Security
data class SecurityScanConfigArgs(val authentication: Output<SecurityScanConfigAuthenticationArgs>? = null, val blacklistPatterns: Output<List<String>>? = null, val displayName: Output<String>? = null, val exportToSecurityCommandCenter: Output<String>? = null, val maxQps: Output<Int>? = null, val project: Output<String>? = null, val schedule: Output<SecurityScanConfigScheduleArgs>? = null, val startingUrls: Output<List<String>>? = null, val targetPlatforms: Output<List<String>>? = null, val userAgent: Output<String>? = null) : ConvertibleToJava<SecurityScanConfigArgs>
A ScanConfig resource contains the configurations to launch a scan. To get more information about ScanConfig, see:
How-to Guides
Example Usage
Scan Config Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const scannerStaticIp = new gcp.compute.Address("scanner_static_ip", {name: "scan-basic-static-ip"});
const scan_config = new gcp.compute.SecurityScanConfig("scan-config", {
displayName: "scan-config",
startingUrls: [pulumi.interpolate`http://${scannerStaticIp.address}`],
targetPlatforms: ["COMPUTE"],
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
scanner_static_ip = gcp.compute.Address("scanner_static_ip", name="scan-basic-static-ip")
scan_config = gcp.compute.SecurityScanConfig("scan-config",
display_name="scan-config",
starting_urls=[scanner_static_ip.address.apply(lambda address: f"http://{address}")],
target_platforms=["COMPUTE"])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var scannerStaticIp = new Gcp.Compute.Address("scanner_static_ip", new()
{
Name = "scan-basic-static-ip",
});
var scan_config = new Gcp.Compute.SecurityScanConfig("scan-config", new()
{
DisplayName = "scan-config",
StartingUrls = new[]
{
scannerStaticIp.IPAddress.Apply(address => $"http://{address}"),
},
TargetPlatforms = new[]
{
"COMPUTE",
},
});
});Content copied to clipboard
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
scannerStaticIp, err := compute.NewAddress(ctx, "scanner_static_ip", &compute.AddressArgs{
Name: pulumi.String("scan-basic-static-ip"),
})
if err != nil {
return err
}
_, err = compute.NewSecurityScanConfig(ctx, "scan-config", &compute.SecurityScanConfigArgs{
DisplayName: pulumi.String("scan-config"),
StartingUrls: pulumi.StringArray{
scannerStaticIp.Address.ApplyT(func(address string) (string, error) {
return fmt.Sprintf("http://%v", address), nil
}).(pulumi.StringOutput),
},
TargetPlatforms: pulumi.StringArray{
pulumi.String("COMPUTE"),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Address;
import com.pulumi.gcp.compute.AddressArgs;
import com.pulumi.gcp.compute.SecurityScanConfig;
import com.pulumi.gcp.compute.SecurityScanConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var scannerStaticIp = new Address("scannerStaticIp", AddressArgs.builder()
.name("scan-basic-static-ip")
.build());
var scan_config = new SecurityScanConfig("scan-config", SecurityScanConfigArgs.builder()
.displayName("scan-config")
.startingUrls(scannerStaticIp.address().applyValue(address -> String.format("http://%s", address)))
.targetPlatforms("COMPUTE")
.build());
}
}Content copied to clipboard
resources:
scannerStaticIp:
type: gcp:compute:Address
name: scanner_static_ip
properties:
name: scan-basic-static-ip
scan-config:
type: gcp:compute:SecurityScanConfig
properties:
displayName: scan-config
startingUrls:
- http://${scannerStaticIp.address}
targetPlatforms:
- COMPUTEContent copied to clipboard
Import
ScanConfig can be imported using any of these accepted formats:
projects/{{project}}/scanConfigs/{{name}}{{project}}/{{name}}{{name}}When using thepulumi importcommand, ScanConfig can be imported using one of the formats above. For example:
$ pulumi import gcp:compute/securityScanConfig:SecurityScanConfig default projects/{{project}}/scanConfigs/{{name}}Content copied to clipboard
$ pulumi import gcp:compute/securityScanConfig:SecurityScanConfig default {{project}}/{{name}}Content copied to clipboard
$ pulumi import gcp:compute/securityScanConfig:SecurityScanConfig default {{name}}Content copied to clipboard
Constructors
Link copied to clipboard
constructor(authentication: Output<SecurityScanConfigAuthenticationArgs>? = null, blacklistPatterns: Output<List<String>>? = null, displayName: Output<String>? = null, exportToSecurityCommandCenter: Output<String>? = null, maxQps: Output<Int>? = null, project: Output<String>? = null, schedule: Output<SecurityScanConfigScheduleArgs>? = null, startingUrls: Output<List<String>>? = null, targetPlatforms: Output<List<String>>? = null, userAgent: Output<String>? = null)
Properties
Link copied to clipboard
The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.
Link copied to clipboard
The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urls
Link copied to clipboard
The user provider display name of the ScanConfig.
Link copied to clipboard
Controls export of scan configurations and results to Cloud Security Command Center. Default value is ENABLED. Possible values are: ENABLED, DISABLED.
Link copied to clipboard
The schedule of the ScanConfig Structure is documented below.
Link copied to clipboard
The starting URLs from which the scanner finds site pages.
Link copied to clipboard
Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default. Each value may be one of: APP_ENGINE, COMPUTE.