = integrationState,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tintegrationState, err := aquasec.GetIntegrationState(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"aquasecIntegrationState\", integrationState)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.AquasecFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var integrationState = AquasecFunctions.getIntegrationState();\n\n ctx.export(\"aquasecIntegrationState\", integrationState.applyValue(getIntegrationStateResult -\u003e getIntegrationStateResult));\n }\n}\n```\n```yaml\nvariables:\n integrationState:\n fn::invoke:\n Function: aquasec:getIntegrationState\n Arguments: {}\noutputs:\n aquasecIntegrationState: ${integrationState}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "outputs": { "description": "A collection of values returned by getIntegrationState.\n", "properties": { "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "oidcSettings": { "description": "OIDCSettings enabled status\n", "type": "boolean" }, "openidSettings": { "description": "OpenIdSettings enabled status\n", "type": "boolean" }, "samlSettings": { "description": "SAMLSettings enabled status\n", "type": "boolean" } }, "required": [ "id", "oidcSettings", "openidSettings", "samlSettings" ], "type": "object" } }, "aquasec:index/getKubernetesAssurancePolicy:getKubernetesAssurancePolicy": { "inputs": { "description": "A collection of arguments for invoking getKubernetesAssurancePolicy.\n", "properties": { "name": { "type": "string" } }, "type": "object", "required": [ "name" ] }, "outputs": { "description": "A collection of values returned by getKubernetesAssurancePolicy.\n", "properties": { "allowedImages": { "description": "List of explicitly allowed images.\n", "items": { "type": "string" }, "type": "array" }, "applicationScopes": { "items": { "type": "string" }, "type": "array" }, "auditOnFailure": { "description": "Indicates if auditing for failures.\n", "type": "boolean" }, "author": { "description": "Name of user account that created the policy.\n", "type": "string" }, "autoScanConfigured": { "type": "boolean" }, "autoScanEnabled": { "type": "boolean" }, "autoScanTimes": { "items": { "$ref": "#/types/aquasec:index%2FgetKubernetesAssurancePolicyAutoScanTime:getKubernetesAssurancePolicyAutoScanTime" }, "type": "array" }, "blacklistPermissions": { "description": "List of function's forbidden permissions.\n", "items": { "type": "string" }, "type": "array" }, "blacklistPermissionsEnabled": { "description": "Indicates if blacklist permissions is relevant.\n", "type": "boolean" }, "blacklistedLicenses": { "description": "List of blacklisted licenses.\n", "items": { "type": "string" }, "type": "array" }, "blacklistedLicensesEnabled": { "description": "Indicates if license blacklist is relevant.\n", "type": "boolean" }, "blockFailed": { "description": "Indicates if failed images are blocked.\n", "type": "boolean" }, "controlExcludeNoFix": { "type": "boolean" }, "customChecks": { "description": "List of Custom user scripts for checks.\n", "items": { "$ref": "#/types/aquasec:index%2FgetKubernetesAssurancePolicyCustomCheck:getKubernetesAssurancePolicyCustomCheck" }, "type": "array" }, "customChecksEnabled": { "description": "Indicates if scanning should include custom checks.\n", "type": "boolean" }, "customSeverityEnabled": { "type": "boolean" }, "cvesBlackListEnabled": { "description": "Indicates if CVEs blacklist is relevant.\n", "type": "boolean" }, "cvesBlackLists": { "description": "List of CVEs blacklisted items.\n", "items": { "type": "string" }, "type": "array" }, "cvesWhiteListEnabled": { "description": "Indicates if CVEs whitelist is relevant.\n", "type": "boolean" }, "cvesWhiteLists": { "description": "List of CVEs whitelisted licenses\n", "items": { "type": "string" }, "type": "array" }, "cvssSeverity": { "description": "Identifier of the CVSS severity.\n", "type": "string" }, "cvssSeverityEnabled": { "description": "Indicates if the CVSS severity is scanned.\n", "type": "boolean" }, "cvssSeverityExcludeNoFix": { "description": "Indicates that policy should ignore CVSS cases that do not have a known fix.\n", "type": "boolean" }, "description": { "type": "string" }, "disallowMalware": { "description": "Indicates if malware should block the image.\n", "type": "boolean" }, "dockerCisEnabled": { "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n", "type": "boolean" }, "domain": { "description": "Name of the container image.\n", "type": "string" }, "domainName": { "type": "string" }, "dtaEnabled": { "type": "boolean" }, "dtaSeverity": { "type": "string" }, "enabled": { "type": "boolean" }, "enforce": { "type": "boolean" }, "enforceAfterDays": { "type": "integer" }, "enforceExcessivePermissions": { "type": "boolean" }, "exceptionalMonitoredMalwarePaths": { "description": "Directories to be excluded from monitoring.\n", "items": { "type": "string" }, "type": "array" }, "failCicd": { "description": "Indicates if CI/CD failures will fail the image.\n", "type": "boolean" }, "forbiddenLabels": { "items": { "$ref": "#/types/aquasec:index%2FgetKubernetesAssurancePolicyForbiddenLabel:getKubernetesAssurancePolicyForbiddenLabel" }, "type": "array" }, "forbiddenLabelsEnabled": { "type": "boolean" }, "forceMicroenforcer": { "type": "boolean" }, "functionIntegrityEnabled": { "type": "boolean" }, "id": { "description": "The ID of this resource.\n", "type": "string" }, "ignoreRecentlyPublishedVln": { "type": "boolean" }, "ignoreRecentlyPublishedVlnPeriod": { "type": "integer" }, "ignoreRiskResourcesEnabled": { "description": "Indicates if risk resources are ignored.\n", "type": "boolean" }, "ignoredRiskResources": { "description": "List of ignored risk resources.\n", "items": { "type": "string" }, "type": "array" }, "images": { "description": "List of images.\n", "items": { "type": "string" }, "type": "array" }, "kubeCisEnabled": { "description": "Performs a Kubernetes CIS benchmark check for the host.\n", "type": "boolean" }, "kubernetesControlsNames": { "description": "List of kubernetes control names\n", "items": { "type": "string" }, "type": "array" }, "labels": { "description": "List of labels.\n", "items": { "type": "string" }, "type": "array" }, "malwareAction": { "type": "string" }, "maximumScore": { "description": "Value of allowed maximum score.\n", "type": "number" }, "maximumScoreEnabled": { "description": "Indicates if exceeding the maximum score is scanned.\n", "type": "boolean" }, "maximumScoreExcludeNoFix": { "description": "Indicates that policy should ignore cases that do not have a known fix.\n", "type": "boolean" }, "monitoredMalwarePaths": { "description": "Directories to be monitored.\n", "items": { "type": "string" }, "type": "array" }, "name": { "type": "string" }, "onlyNoneRootUsers": { "description": "Indicates if raise a warning for images that should only be run as root.\n", "type": "boolean" }, "packagesBlackListEnabled": { "description": "Indicates if packages blacklist is relevant.\n", "type": "boolean" }, "packagesBlackLists": { "description": "List of blacklisted images.\n", "items": { "$ref": "#/types/aquasec:index%2FgetKubernetesAssurancePolicyPackagesBlackList:getKubernetesAssurancePolicyPackagesBlackList" }, "type": "array" }, "packagesWhiteListEnabled": { "description": "Indicates if packages whitelist is relevant.\n", "type": "boolean" }, "packagesWhiteLists": { "description": "List of whitelisted images.\n", "items": { "$ref": "#/types/aquasec:index%2FgetKubernetesAssurancePolicyPackagesWhiteList:getKubernetesAssurancePolicyPackagesWhiteList" }, "type": "array" }, "partialResultsImageFail": { "type": "boolean" }, "readOnly": { "type": "boolean" }, "registries": { "description": "List of registries.\n", "items": { "type": "string" }, "type": "array" }, "registry": { "type": "string" }, "requiredLabels": { "items": { "$ref": "#/types/aquasec:index%2FgetKubernetesAssurancePolicyRequiredLabel:getKubernetesAssurancePolicyRequiredLabel" }, "type": "array" }, "requiredLabelsEnabled": { "type": "boolean" }, "scanNfsMounts": { "type": "boolean" }, "scanSensitiveData": { "description": "Indicates if scan should include sensitive data in the image.\n", "type": "boolean" }, "scapEnabled": { "description": "Indicates if scanning should include SCAP.\n", "type": "boolean" }, "scapFiles": { "description": "List of SCAP user scripts for checks.\n", "items": { "type": "string" }, "type": "array" }, "scopes": { "items": { "$ref": "#/types/aquasec:index%2FgetKubernetesAssurancePolicyScope:getKubernetesAssurancePolicyScope" }, "type": "array" }, "trustedBaseImages": { "description": "List of trusted images.\n", "items": { "$ref": "#/types/aquasec:index%2FgetKubernetesAssurancePolicyTrustedBaseImage:getKubernetesAssurancePolicyTrustedBaseImage" }, "type": "array" }, "trustedBaseImagesEnabled": { "description": "Indicates if list of trusted base images is relevant.\n", "type": "boolean" }, "whitelistedLicenses": { "description": "List of whitelisted licenses.\n", "items": { "type": "string" }, "type": "array" }, "whitelistedLicensesEnabled": { "description": "Indicates if license blacklist is relevant.\n", "type": "boolean" } }, "required": [ "allowedImages", "applicationScopes", "auditOnFailure", "author", "autoScanConfigured", "autoScanEnabled", "autoScanTimes", "blacklistPermissions", "blacklistPermissionsEnabled", "blacklistedLicenses", "blacklistedLicensesEnabled", "blockFailed", "controlExcludeNoFix", "customChecks", "customChecksEnabled", "customSeverityEnabled", "cvesBlackListEnabled", "cvesBlackLists", "cvesWhiteListEnabled", "cvesWhiteLists", "cvssSeverity", "cvssSeverityEnabled", "cvssSeverityExcludeNoFix", "description", "disallowMalware", "dockerCisEnabled", "domain", "domainName", "dtaEnabled", "dtaSeverity", "enabled", "enforce", "enforceAfterDays", "enforceExcessivePermissions", "exceptionalMonitoredMalwarePaths", "failCicd", "forbiddenLabels", "forbiddenLabelsEnabled", "forceMicroenforcer", "functionIntegrityEnabled", "id", "ignoreRecentlyPublishedVln", "ignoreRecentlyPublishedVlnPeriod", "ignoreRiskResourcesEnabled", "ignoredRiskResources", "images", "kubeCisEnabled", "kubernetesControlsNames", "labels", "malwareAction", "maximumScore", "maximumScoreEnabled", "maximumScoreExcludeNoFix", "monitoredMalwarePaths", "name", "onlyNoneRootUsers", "packagesBlackListEnabled", "packagesBlackLists", "packagesWhiteListEnabled", "packagesWhiteLists", "partialResultsImageFail", "readOnly", "registries", "registry", "requiredLabels", "requiredLabelsEnabled", "scanNfsMounts", "scanSensitiveData", "scapEnabled", "scapFiles", "scopes", "trustedBaseImages", "trustedBaseImagesEnabled", "whitelistedLicenses", "whitelistedLicensesEnabled" ], "type": "object" } }, "aquasec:index/getNotifications:getNotifications": { "outputs": { "description": "A collection of values returned by getNotifications.\n", "properties": { "emails": { "items": { "$ref": "#/types/aquasec:index%2FgetNotificationsEmail:getNotificationsEmail" }, "type": "array" }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "jiras": { "items": { "$ref": "#/types/aquasec:index%2FgetNotificationsJira:getNotificationsJira" }, "type": "array" }, "servicenows": { "items": { "$ref": "#/types/aquasec:index%2FgetNotificationsServicenow:getNotificationsServicenow" }, "type": "array" }, "slacks": { "items": { "$ref": "#/types/aquasec:index%2FgetNotificationsSlack:getNotificationsSlack" }, "type": "array" }, "splunks": { "items": { "$ref": "#/types/aquasec:index%2FgetNotificationsSplunk:getNotificationsSplunk" }, "type": "array" }, "teams": { "items": { "$ref": "#/types/aquasec:index%2FgetNotificationsTeam:getNotificationsTeam" }, "type": "array" }, "webhooks": { "items": { "$ref": "#/types/aquasec:index%2FgetNotificationsWebhook:getNotificationsWebhook" }, "type": "array" } }, "required": [ "emails", "id", "jiras", "servicenows", "slacks", "splunks", "teams", "webhooks" ], "type": "object" } }, "aquasec:index/getPermissionsSets:getPermissionsSets": { "description": "The data source `aquasec.PermissionsSets` provides a method to query all permissions within the Aqua CSPMThe fields returned from this query are detailed in the Schema section below.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumi/aquasec\";\n\nconst testpermissionsset = aquasec.getPermissionsSets({});\nexport const permissionsSets = testpermissionsset;\nexport const permissionsSetsNames = [testpermissionsset].map(__item =\u003e _arg0_.permissionsSets.map(__item =\u003e __item.name));\n```\n```python\nimport pulumi\nimport pulumi_aquasec as aquasec\n\ntestpermissionsset = aquasec.get_permissions_sets()\npulumi.export(\"permissionsSets\", testpermissionsset)\npulumi.export(\"permissionsSetsNames\", [[__item.name for __item in __item.permissions_sets] for __item in [testpermissionsset]])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumi.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testpermissionsset = Aquasec.GetPermissionsSets.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"permissionsSets\"] = testpermissionsset,\n [\"permissionsSetsNames\"] = new[]\n {\n testpermissionsset,\n }.Select(__item =\u003e _arg0_.PermissionsSets.Select(__item =\u003e __item.Name).ToList()).ToList(),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ntestpermissionsset, err := aquasec.LookupPermissionsSets(ctx, nil, nil);\nif err != nil {\nreturn err\n}\nctx.Export(\"permissionsSets\", testpermissionsset)\nvar splat0 [][]*string\nfor _, val0 := range []aquasec.GetPermissionsSetsResult{\ntestpermissionsset,\n} {\nsplat0 = append(splat0, %!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ #-functions-aquasec:index-getPermissionsSets:getPermissionsSets.pp:5,31-58))\n}\nctx.Export(\"permissionsSetsNames\", splat0)\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.AquasecFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testpermissionsset = AquasecFunctions.getPermissionsSets();\n\n ctx.export(\"permissionsSets\", testpermissionsset.applyValue(getPermissionsSetsResult -\u003e getPermissionsSetsResult));\n ctx.export(\"permissionsSetsNames\", testpermissionsset.applyValue(getPermissionsSetsResult -\u003e getPermissionsSetsResult).stream().map(element -\u003e element.permissionsSets().stream().map(element -\u003e element.name()).collect(toList())).collect(toList()));\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "outputs": { "description": "A collection of values returned by getPermissionsSets.\n", "properties": { "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "permissionsSets": { "items": { "$ref": "#/types/aquasec:index%2FgetPermissionsSetsPermissionsSet:getPermissionsSetsPermissionsSet" }, "type": "array" } }, "required": [ "id", "permissionsSets" ], "type": "object" } }, "aquasec:index/getRoles:getRoles": { "description": "The data source `aquasec.getRoles` provides a method to query all roles within the Aqua account managementrole database. The fields returned from this query are detailed in the Schema section below.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumi/aquasec\";\n\nconst roles = aquasec.getRoles({});\nexport const firstUserName = roles.then(roles =\u003e roles.roles?.[0]);\n```\n```python\nimport pulumi\nimport pulumi_aquasec as aquasec\n\nroles = aquasec.get_roles()\npulumi.export(\"firstUserName\", roles.roles[0])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumi.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var roles = Aquasec.GetRoles.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"firstUserName\"] = roles.Apply(getRolesResult =\u003e getRolesResult.Roles[0]),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\troles, err := aquasec.GetRoles(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"firstUserName\", roles.Roles[0])\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.AquasecFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var roles = AquasecFunctions.getRoles();\n\n ctx.export(\"firstUserName\", roles.applyValue(getRolesResult -\u003e getRolesResult.roles()[0]));\n }\n}\n```\n```yaml\nvariables:\n roles:\n fn::invoke:\n Function: aquasec:getRoles\n Arguments: {}\noutputs:\n # Output the first role\n firstUserName: ${roles.roles[0]}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "outputs": { "description": "A collection of values returned by getRoles.\n", "properties": { "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "roles": { "items": { "$ref": "#/types/aquasec:index%2FgetRolesRole:getRolesRole" }, "type": "array" } }, "required": [ "id", "roles" ], "type": "object" } }, "aquasec:index/getRolesMapping:getRolesMapping": { "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumi/aquasec\";\n\nconst rolesMapping = aquasec.getRolesMapping({});\nexport const roleMappingAll = rolesMapping;\nexport const roleMappingSaml = rolesMapping.then(rolesMapping =\u003e rolesMapping.samls);\n```\n```python\nimport pulumi\nimport pulumi_aquasec as aquasec\n\nroles_mapping = aquasec.get_roles_mapping()\npulumi.export(\"roleMappingAll\", roles_mapping)\npulumi.export(\"roleMappingSaml\", roles_mapping.samls)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumi.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var rolesMapping = Aquasec.GetRolesMapping.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"roleMappingAll\"] = rolesMapping,\n [\"roleMappingSaml\"] = rolesMapping.Apply(getRolesMappingResult =\u003e getRolesMappingResult.Samls),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trolesMapping, err := aquasec.GetRolesMapping(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"roleMappingAll\", rolesMapping)\n\t\tctx.Export(\"roleMappingSaml\", rolesMapping.Samls)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.AquasecFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var rolesMapping = AquasecFunctions.getRolesMapping();\n\n ctx.export(\"roleMappingAll\", rolesMapping.applyValue(getRolesMappingResult -\u003e getRolesMappingResult));\n ctx.export(\"roleMappingSaml\", rolesMapping.applyValue(getRolesMappingResult -\u003e getRolesMappingResult.samls()));\n }\n}\n```\n```yaml\nvariables:\n rolesMapping:\n fn::invoke:\n Function: aquasec:getRolesMapping\n Arguments: {}\noutputs:\n roleMappingAll: ${rolesMapping}\n roleMappingSaml: ${rolesMapping.samls}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "outputs": { "description": "A collection of values returned by getRolesMapping.\n", "properties": { "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "ldaps": { "description": "LDAP Authentication\n", "items": { "$ref": "#/types/aquasec:index%2FgetRolesMappingLdap:getRolesMappingLdap" }, "type": "array" }, "oauth2s": { "description": "Oauth2 Authentication\n", "items": { "$ref": "#/types/aquasec:index%2FgetRolesMappingOauth2:getRolesMappingOauth2" }, "type": "array" }, "openids": { "description": "OpenId Authentication\n", "items": { "$ref": "#/types/aquasec:index%2FgetRolesMappingOpenid:getRolesMappingOpenid" }, "type": "array" }, "samls": { "description": "SAML Authentication\n", "items": { "$ref": "#/types/aquasec:index%2FgetRolesMappingSaml:getRolesMappingSaml" }, "type": "array" } }, "required": [ "id", "ldaps", "oauth2s", "openids", "samls" ], "type": "object" } }, "aquasec:index/getRolesMappingSaas:getRolesMappingSaas": { "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumi/aquasec\";\n\nconst rolesMappingSaas = aquasec.getRolesMappingSaas({});\nexport const roleMapping = rolesMappingSaas.then(rolesMappingSaas =\u003e rolesMappingSaas.rolesMappings);\n```\n```python\nimport pulumi\nimport pulumi_aquasec as aquasec\n\nroles_mapping_saas = aquasec.get_roles_mapping_saas()\npulumi.export(\"roleMapping\", roles_mapping_saas.roles_mappings)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumi.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var rolesMappingSaas = Aquasec.GetRolesMappingSaas.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"roleMapping\"] = rolesMappingSaas.Apply(getRolesMappingSaasResult =\u003e getRolesMappingSaasResult.RolesMappings),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trolesMappingSaas, err := aquasec.GetRolesMappingSaas(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"roleMapping\", rolesMappingSaas.RolesMappings)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.AquasecFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var rolesMappingSaas = AquasecFunctions.getRolesMappingSaas();\n\n ctx.export(\"roleMapping\", rolesMappingSaas.applyValue(getRolesMappingSaasResult -\u003e getRolesMappingSaasResult.rolesMappings()));\n }\n}\n```\n```yaml\nvariables:\n rolesMappingSaas:\n fn::invoke:\n Function: aquasec:getRolesMappingSaas\n Arguments: {}\noutputs:\n roleMapping: ${rolesMappingSaas.rolesMappings}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "outputs": { "description": "A collection of values returned by getRolesMappingSaas.\n", "properties": { "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "rolesMappings": { "items": { "$ref": "#/types/aquasec:index%2FgetRolesMappingSaasRolesMapping:getRolesMappingSaasRolesMapping" }, "type": "array" } }, "required": [ "id", "rolesMappings" ], "type": "object" } }, "aquasec:index/getService:getService": { "inputs": { "description": "A collection of arguments for invoking getService.\n", "properties": { "name": { "type": "string", "description": "The name of the service. It is recommended not to use whitespace characters in the name.\n" } }, "type": "object", "required": [ "name" ] }, "outputs": { "description": "A collection of values returned by getService.\n", "properties": { "applicationScopes": { "description": "Indicates the application scope of the service.\n", "items": { "type": "string" }, "type": "array" }, "author": { "description": "Username of the account that created the service.\n", "type": "string" }, "containersCount": { "description": "The number of containers associated with the service.\n", "type": "integer" }, "description": { "description": "A textual description of the service record; maximum 500 characters.\n", "type": "string" }, "enforce": { "description": "Enforcement status of the service.\n", "type": "boolean" }, "evaluated": { "description": "Whether the service has been evaluated for security vulnerabilities.\n", "type": "boolean" }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "isRegistered": { "description": "Indicates if registered or not.\n", "type": "boolean" }, "lastupdate": { "description": "Timestamp of the last update in Unix time format.\n", "type": "integer" }, "monitoring": { "description": "Indicates if monitoring is enabled or not\n", "type": "boolean" }, "name": { "description": "The name of the service. It is recommended not to use whitespace characters in the name.\n", "type": "string" }, "notEvaluatedCount": { "description": "The number of container that are not evaluated.\n", "type": "integer" }, "policies": { "description": "The service's policies; an array of container firewall policy names.\n", "items": { "type": "string" }, "type": "array" }, "priority": { "description": "Rules priority, must be between 1-100.\n", "type": "integer" }, "scopeExpression": { "description": "Logical expression of how to compute the dependency of the scope variables.\n", "type": "string" }, "scopeVariables": { "description": "List of scope attributes.\n", "items": { "$ref": "#/types/aquasec:index%2FgetServiceScopeVariable:getServiceScopeVariable" }, "type": "array" }, "target": { "description": "Type of the workload. container or host.\n", "type": "string" }, "unregisteredCount": { "description": "The number of containers allocated to the service that are not registered.\n", "type": "integer" }, "vulnerabilitiesHigh": { "description": "Number of high severity vulnerabilities.\n", "type": "integer" }, "vulnerabilitiesLow": { "description": "Number of low severity vulnerabilities.\n", "type": "integer" }, "vulnerabilitiesMalware": { "description": "Number of malware.\n", "type": "integer" }, "vulnerabilitiesMedium": { "description": "Number of medium severity vulnerabilities.\n", "type": "integer" }, "vulnerabilitiesNegligible": { "description": "Number of negligible vulnerabilities.\n", "type": "integer" }, "vulnerabilitiesScoreAverage": { "description": "The CVSS average vulnerabilities score.\n", "type": "integer" }, "vulnerabilitiesSensitive": { "description": "Number of sensitive vulnerabilities.\n", "type": "integer" }, "vulnerabilitiesTotal": { "description": "Total number of vulnerabilities.\n", "type": "integer" } }, "required": [ "applicationScopes", "author", "containersCount", "description", "enforce", "evaluated", "id", "isRegistered", "lastupdate", "monitoring", "name", "notEvaluatedCount", "policies", "priority", "scopeExpression", "scopeVariables", "target", "unregisteredCount", "vulnerabilitiesHigh", "vulnerabilitiesLow", "vulnerabilitiesMalware", "vulnerabilitiesMedium", "vulnerabilitiesNegligible", "vulnerabilitiesScoreAverage", "vulnerabilitiesSensitive", "vulnerabilitiesTotal" ], "type": "object" } }, "aquasec:index/getUsers:getUsers": { "description": "The data source `aquasec.getUsers` provides a method to query all users within the Aqua users database. The fields returned from this query are detailed in the Schema section below.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumi/aquasec\";\n\nconst users = aquasec.getUsers({});\nexport const firstUserName = users.then(users =\u003e users.users?.[0]?.name);\n```\n```python\nimport pulumi\nimport pulumi_aquasec as aquasec\n\nusers = aquasec.get_users()\npulumi.export(\"firstUserName\", users.users[0].name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumi.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var users = Aquasec.GetUsers.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"firstUserName\"] = users.Apply(getUsersResult =\u003e getUsersResult.Users[0]?.Name),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tusers, err := aquasec.GetUsers(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"firstUserName\", users.Users[0].Name)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.AquasecFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var users = AquasecFunctions.getUsers();\n\n ctx.export(\"firstUserName\", users.applyValue(getUsersResult -\u003e getUsersResult.users()[0].name()));\n }\n}\n```\n```yaml\nvariables:\n users:\n fn::invoke:\n Function: aquasec:getUsers\n Arguments: {}\noutputs:\n firstUserName: ${users.users[0].name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "outputs": { "description": "A collection of values returned by getUsers.\n", "properties": { "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "users": { "items": { "$ref": "#/types/aquasec:index%2FgetUsersUser:getUsersUser" }, "type": "array" } }, "required": [ "id", "users" ], "type": "object" } }, "aquasec:index/getUsersSaas:getUsersSaas": { "description": "The data source `aquasec.getUsersSaas` provides a method to query all saas users within the Aqua users management. The fields returned from this query are detailed in the Schema section below.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumi/aquasec\";\n\nconst users = aquasec.getUsers({});\nexport const firstUserEmail = data.aquasec_users_saas.users.users[0].email;\n```\n```python\nimport pulumi\nimport pulumi_aquasec as aquasec\n\nusers = aquasec.get_users()\npulumi.export(\"firstUserEmail\", data[\"aquasec_users_saas\"][\"users\"][\"users\"][0][\"email\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumi.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var users = Aquasec.GetUsers.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"firstUserEmail\"] = data.Aquasec_users_saas.Users.Users[0].Email,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.GetUsers(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"firstUserEmail\", data.Aquasec_users_saas.Users.Users[0].Email)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.AquasecFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var users = AquasecFunctions.getUsers();\n\n ctx.export(\"firstUserEmail\", data.aquasec_users_saas().users().users()[0].email());\n }\n}\n```\n```yaml\nvariables:\n users:\n fn::invoke:\n Function: aquasec:getUsers\n Arguments: {}\noutputs:\n firstUserEmail: ${data.aquasec_users_saas.users.users[0].email}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "outputs": { "description": "A collection of values returned by getUsersSaas.\n", "properties": { "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "users": { "items": { "$ref": "#/types/aquasec:index%2FgetUsersSaasUser:getUsersSaasUser" }, "type": "array" } }, "required": [ "id", "users" ], "type": "object" } } } }