SecurityScanConfig

A ScanConfig resource contains the configurations to launch a scan.

To get more information about ScanConfig, see:

API documentation
How-to Guides
- Using Cloud Security Scanner

Warning: All arguments including authentication.google_account.password and authentication.custom_account.password will be stored in the raw state as plain-text.Read more about secrets in state

Create a SecurityScanConfig Resource

new SecurityScanConfig(name: string, args: SecurityScanConfigArgs, opts?: CustomResourceOptions);

def SecurityScanConfig(resource_name, opts=None, authentication=None, blacklist_patterns=None, display_name=None, export_to_security_command_center=None, max_qps=None, project=None, schedule=None, starting_urls=None, target_platforms=None, user_agent=None, __props__=None);

func NewSecurityScanConfig(ctx *Context, name string, args SecurityScanConfigArgs, opts ...ResourceOption) (*SecurityScanConfig, error)

public SecurityScanConfig(string name, SecurityScanConfigArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args SecurityScanConfigArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecurityScanConfigArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecurityScanConfigArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

SecurityScanConfig Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The SecurityScanConfig resource accepts the following input properties:

DisplayName string: The user provider display name of the ScanConfig.
StartingUrls List<string>: The starting URLs from which the scanner finds site pages.
Authentication SecurityScanConfigAuthenticationArgs: The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.
BlacklistPatterns List<string>: The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urls
ExportToSecurityCommandCenter string: Controls export of scan configurations and results to Cloud Security Command Center.
MaxQps int: The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. Defaults to 15.
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Schedule SecurityScanConfigScheduleArgs: The schedule of the ScanConfig Structure is documented below.
TargetPlatforms List<string>: Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default.
UserAgent string: Type of the user agents used for scanning

DisplayName string: The user provider display name of the ScanConfig.
StartingUrls []string: The starting URLs from which the scanner finds site pages.
Authentication SecurityScanConfigAuthentication: The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.
BlacklistPatterns []string: The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urls
ExportToSecurityCommandCenter string: Controls export of scan configurations and results to Cloud Security Command Center.
MaxQps int: The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. Defaults to 15.
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Schedule SecurityScanConfigSchedule: The schedule of the ScanConfig Structure is documented below.
TargetPlatforms []string: Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default.
UserAgent string: Type of the user agents used for scanning

displayName string: The user provider display name of the ScanConfig.
startingUrls string[]: The starting URLs from which the scanner finds site pages.
authentication SecurityScanConfigAuthentication: The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.
blacklistPatterns string[]: The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urls
exportToSecurityCommandCenter string: Controls export of scan configurations and results to Cloud Security Command Center.
maxQps number: The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. Defaults to 15.
project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
schedule SecurityScanConfigSchedule: The schedule of the ScanConfig Structure is documented below.
targetPlatforms string[]: Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default.
userAgent string: Type of the user agents used for scanning

display_name str: The user provider display name of the ScanConfig.
starting_urls List[str]: The starting URLs from which the scanner finds site pages.
authentication Dict[SecurityScanConfigAuthentication]: The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.
blacklist_patterns List[str]: The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urls
export_to_security_command_center str: Controls export of scan configurations and results to Cloud Security Command Center.
max_qps float: The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. Defaults to 15.
project str: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
schedule Dict[SecurityScanConfigSchedule]: The schedule of the ScanConfig Structure is documented below.
target_platforms List[str]: Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default.
user_agent str: Type of the user agents used for scanning

Outputs

All input properties are implicitly available as output properties. Additionally, the SecurityScanConfig resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
Name string: A server defined name for this index. Format: ‘projects/{{project}}/scanConfigs/{{server_generated_id}}’

Id string: The provider-assigned unique ID for this managed resource.
Name string: A server defined name for this index. Format: ‘projects/{{project}}/scanConfigs/{{server_generated_id}}’

id string: The provider-assigned unique ID for this managed resource.
name string: A server defined name for this index. Format: ‘projects/{{project}}/scanConfigs/{{server_generated_id}}’

id str: The provider-assigned unique ID for this managed resource.
name str: A server defined name for this index. Format: ‘projects/{{project}}/scanConfigs/{{server_generated_id}}’

Look up an Existing SecurityScanConfig Resource

Get an existing SecurityScanConfig resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecurityScanConfigState, opts?: CustomResourceOptions): SecurityScanConfig

static get(resource_name, id, opts=None, authentication=None, blacklist_patterns=None, display_name=None, export_to_security_command_center=None, max_qps=None, name=None, project=None, schedule=None, starting_urls=None, target_platforms=None, user_agent=None, __props__=None);

func GetSecurityScanConfig(ctx *Context, name string, id IDInput, state *SecurityScanConfigState, opts ...ResourceOption) (*SecurityScanConfig, error)

public static SecurityScanConfig Get(string name, Input<string> id, SecurityScanConfigState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Authentication SecurityScanConfigAuthenticationArgs: The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.
BlacklistPatterns List<string>: The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urls
DisplayName string: The user provider display name of the ScanConfig.
ExportToSecurityCommandCenter string: Controls export of scan configurations and results to Cloud Security Command Center.
MaxQps int: The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. Defaults to 15.
Name string: A server defined name for this index. Format: ‘projects/{{project}}/scanConfigs/{{server_generated_id}}’
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Schedule SecurityScanConfigScheduleArgs: The schedule of the ScanConfig Structure is documented below.
StartingUrls List<string>: The starting URLs from which the scanner finds site pages.
TargetPlatforms List<string>: Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default.
UserAgent string: Type of the user agents used for scanning

Authentication SecurityScanConfigAuthentication: The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.
BlacklistPatterns []string: The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urls
DisplayName string: The user provider display name of the ScanConfig.
ExportToSecurityCommandCenter string: Controls export of scan configurations and results to Cloud Security Command Center.
MaxQps int: The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. Defaults to 15.
Name string: A server defined name for this index. Format: ‘projects/{{project}}/scanConfigs/{{server_generated_id}}’
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Schedule SecurityScanConfigSchedule: The schedule of the ScanConfig Structure is documented below.
StartingUrls []string: The starting URLs from which the scanner finds site pages.
TargetPlatforms []string: Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default.
UserAgent string: Type of the user agents used for scanning

authentication SecurityScanConfigAuthentication: The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.
blacklistPatterns string[]: The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urls
displayName string: The user provider display name of the ScanConfig.
exportToSecurityCommandCenter string: Controls export of scan configurations and results to Cloud Security Command Center.
maxQps number: The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. Defaults to 15.
name string: A server defined name for this index. Format: ‘projects/{{project}}/scanConfigs/{{server_generated_id}}’
project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
schedule SecurityScanConfigSchedule: The schedule of the ScanConfig Structure is documented below.
startingUrls string[]: The starting URLs from which the scanner finds site pages.
targetPlatforms string[]: Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default.
userAgent string: Type of the user agents used for scanning

authentication Dict[SecurityScanConfigAuthentication]: The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.
blacklist_patterns List[str]: The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urls
display_name str: The user provider display name of the ScanConfig.
export_to_security_command_center str: Controls export of scan configurations and results to Cloud Security Command Center.
max_qps float: The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. Defaults to 15.
name str: A server defined name for this index. Format: ‘projects/{{project}}/scanConfigs/{{server_generated_id}}’
project str: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
schedule Dict[SecurityScanConfigSchedule]: The schedule of the ScanConfig Structure is documented below.
starting_urls List[str]: The starting URLs from which the scanner finds site pages.
target_platforms List[str]: Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default.
user_agent str: Type of the user agents used for scanning

Supporting Types

SecurityScanConfigAuthentication

See the input and output API doc for this type.

CustomAccount SecurityScanConfigAuthenticationCustomAccountArgs: Describes authentication configuration that uses a custom account. Structure is documented below.
GoogleAccount SecurityScanConfigAuthenticationGoogleAccountArgs: Describes authentication configuration that uses a Google account. Structure is documented below.

CustomAccount SecurityScanConfigAuthenticationCustomAccount: Describes authentication configuration that uses a custom account. Structure is documented below.
GoogleAccount SecurityScanConfigAuthenticationGoogleAccount: Describes authentication configuration that uses a Google account. Structure is documented below.

customAccount SecurityScanConfigAuthenticationCustomAccount: Describes authentication configuration that uses a custom account. Structure is documented below.
googleAccount SecurityScanConfigAuthenticationGoogleAccount: Describes authentication configuration that uses a Google account. Structure is documented below.

customAccount Dict[SecurityScanConfigAuthenticationCustomAccount]: Describes authentication configuration that uses a custom account. Structure is documented below.
googleAccount Dict[SecurityScanConfigAuthenticationGoogleAccount]: Describes authentication configuration that uses a Google account. Structure is documented below.

SecurityScanConfigAuthenticationCustomAccount

See the input and output API doc for this type.

LoginUrl string: The login form URL of the website.
Password string: The password of the custom account. The credential is stored encrypted in GCP. Note: This property is sensitive and will not be displayed in the plan.
Username string: The user name of the custom account.

LoginUrl string: The login form URL of the website.
Password string: The password of the custom account. The credential is stored encrypted in GCP. Note: This property is sensitive and will not be displayed in the plan.
Username string: The user name of the custom account.

loginUrl string: The login form URL of the website.
password string: The password of the custom account. The credential is stored encrypted in GCP. Note: This property is sensitive and will not be displayed in the plan.
username string: The user name of the custom account.

loginUrl str: The login form URL of the website.
password str: The password of the custom account. The credential is stored encrypted in GCP. Note: This property is sensitive and will not be displayed in the plan.
username str: The user name of the custom account.

SecurityScanConfigAuthenticationGoogleAccount

See the input and output API doc for this type.

Password string: The password of the custom account. The credential is stored encrypted in GCP. Note: This property is sensitive and will not be displayed in the plan.
Username string: The user name of the custom account.

Password string: The password of the custom account. The credential is stored encrypted in GCP. Note: This property is sensitive and will not be displayed in the plan.
Username string: The user name of the custom account.

password string: The password of the custom account. The credential is stored encrypted in GCP. Note: This property is sensitive and will not be displayed in the plan.
username string: The user name of the custom account.

password str: The password of the custom account. The credential is stored encrypted in GCP. Note: This property is sensitive and will not be displayed in the plan.
username str: The user name of the custom account.

SecurityScanConfigSchedule

See the input and output API doc for this type.

IntervalDurationDays int: The duration of time between executions in days
ScheduleTime string: A timestamp indicates when the next run will be scheduled. The value is refreshed by the server after each run. If unspecified, it will default to current server time, which means the scan will be scheduled to start immediately.

IntervalDurationDays int: The duration of time between executions in days
ScheduleTime string: A timestamp indicates when the next run will be scheduled. The value is refreshed by the server after each run. If unspecified, it will default to current server time, which means the scan will be scheduled to start immediately.

intervalDurationDays number: The duration of time between executions in days
scheduleTime string: A timestamp indicates when the next run will be scheduled. The value is refreshed by the server after each run. If unspecified, it will default to current server time, which means the scan will be scheduled to start immediately.

intervalDurationDays float: The duration of time between executions in days
scheduleTime str: A timestamp indicates when the next run will be scheduled. The value is refreshed by the server after each run. If unspecified, it will default to current server time, which means the scan will be scheduled to start immediately.

Package Details

Repository: https://github.com/pulumi/pulumi-gcp
License: Apache-2.0
Notes: This Pulumi package is based on the google-beta Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

SecurityScanConfig

Create a SecurityScanConfig Resource

SecurityScanConfig Resource Properties

Inputs

Outputs

Look up an Existing SecurityScanConfig Resource

Supporting Types

SecurityScanConfigAuthentication

SecurityScanConfigAuthenticationCustomAccount

SecurityScanConfigAuthenticationGoogleAccount

SecurityScanConfigSchedule

Package Details

On This Page