Security
A ScanConfig resource contains the configurations to launch a scan. To get more information about ScanConfig, see:
How-to Guides
Warning: All arguments including
authentication.google_account.passwordandauthentication.custom_account.passwordwill be stored in the raw state as plain-text.
Example Usage
Scan Config Basic
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Address;
import com.pulumi.gcp.compute.AddressArgs;
import com.pulumi.gcp.compute.SecurityScanConfig;
import com.pulumi.gcp.compute.SecurityScanConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var scannerStaticIp = new Address("scannerStaticIp", AddressArgs.Empty, CustomResourceOptions.builder()
.provider(google_beta)
.build());
var scan_config = new SecurityScanConfig("scan-config", SecurityScanConfigArgs.builder()
.displayName("scan-config")
.startingUrls(scannerStaticIp.address().applyValue(address -> String.format("http://%s", address)))
.targetPlatforms("COMPUTE")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
}
}Import
ScanConfig can be imported using any of these accepted formats
$ pulumi import gcp:compute/securityScanConfig:SecurityScanConfig default projects/{{project}}/scanConfigs/{{name}}$ pulumi import gcp:compute/securityScanConfig:SecurityScanConfig default {{project}}/{{name}}$ pulumi import gcp:compute/securityScanConfig:SecurityScanConfig default {{name}}Properties
The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.
The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urls
The user provider display name of the ScanConfig.
Controls export of scan configurations and results to Cloud Security Command Center. Default value is ENABLED. Possible values are: ENABLED, DISABLED.
The schedule of the ScanConfig Structure is documented below.
The starting URLs from which the scanner finds site pages.
Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default. Each value may be one of: APP_ENGINE, COMPUTE.