1. Packages
  2. Aquasec
  3. API Docs
  4. FunctionAssurancePolicy
Aquasec v0.8.29 published on Monday, Jul 22, 2024 by Pulumiverse

aquasec.FunctionAssurancePolicy

Explore with Pulumi AI

aquasec logo
Aquasec v0.8.29 published on Monday, Jul 22, 2024 by Pulumiverse

    Aqua ensures function security for AWS Lambda, Microsoft Azure, and Google Cloud. This includes: Scanning functions for vulnerabilities and sensitive data. AWS and Azure functions are also checked for excessive permissions. Evaluating function risks based on scan results, according to Function Assurance Policies. Checking function compliance with these policies. For AWS and Azure, implementing security actions, such as blocking execution of risky functions or failing the CI/CD pipeline. Providing comprehensive audits of all security risks, viewable in Aqua Server or a SIEM system.

    Create FunctionAssurancePolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new FunctionAssurancePolicy(name: string, args: FunctionAssurancePolicyArgs, opts?: CustomResourceOptions);
    @overload
    def FunctionAssurancePolicy(resource_name: str,
                                args: FunctionAssurancePolicyArgs,
                                opts: Optional[ResourceOptions] = None)
    
    @overload
    def FunctionAssurancePolicy(resource_name: str,
                                opts: Optional[ResourceOptions] = None,
                                application_scopes: Optional[Sequence[str]] = None,
                                aggregated_vulnerability: Optional[Mapping[str, str]] = None,
                                allowed_images: Optional[Sequence[str]] = None,
                                assurance_type: Optional[str] = None,
                                audit_on_failure: Optional[bool] = None,
                                author: Optional[str] = None,
                                auto_scan_configured: Optional[bool] = None,
                                auto_scan_enabled: Optional[bool] = None,
                                auto_scan_times: Optional[Sequence[FunctionAssurancePolicyAutoScanTimeArgs]] = None,
                                blacklist_permissions: Optional[Sequence[str]] = None,
                                blacklist_permissions_enabled: Optional[bool] = None,
                                blacklisted_licenses: Optional[Sequence[str]] = None,
                                blacklisted_licenses_enabled: Optional[bool] = None,
                                block_failed: Optional[bool] = None,
                                control_exclude_no_fix: Optional[bool] = None,
                                custom_checks: Optional[Sequence[FunctionAssurancePolicyCustomCheckArgs]] = None,
                                custom_checks_enabled: Optional[bool] = None,
                                custom_severity: Optional[str] = None,
                                custom_severity_enabled: Optional[bool] = None,
                                cves_black_list_enabled: Optional[bool] = None,
                                cves_black_lists: Optional[Sequence[str]] = None,
                                cves_white_list_enabled: Optional[bool] = None,
                                cves_white_lists: Optional[Sequence[str]] = None,
                                cvss_severity: Optional[str] = None,
                                cvss_severity_enabled: Optional[bool] = None,
                                cvss_severity_exclude_no_fix: Optional[bool] = None,
                                description: Optional[str] = None,
                                disallow_exploit_types: Optional[Sequence[str]] = None,
                                disallow_malware: Optional[bool] = None,
                                docker_cis_enabled: Optional[bool] = None,
                                domain: Optional[str] = None,
                                domain_name: Optional[str] = None,
                                dta_enabled: Optional[bool] = None,
                                dta_severity: Optional[str] = None,
                                enabled: Optional[bool] = None,
                                enforce: Optional[bool] = None,
                                enforce_after_days: Optional[int] = None,
                                enforce_excessive_permissions: Optional[bool] = None,
                                exceptional_monitored_malware_paths: Optional[Sequence[str]] = None,
                                exclude_application_scopes: Optional[Sequence[str]] = None,
                                fail_cicd: Optional[bool] = None,
                                forbidden_labels: Optional[Sequence[FunctionAssurancePolicyForbiddenLabelArgs]] = None,
                                forbidden_labels_enabled: Optional[bool] = None,
                                force_microenforcer: Optional[bool] = None,
                                function_integrity_enabled: Optional[bool] = None,
                                ignore_base_image_vln: Optional[bool] = None,
                                ignore_recently_published_vln: Optional[bool] = None,
                                ignore_recently_published_vln_period: Optional[int] = None,
                                ignore_risk_resources_enabled: Optional[bool] = None,
                                ignored_risk_resources: Optional[Sequence[str]] = None,
                                ignored_sensitive_resources: Optional[Sequence[str]] = None,
                                images: Optional[Sequence[str]] = None,
                                kube_cis_enabled: Optional[bool] = None,
                                kubernetes_controls: Optional[Sequence[FunctionAssurancePolicyKubernetesControlArgs]] = None,
                                kubernetes_controls_avd_ids: Optional[Sequence[str]] = None,
                                kubernetes_controls_names: Optional[Sequence[str]] = None,
                                labels: Optional[Sequence[str]] = None,
                                lastupdate: Optional[str] = None,
                                linux_cis_enabled: Optional[bool] = None,
                                malware_action: Optional[str] = None,
                                maximum_score: Optional[float] = None,
                                maximum_score_enabled: Optional[bool] = None,
                                maximum_score_exclude_no_fix: Optional[bool] = None,
                                monitored_malware_paths: Optional[Sequence[str]] = None,
                                name: Optional[str] = None,
                                only_none_root_users: Optional[bool] = None,
                                openshift_hardening_enabled: Optional[bool] = None,
                                packages_black_list_enabled: Optional[bool] = None,
                                packages_black_lists: Optional[Sequence[FunctionAssurancePolicyPackagesBlackListArgs]] = None,
                                packages_white_list_enabled: Optional[bool] = None,
                                packages_white_lists: Optional[Sequence[FunctionAssurancePolicyPackagesWhiteListArgs]] = None,
                                partial_results_image_fail: Optional[bool] = None,
                                permission: Optional[str] = None,
                                policy_settings: Optional[FunctionAssurancePolicyPolicySettingsArgs] = None,
                                read_only: Optional[bool] = None,
                                registries: Optional[Sequence[str]] = None,
                                registry: Optional[str] = None,
                                required_labels: Optional[Sequence[FunctionAssurancePolicyRequiredLabelArgs]] = None,
                                required_labels_enabled: Optional[bool] = None,
                                scan_malware_in_archives: Optional[bool] = None,
                                scan_nfs_mounts: Optional[bool] = None,
                                scan_process_memory: Optional[bool] = None,
                                scan_sensitive_data: Optional[bool] = None,
                                scan_windows_registry: Optional[bool] = None,
                                scap_enabled: Optional[bool] = None,
                                scap_files: Optional[Sequence[str]] = None,
                                scopes: Optional[Sequence[FunctionAssurancePolicyScopeArgs]] = None,
                                trusted_base_images: Optional[Sequence[FunctionAssurancePolicyTrustedBaseImageArgs]] = None,
                                trusted_base_images_enabled: Optional[bool] = None,
                                vulnerability_exploitability: Optional[bool] = None,
                                vulnerability_score_ranges: Optional[Sequence[int]] = None,
                                whitelisted_licenses: Optional[Sequence[str]] = None,
                                whitelisted_licenses_enabled: Optional[bool] = None)
    func NewFunctionAssurancePolicy(ctx *Context, name string, args FunctionAssurancePolicyArgs, opts ...ResourceOption) (*FunctionAssurancePolicy, error)
    public FunctionAssurancePolicy(string name, FunctionAssurancePolicyArgs args, CustomResourceOptions? opts = null)
    public FunctionAssurancePolicy(String name, FunctionAssurancePolicyArgs args)
    public FunctionAssurancePolicy(String name, FunctionAssurancePolicyArgs args, CustomResourceOptions options)
    
    type: aquasec:FunctionAssurancePolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args FunctionAssurancePolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args FunctionAssurancePolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args FunctionAssurancePolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args FunctionAssurancePolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args FunctionAssurancePolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var functionAssurancePolicyResource = new Aquasec.FunctionAssurancePolicy("functionAssurancePolicyResource", new()
    {
        ApplicationScopes = new[]
        {
            "string",
        },
        AggregatedVulnerability = 
        {
            { "string", "string" },
        },
        AllowedImages = new[]
        {
            "string",
        },
        AssuranceType = "string",
        AuditOnFailure = false,
        Author = "string",
        AutoScanConfigured = false,
        AutoScanEnabled = false,
        AutoScanTimes = new[]
        {
            new Aquasec.Inputs.FunctionAssurancePolicyAutoScanTimeArgs
            {
                Iteration = 0,
                IterationType = "string",
                Time = "string",
                WeekDays = new[]
                {
                    "string",
                },
            },
        },
        BlacklistPermissions = new[]
        {
            "string",
        },
        BlacklistPermissionsEnabled = false,
        BlacklistedLicenses = new[]
        {
            "string",
        },
        BlacklistedLicensesEnabled = false,
        BlockFailed = false,
        ControlExcludeNoFix = false,
        CustomChecks = new[]
        {
            new Aquasec.Inputs.FunctionAssurancePolicyCustomCheckArgs
            {
                Author = "string",
                Description = "string",
                Engine = "string",
                LastModified = 0,
                Name = "string",
                Path = "string",
                ReadOnly = false,
                ScriptId = "string",
                Severity = "string",
                Snippet = "string",
            },
        },
        CustomChecksEnabled = false,
        CustomSeverity = "string",
        CustomSeverityEnabled = false,
        CvesBlackListEnabled = false,
        CvesBlackLists = new[]
        {
            "string",
        },
        CvesWhiteListEnabled = false,
        CvesWhiteLists = new[]
        {
            "string",
        },
        CvssSeverity = "string",
        CvssSeverityEnabled = false,
        CvssSeverityExcludeNoFix = false,
        Description = "string",
        DisallowExploitTypes = new[]
        {
            "string",
        },
        DisallowMalware = false,
        DockerCisEnabled = false,
        Domain = "string",
        DomainName = "string",
        DtaEnabled = false,
        DtaSeverity = "string",
        Enabled = false,
        Enforce = false,
        EnforceAfterDays = 0,
        EnforceExcessivePermissions = false,
        ExceptionalMonitoredMalwarePaths = new[]
        {
            "string",
        },
        ExcludeApplicationScopes = new[]
        {
            "string",
        },
        FailCicd = false,
        ForbiddenLabels = new[]
        {
            new Aquasec.Inputs.FunctionAssurancePolicyForbiddenLabelArgs
            {
                Key = "string",
                Value = "string",
            },
        },
        ForbiddenLabelsEnabled = false,
        ForceMicroenforcer = false,
        FunctionIntegrityEnabled = false,
        IgnoreBaseImageVln = false,
        IgnoreRecentlyPublishedVln = false,
        IgnoreRecentlyPublishedVlnPeriod = 0,
        IgnoreRiskResourcesEnabled = false,
        IgnoredRiskResources = new[]
        {
            "string",
        },
        IgnoredSensitiveResources = new[]
        {
            "string",
        },
        Images = new[]
        {
            "string",
        },
        KubeCisEnabled = false,
        KubernetesControls = new[]
        {
            new Aquasec.Inputs.FunctionAssurancePolicyKubernetesControlArgs
            {
                AvdId = "string",
                Description = "string",
                Enabled = false,
                Kind = "string",
                Name = "string",
                Ootb = false,
                ScriptId = 0,
                Severity = "string",
            },
        },
        KubernetesControlsAvdIds = new[]
        {
            "string",
        },
        KubernetesControlsNames = new[]
        {
            "string",
        },
        Labels = new[]
        {
            "string",
        },
        Lastupdate = "string",
        LinuxCisEnabled = false,
        MalwareAction = "string",
        MaximumScore = 0,
        MaximumScoreEnabled = false,
        MaximumScoreExcludeNoFix = false,
        MonitoredMalwarePaths = new[]
        {
            "string",
        },
        Name = "string",
        OnlyNoneRootUsers = false,
        OpenshiftHardeningEnabled = false,
        PackagesBlackListEnabled = false,
        PackagesBlackLists = new[]
        {
            new Aquasec.Inputs.FunctionAssurancePolicyPackagesBlackListArgs
            {
                Arch = "string",
                Display = "string",
                Epoch = "string",
                Format = "string",
                License = "string",
                Name = "string",
                Release = "string",
                Version = "string",
                VersionRange = "string",
            },
        },
        PackagesWhiteListEnabled = false,
        PackagesWhiteLists = new[]
        {
            new Aquasec.Inputs.FunctionAssurancePolicyPackagesWhiteListArgs
            {
                Arch = "string",
                Display = "string",
                Epoch = "string",
                Format = "string",
                License = "string",
                Name = "string",
                Release = "string",
                Version = "string",
                VersionRange = "string",
            },
        },
        PartialResultsImageFail = false,
        Permission = "string",
        PolicySettings = new Aquasec.Inputs.FunctionAssurancePolicyPolicySettingsArgs
        {
            Enforce = false,
            IsAuditChecked = false,
            Warn = false,
            WarningMessage = "string",
        },
        ReadOnly = false,
        Registries = new[]
        {
            "string",
        },
        Registry = "string",
        RequiredLabels = new[]
        {
            new Aquasec.Inputs.FunctionAssurancePolicyRequiredLabelArgs
            {
                Key = "string",
                Value = "string",
            },
        },
        RequiredLabelsEnabled = false,
        ScanMalwareInArchives = false,
        ScanNfsMounts = false,
        ScanProcessMemory = false,
        ScanSensitiveData = false,
        ScanWindowsRegistry = false,
        ScapEnabled = false,
        ScapFiles = new[]
        {
            "string",
        },
        Scopes = new[]
        {
            new Aquasec.Inputs.FunctionAssurancePolicyScopeArgs
            {
                Expression = "string",
                Variables = new[]
                {
                    new Aquasec.Inputs.FunctionAssurancePolicyScopeVariableArgs
                    {
                        Attribute = "string",
                        Name = "string",
                        Value = "string",
                    },
                },
            },
        },
        TrustedBaseImages = new[]
        {
            new Aquasec.Inputs.FunctionAssurancePolicyTrustedBaseImageArgs
            {
                Imagename = "string",
                Registry = "string",
            },
        },
        TrustedBaseImagesEnabled = false,
        VulnerabilityExploitability = false,
        VulnerabilityScoreRanges = new[]
        {
            0,
        },
        WhitelistedLicenses = new[]
        {
            "string",
        },
        WhitelistedLicensesEnabled = false,
    });
    
    example, err := aquasec.NewFunctionAssurancePolicy(ctx, "functionAssurancePolicyResource", &aquasec.FunctionAssurancePolicyArgs{
    	ApplicationScopes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	AggregatedVulnerability: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	AllowedImages: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	AssuranceType:      pulumi.String("string"),
    	AuditOnFailure:     pulumi.Bool(false),
    	Author:             pulumi.String("string"),
    	AutoScanConfigured: pulumi.Bool(false),
    	AutoScanEnabled:    pulumi.Bool(false),
    	AutoScanTimes: aquasec.FunctionAssurancePolicyAutoScanTimeArray{
    		&aquasec.FunctionAssurancePolicyAutoScanTimeArgs{
    			Iteration:     pulumi.Int(0),
    			IterationType: pulumi.String("string"),
    			Time:          pulumi.String("string"),
    			WeekDays: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	BlacklistPermissions: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	BlacklistPermissionsEnabled: pulumi.Bool(false),
    	BlacklistedLicenses: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	BlacklistedLicensesEnabled: pulumi.Bool(false),
    	BlockFailed:                pulumi.Bool(false),
    	ControlExcludeNoFix:        pulumi.Bool(false),
    	CustomChecks: aquasec.FunctionAssurancePolicyCustomCheckArray{
    		&aquasec.FunctionAssurancePolicyCustomCheckArgs{
    			Author:       pulumi.String("string"),
    			Description:  pulumi.String("string"),
    			Engine:       pulumi.String("string"),
    			LastModified: pulumi.Int(0),
    			Name:         pulumi.String("string"),
    			Path:         pulumi.String("string"),
    			ReadOnly:     pulumi.Bool(false),
    			ScriptId:     pulumi.String("string"),
    			Severity:     pulumi.String("string"),
    			Snippet:      pulumi.String("string"),
    		},
    	},
    	CustomChecksEnabled:   pulumi.Bool(false),
    	CustomSeverity:        pulumi.String("string"),
    	CustomSeverityEnabled: pulumi.Bool(false),
    	CvesBlackListEnabled:  pulumi.Bool(false),
    	CvesBlackLists: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	CvesWhiteListEnabled: pulumi.Bool(false),
    	CvesWhiteLists: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	CvssSeverity:             pulumi.String("string"),
    	CvssSeverityEnabled:      pulumi.Bool(false),
    	CvssSeverityExcludeNoFix: pulumi.Bool(false),
    	Description:              pulumi.String("string"),
    	DisallowExploitTypes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	DisallowMalware:             pulumi.Bool(false),
    	DockerCisEnabled:            pulumi.Bool(false),
    	Domain:                      pulumi.String("string"),
    	DomainName:                  pulumi.String("string"),
    	DtaEnabled:                  pulumi.Bool(false),
    	DtaSeverity:                 pulumi.String("string"),
    	Enabled:                     pulumi.Bool(false),
    	Enforce:                     pulumi.Bool(false),
    	EnforceAfterDays:            pulumi.Int(0),
    	EnforceExcessivePermissions: pulumi.Bool(false),
    	ExceptionalMonitoredMalwarePaths: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	ExcludeApplicationScopes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	FailCicd: pulumi.Bool(false),
    	ForbiddenLabels: aquasec.FunctionAssurancePolicyForbiddenLabelArray{
    		&aquasec.FunctionAssurancePolicyForbiddenLabelArgs{
    			Key:   pulumi.String("string"),
    			Value: pulumi.String("string"),
    		},
    	},
    	ForbiddenLabelsEnabled:           pulumi.Bool(false),
    	ForceMicroenforcer:               pulumi.Bool(false),
    	FunctionIntegrityEnabled:         pulumi.Bool(false),
    	IgnoreBaseImageVln:               pulumi.Bool(false),
    	IgnoreRecentlyPublishedVln:       pulumi.Bool(false),
    	IgnoreRecentlyPublishedVlnPeriod: pulumi.Int(0),
    	IgnoreRiskResourcesEnabled:       pulumi.Bool(false),
    	IgnoredRiskResources: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	IgnoredSensitiveResources: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Images: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	KubeCisEnabled: pulumi.Bool(false),
    	KubernetesControls: aquasec.FunctionAssurancePolicyKubernetesControlArray{
    		&aquasec.FunctionAssurancePolicyKubernetesControlArgs{
    			AvdId:       pulumi.String("string"),
    			Description: pulumi.String("string"),
    			Enabled:     pulumi.Bool(false),
    			Kind:        pulumi.String("string"),
    			Name:        pulumi.String("string"),
    			Ootb:        pulumi.Bool(false),
    			ScriptId:    pulumi.Int(0),
    			Severity:    pulumi.String("string"),
    		},
    	},
    	KubernetesControlsAvdIds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	KubernetesControlsNames: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Labels: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Lastupdate:               pulumi.String("string"),
    	LinuxCisEnabled:          pulumi.Bool(false),
    	MalwareAction:            pulumi.String("string"),
    	MaximumScore:             pulumi.Float64(0),
    	MaximumScoreEnabled:      pulumi.Bool(false),
    	MaximumScoreExcludeNoFix: pulumi.Bool(false),
    	MonitoredMalwarePaths: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Name:                      pulumi.String("string"),
    	OnlyNoneRootUsers:         pulumi.Bool(false),
    	OpenshiftHardeningEnabled: pulumi.Bool(false),
    	PackagesBlackListEnabled:  pulumi.Bool(false),
    	PackagesBlackLists: aquasec.FunctionAssurancePolicyPackagesBlackListArray{
    		&aquasec.FunctionAssurancePolicyPackagesBlackListArgs{
    			Arch:         pulumi.String("string"),
    			Display:      pulumi.String("string"),
    			Epoch:        pulumi.String("string"),
    			Format:       pulumi.String("string"),
    			License:      pulumi.String("string"),
    			Name:         pulumi.String("string"),
    			Release:      pulumi.String("string"),
    			Version:      pulumi.String("string"),
    			VersionRange: pulumi.String("string"),
    		},
    	},
    	PackagesWhiteListEnabled: pulumi.Bool(false),
    	PackagesWhiteLists: aquasec.FunctionAssurancePolicyPackagesWhiteListArray{
    		&aquasec.FunctionAssurancePolicyPackagesWhiteListArgs{
    			Arch:         pulumi.String("string"),
    			Display:      pulumi.String("string"),
    			Epoch:        pulumi.String("string"),
    			Format:       pulumi.String("string"),
    			License:      pulumi.String("string"),
    			Name:         pulumi.String("string"),
    			Release:      pulumi.String("string"),
    			Version:      pulumi.String("string"),
    			VersionRange: pulumi.String("string"),
    		},
    	},
    	PartialResultsImageFail: pulumi.Bool(false),
    	Permission:              pulumi.String("string"),
    	PolicySettings: &aquasec.FunctionAssurancePolicyPolicySettingsArgs{
    		Enforce:        pulumi.Bool(false),
    		IsAuditChecked: pulumi.Bool(false),
    		Warn:           pulumi.Bool(false),
    		WarningMessage: pulumi.String("string"),
    	},
    	ReadOnly: pulumi.Bool(false),
    	Registries: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Registry: pulumi.String("string"),
    	RequiredLabels: aquasec.FunctionAssurancePolicyRequiredLabelArray{
    		&aquasec.FunctionAssurancePolicyRequiredLabelArgs{
    			Key:   pulumi.String("string"),
    			Value: pulumi.String("string"),
    		},
    	},
    	RequiredLabelsEnabled: pulumi.Bool(false),
    	ScanMalwareInArchives: pulumi.Bool(false),
    	ScanNfsMounts:         pulumi.Bool(false),
    	ScanProcessMemory:     pulumi.Bool(false),
    	ScanSensitiveData:     pulumi.Bool(false),
    	ScanWindowsRegistry:   pulumi.Bool(false),
    	ScapEnabled:           pulumi.Bool(false),
    	ScapFiles: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Scopes: aquasec.FunctionAssurancePolicyScopeArray{
    		&aquasec.FunctionAssurancePolicyScopeArgs{
    			Expression: pulumi.String("string"),
    			Variables: aquasec.FunctionAssurancePolicyScopeVariableArray{
    				&aquasec.FunctionAssurancePolicyScopeVariableArgs{
    					Attribute: pulumi.String("string"),
    					Name:      pulumi.String("string"),
    					Value:     pulumi.String("string"),
    				},
    			},
    		},
    	},
    	TrustedBaseImages: aquasec.FunctionAssurancePolicyTrustedBaseImageArray{
    		&aquasec.FunctionAssurancePolicyTrustedBaseImageArgs{
    			Imagename: pulumi.String("string"),
    			Registry:  pulumi.String("string"),
    		},
    	},
    	TrustedBaseImagesEnabled:    pulumi.Bool(false),
    	VulnerabilityExploitability: pulumi.Bool(false),
    	VulnerabilityScoreRanges: pulumi.IntArray{
    		pulumi.Int(0),
    	},
    	WhitelistedLicenses: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	WhitelistedLicensesEnabled: pulumi.Bool(false),
    })
    
    var functionAssurancePolicyResource = new FunctionAssurancePolicy("functionAssurancePolicyResource", FunctionAssurancePolicyArgs.builder()
        .applicationScopes("string")
        .aggregatedVulnerability(Map.of("string", "string"))
        .allowedImages("string")
        .assuranceType("string")
        .auditOnFailure(false)
        .author("string")
        .autoScanConfigured(false)
        .autoScanEnabled(false)
        .autoScanTimes(FunctionAssurancePolicyAutoScanTimeArgs.builder()
            .iteration(0)
            .iterationType("string")
            .time("string")
            .weekDays("string")
            .build())
        .blacklistPermissions("string")
        .blacklistPermissionsEnabled(false)
        .blacklistedLicenses("string")
        .blacklistedLicensesEnabled(false)
        .blockFailed(false)
        .controlExcludeNoFix(false)
        .customChecks(FunctionAssurancePolicyCustomCheckArgs.builder()
            .author("string")
            .description("string")
            .engine("string")
            .lastModified(0)
            .name("string")
            .path("string")
            .readOnly(false)
            .scriptId("string")
            .severity("string")
            .snippet("string")
            .build())
        .customChecksEnabled(false)
        .customSeverity("string")
        .customSeverityEnabled(false)
        .cvesBlackListEnabled(false)
        .cvesBlackLists("string")
        .cvesWhiteListEnabled(false)
        .cvesWhiteLists("string")
        .cvssSeverity("string")
        .cvssSeverityEnabled(false)
        .cvssSeverityExcludeNoFix(false)
        .description("string")
        .disallowExploitTypes("string")
        .disallowMalware(false)
        .dockerCisEnabled(false)
        .domain("string")
        .domainName("string")
        .dtaEnabled(false)
        .dtaSeverity("string")
        .enabled(false)
        .enforce(false)
        .enforceAfterDays(0)
        .enforceExcessivePermissions(false)
        .exceptionalMonitoredMalwarePaths("string")
        .excludeApplicationScopes("string")
        .failCicd(false)
        .forbiddenLabels(FunctionAssurancePolicyForbiddenLabelArgs.builder()
            .key("string")
            .value("string")
            .build())
        .forbiddenLabelsEnabled(false)
        .forceMicroenforcer(false)
        .functionIntegrityEnabled(false)
        .ignoreBaseImageVln(false)
        .ignoreRecentlyPublishedVln(false)
        .ignoreRecentlyPublishedVlnPeriod(0)
        .ignoreRiskResourcesEnabled(false)
        .ignoredRiskResources("string")
        .ignoredSensitiveResources("string")
        .images("string")
        .kubeCisEnabled(false)
        .kubernetesControls(FunctionAssurancePolicyKubernetesControlArgs.builder()
            .avdId("string")
            .description("string")
            .enabled(false)
            .kind("string")
            .name("string")
            .ootb(false)
            .scriptId(0)
            .severity("string")
            .build())
        .kubernetesControlsAvdIds("string")
        .kubernetesControlsNames("string")
        .labels("string")
        .lastupdate("string")
        .linuxCisEnabled(false)
        .malwareAction("string")
        .maximumScore(0)
        .maximumScoreEnabled(false)
        .maximumScoreExcludeNoFix(false)
        .monitoredMalwarePaths("string")
        .name("string")
        .onlyNoneRootUsers(false)
        .openshiftHardeningEnabled(false)
        .packagesBlackListEnabled(false)
        .packagesBlackLists(FunctionAssurancePolicyPackagesBlackListArgs.builder()
            .arch("string")
            .display("string")
            .epoch("string")
            .format("string")
            .license("string")
            .name("string")
            .release("string")
            .version("string")
            .versionRange("string")
            .build())
        .packagesWhiteListEnabled(false)
        .packagesWhiteLists(FunctionAssurancePolicyPackagesWhiteListArgs.builder()
            .arch("string")
            .display("string")
            .epoch("string")
            .format("string")
            .license("string")
            .name("string")
            .release("string")
            .version("string")
            .versionRange("string")
            .build())
        .partialResultsImageFail(false)
        .permission("string")
        .policySettings(FunctionAssurancePolicyPolicySettingsArgs.builder()
            .enforce(false)
            .isAuditChecked(false)
            .warn(false)
            .warningMessage("string")
            .build())
        .readOnly(false)
        .registries("string")
        .registry("string")
        .requiredLabels(FunctionAssurancePolicyRequiredLabelArgs.builder()
            .key("string")
            .value("string")
            .build())
        .requiredLabelsEnabled(false)
        .scanMalwareInArchives(false)
        .scanNfsMounts(false)
        .scanProcessMemory(false)
        .scanSensitiveData(false)
        .scanWindowsRegistry(false)
        .scapEnabled(false)
        .scapFiles("string")
        .scopes(FunctionAssurancePolicyScopeArgs.builder()
            .expression("string")
            .variables(FunctionAssurancePolicyScopeVariableArgs.builder()
                .attribute("string")
                .name("string")
                .value("string")
                .build())
            .build())
        .trustedBaseImages(FunctionAssurancePolicyTrustedBaseImageArgs.builder()
            .imagename("string")
            .registry("string")
            .build())
        .trustedBaseImagesEnabled(false)
        .vulnerabilityExploitability(false)
        .vulnerabilityScoreRanges(0)
        .whitelistedLicenses("string")
        .whitelistedLicensesEnabled(false)
        .build());
    
    function_assurance_policy_resource = aquasec.FunctionAssurancePolicy("functionAssurancePolicyResource",
        application_scopes=["string"],
        aggregated_vulnerability={
            "string": "string",
        },
        allowed_images=["string"],
        assurance_type="string",
        audit_on_failure=False,
        author="string",
        auto_scan_configured=False,
        auto_scan_enabled=False,
        auto_scan_times=[{
            "iteration": 0,
            "iteration_type": "string",
            "time": "string",
            "week_days": ["string"],
        }],
        blacklist_permissions=["string"],
        blacklist_permissions_enabled=False,
        blacklisted_licenses=["string"],
        blacklisted_licenses_enabled=False,
        block_failed=False,
        control_exclude_no_fix=False,
        custom_checks=[{
            "author": "string",
            "description": "string",
            "engine": "string",
            "last_modified": 0,
            "name": "string",
            "path": "string",
            "read_only": False,
            "script_id": "string",
            "severity": "string",
            "snippet": "string",
        }],
        custom_checks_enabled=False,
        custom_severity="string",
        custom_severity_enabled=False,
        cves_black_list_enabled=False,
        cves_black_lists=["string"],
        cves_white_list_enabled=False,
        cves_white_lists=["string"],
        cvss_severity="string",
        cvss_severity_enabled=False,
        cvss_severity_exclude_no_fix=False,
        description="string",
        disallow_exploit_types=["string"],
        disallow_malware=False,
        docker_cis_enabled=False,
        domain="string",
        domain_name="string",
        dta_enabled=False,
        dta_severity="string",
        enabled=False,
        enforce=False,
        enforce_after_days=0,
        enforce_excessive_permissions=False,
        exceptional_monitored_malware_paths=["string"],
        exclude_application_scopes=["string"],
        fail_cicd=False,
        forbidden_labels=[{
            "key": "string",
            "value": "string",
        }],
        forbidden_labels_enabled=False,
        force_microenforcer=False,
        function_integrity_enabled=False,
        ignore_base_image_vln=False,
        ignore_recently_published_vln=False,
        ignore_recently_published_vln_period=0,
        ignore_risk_resources_enabled=False,
        ignored_risk_resources=["string"],
        ignored_sensitive_resources=["string"],
        images=["string"],
        kube_cis_enabled=False,
        kubernetes_controls=[{
            "avd_id": "string",
            "description": "string",
            "enabled": False,
            "kind": "string",
            "name": "string",
            "ootb": False,
            "script_id": 0,
            "severity": "string",
        }],
        kubernetes_controls_avd_ids=["string"],
        kubernetes_controls_names=["string"],
        labels=["string"],
        lastupdate="string",
        linux_cis_enabled=False,
        malware_action="string",
        maximum_score=0,
        maximum_score_enabled=False,
        maximum_score_exclude_no_fix=False,
        monitored_malware_paths=["string"],
        name="string",
        only_none_root_users=False,
        openshift_hardening_enabled=False,
        packages_black_list_enabled=False,
        packages_black_lists=[{
            "arch": "string",
            "display": "string",
            "epoch": "string",
            "format": "string",
            "license": "string",
            "name": "string",
            "release": "string",
            "version": "string",
            "version_range": "string",
        }],
        packages_white_list_enabled=False,
        packages_white_lists=[{
            "arch": "string",
            "display": "string",
            "epoch": "string",
            "format": "string",
            "license": "string",
            "name": "string",
            "release": "string",
            "version": "string",
            "version_range": "string",
        }],
        partial_results_image_fail=False,
        permission="string",
        policy_settings={
            "enforce": False,
            "is_audit_checked": False,
            "warn": False,
            "warning_message": "string",
        },
        read_only=False,
        registries=["string"],
        registry="string",
        required_labels=[{
            "key": "string",
            "value": "string",
        }],
        required_labels_enabled=False,
        scan_malware_in_archives=False,
        scan_nfs_mounts=False,
        scan_process_memory=False,
        scan_sensitive_data=False,
        scan_windows_registry=False,
        scap_enabled=False,
        scap_files=["string"],
        scopes=[{
            "expression": "string",
            "variables": [{
                "attribute": "string",
                "name": "string",
                "value": "string",
            }],
        }],
        trusted_base_images=[{
            "imagename": "string",
            "registry": "string",
        }],
        trusted_base_images_enabled=False,
        vulnerability_exploitability=False,
        vulnerability_score_ranges=[0],
        whitelisted_licenses=["string"],
        whitelisted_licenses_enabled=False)
    
    const functionAssurancePolicyResource = new aquasec.FunctionAssurancePolicy("functionAssurancePolicyResource", {
        applicationScopes: ["string"],
        aggregatedVulnerability: {
            string: "string",
        },
        allowedImages: ["string"],
        assuranceType: "string",
        auditOnFailure: false,
        author: "string",
        autoScanConfigured: false,
        autoScanEnabled: false,
        autoScanTimes: [{
            iteration: 0,
            iterationType: "string",
            time: "string",
            weekDays: ["string"],
        }],
        blacklistPermissions: ["string"],
        blacklistPermissionsEnabled: false,
        blacklistedLicenses: ["string"],
        blacklistedLicensesEnabled: false,
        blockFailed: false,
        controlExcludeNoFix: false,
        customChecks: [{
            author: "string",
            description: "string",
            engine: "string",
            lastModified: 0,
            name: "string",
            path: "string",
            readOnly: false,
            scriptId: "string",
            severity: "string",
            snippet: "string",
        }],
        customChecksEnabled: false,
        customSeverity: "string",
        customSeverityEnabled: false,
        cvesBlackListEnabled: false,
        cvesBlackLists: ["string"],
        cvesWhiteListEnabled: false,
        cvesWhiteLists: ["string"],
        cvssSeverity: "string",
        cvssSeverityEnabled: false,
        cvssSeverityExcludeNoFix: false,
        description: "string",
        disallowExploitTypes: ["string"],
        disallowMalware: false,
        dockerCisEnabled: false,
        domain: "string",
        domainName: "string",
        dtaEnabled: false,
        dtaSeverity: "string",
        enabled: false,
        enforce: false,
        enforceAfterDays: 0,
        enforceExcessivePermissions: false,
        exceptionalMonitoredMalwarePaths: ["string"],
        excludeApplicationScopes: ["string"],
        failCicd: false,
        forbiddenLabels: [{
            key: "string",
            value: "string",
        }],
        forbiddenLabelsEnabled: false,
        forceMicroenforcer: false,
        functionIntegrityEnabled: false,
        ignoreBaseImageVln: false,
        ignoreRecentlyPublishedVln: false,
        ignoreRecentlyPublishedVlnPeriod: 0,
        ignoreRiskResourcesEnabled: false,
        ignoredRiskResources: ["string"],
        ignoredSensitiveResources: ["string"],
        images: ["string"],
        kubeCisEnabled: false,
        kubernetesControls: [{
            avdId: "string",
            description: "string",
            enabled: false,
            kind: "string",
            name: "string",
            ootb: false,
            scriptId: 0,
            severity: "string",
        }],
        kubernetesControlsAvdIds: ["string"],
        kubernetesControlsNames: ["string"],
        labels: ["string"],
        lastupdate: "string",
        linuxCisEnabled: false,
        malwareAction: "string",
        maximumScore: 0,
        maximumScoreEnabled: false,
        maximumScoreExcludeNoFix: false,
        monitoredMalwarePaths: ["string"],
        name: "string",
        onlyNoneRootUsers: false,
        openshiftHardeningEnabled: false,
        packagesBlackListEnabled: false,
        packagesBlackLists: [{
            arch: "string",
            display: "string",
            epoch: "string",
            format: "string",
            license: "string",
            name: "string",
            release: "string",
            version: "string",
            versionRange: "string",
        }],
        packagesWhiteListEnabled: false,
        packagesWhiteLists: [{
            arch: "string",
            display: "string",
            epoch: "string",
            format: "string",
            license: "string",
            name: "string",
            release: "string",
            version: "string",
            versionRange: "string",
        }],
        partialResultsImageFail: false,
        permission: "string",
        policySettings: {
            enforce: false,
            isAuditChecked: false,
            warn: false,
            warningMessage: "string",
        },
        readOnly: false,
        registries: ["string"],
        registry: "string",
        requiredLabels: [{
            key: "string",
            value: "string",
        }],
        requiredLabelsEnabled: false,
        scanMalwareInArchives: false,
        scanNfsMounts: false,
        scanProcessMemory: false,
        scanSensitiveData: false,
        scanWindowsRegistry: false,
        scapEnabled: false,
        scapFiles: ["string"],
        scopes: [{
            expression: "string",
            variables: [{
                attribute: "string",
                name: "string",
                value: "string",
            }],
        }],
        trustedBaseImages: [{
            imagename: "string",
            registry: "string",
        }],
        trustedBaseImagesEnabled: false,
        vulnerabilityExploitability: false,
        vulnerabilityScoreRanges: [0],
        whitelistedLicenses: ["string"],
        whitelistedLicensesEnabled: false,
    });
    
    type: aquasec:FunctionAssurancePolicy
    properties:
        aggregatedVulnerability:
            string: string
        allowedImages:
            - string
        applicationScopes:
            - string
        assuranceType: string
        auditOnFailure: false
        author: string
        autoScanConfigured: false
        autoScanEnabled: false
        autoScanTimes:
            - iteration: 0
              iterationType: string
              time: string
              weekDays:
                - string
        blacklistPermissions:
            - string
        blacklistPermissionsEnabled: false
        blacklistedLicenses:
            - string
        blacklistedLicensesEnabled: false
        blockFailed: false
        controlExcludeNoFix: false
        customChecks:
            - author: string
              description: string
              engine: string
              lastModified: 0
              name: string
              path: string
              readOnly: false
              scriptId: string
              severity: string
              snippet: string
        customChecksEnabled: false
        customSeverity: string
        customSeverityEnabled: false
        cvesBlackListEnabled: false
        cvesBlackLists:
            - string
        cvesWhiteListEnabled: false
        cvesWhiteLists:
            - string
        cvssSeverity: string
        cvssSeverityEnabled: false
        cvssSeverityExcludeNoFix: false
        description: string
        disallowExploitTypes:
            - string
        disallowMalware: false
        dockerCisEnabled: false
        domain: string
        domainName: string
        dtaEnabled: false
        dtaSeverity: string
        enabled: false
        enforce: false
        enforceAfterDays: 0
        enforceExcessivePermissions: false
        exceptionalMonitoredMalwarePaths:
            - string
        excludeApplicationScopes:
            - string
        failCicd: false
        forbiddenLabels:
            - key: string
              value: string
        forbiddenLabelsEnabled: false
        forceMicroenforcer: false
        functionIntegrityEnabled: false
        ignoreBaseImageVln: false
        ignoreRecentlyPublishedVln: false
        ignoreRecentlyPublishedVlnPeriod: 0
        ignoreRiskResourcesEnabled: false
        ignoredRiskResources:
            - string
        ignoredSensitiveResources:
            - string
        images:
            - string
        kubeCisEnabled: false
        kubernetesControls:
            - avdId: string
              description: string
              enabled: false
              kind: string
              name: string
              ootb: false
              scriptId: 0
              severity: string
        kubernetesControlsAvdIds:
            - string
        kubernetesControlsNames:
            - string
        labels:
            - string
        lastupdate: string
        linuxCisEnabled: false
        malwareAction: string
        maximumScore: 0
        maximumScoreEnabled: false
        maximumScoreExcludeNoFix: false
        monitoredMalwarePaths:
            - string
        name: string
        onlyNoneRootUsers: false
        openshiftHardeningEnabled: false
        packagesBlackListEnabled: false
        packagesBlackLists:
            - arch: string
              display: string
              epoch: string
              format: string
              license: string
              name: string
              release: string
              version: string
              versionRange: string
        packagesWhiteListEnabled: false
        packagesWhiteLists:
            - arch: string
              display: string
              epoch: string
              format: string
              license: string
              name: string
              release: string
              version: string
              versionRange: string
        partialResultsImageFail: false
        permission: string
        policySettings:
            enforce: false
            isAuditChecked: false
            warn: false
            warningMessage: string
        readOnly: false
        registries:
            - string
        registry: string
        requiredLabels:
            - key: string
              value: string
        requiredLabelsEnabled: false
        scanMalwareInArchives: false
        scanNfsMounts: false
        scanProcessMemory: false
        scanSensitiveData: false
        scanWindowsRegistry: false
        scapEnabled: false
        scapFiles:
            - string
        scopes:
            - expression: string
              variables:
                - attribute: string
                  name: string
                  value: string
        trustedBaseImages:
            - imagename: string
              registry: string
        trustedBaseImagesEnabled: false
        vulnerabilityExploitability: false
        vulnerabilityScoreRanges:
            - 0
        whitelistedLicenses:
            - string
        whitelistedLicensesEnabled: false
    

    FunctionAssurancePolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The FunctionAssurancePolicy resource accepts the following input properties:

    ApplicationScopes List<string>
    AggregatedVulnerability Dictionary<string, string>
    Aggregated vulnerability information.
    AllowedImages List<string>
    List of explicitly allowed images.
    AssuranceType string
    What type of assurance policy is described.
    AuditOnFailure bool
    Indicates if auditing for failures.
    Author string
    Name of user account that created the policy.
    AutoScanConfigured bool
    AutoScanEnabled bool
    AutoScanTimes List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyAutoScanTime>
    BlacklistPermissions List<string>
    List of function's forbidden permissions.
    BlacklistPermissionsEnabled bool
    Indicates if blacklist permissions is relevant.
    BlacklistedLicenses List<string>
    List of blacklisted licenses.
    BlacklistedLicensesEnabled bool
    Indicates if license blacklist is relevant.
    BlockFailed bool
    Indicates if failed images are blocked.
    ControlExcludeNoFix bool
    CustomChecks List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyCustomCheck>
    List of Custom user scripts for checks.
    CustomChecksEnabled bool
    Indicates if scanning should include custom checks.
    CustomSeverity string
    CustomSeverityEnabled bool
    CvesBlackListEnabled bool
    Indicates if CVEs blacklist is relevant.
    CvesBlackLists List<string>
    List of CVEs blacklisted items.
    CvesWhiteListEnabled bool
    Indicates if CVEs whitelist is relevant.
    CvesWhiteLists List<string>
    List of cves whitelisted licenses
    CvssSeverity string
    Identifier of the cvss severity.
    CvssSeverityEnabled bool
    Indicates if the cvss severity is scanned.
    CvssSeverityExcludeNoFix bool
    Indicates that policy should ignore cvss cases that do not have a known fix.
    Description string
    DisallowExploitTypes List<string>
    DisallowMalware bool
    Indicates if malware should block the image.
    DockerCisEnabled bool
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    Domain string
    Name of the container image.
    DomainName string
    DtaEnabled bool
    DtaSeverity string
    Enabled bool
    Enforce bool
    EnforceAfterDays int
    EnforceExcessivePermissions bool
    ExceptionalMonitoredMalwarePaths List<string>
    ExcludeApplicationScopes List<string>
    FailCicd bool
    Indicates if cicd failures will fail the image.
    ForbiddenLabels List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyForbiddenLabel>
    ForbiddenLabelsEnabled bool
    ForceMicroenforcer bool
    FunctionIntegrityEnabled bool
    IgnoreBaseImageVln bool
    IgnoreRecentlyPublishedVln bool
    IgnoreRecentlyPublishedVlnPeriod int
    IgnoreRiskResourcesEnabled bool
    Indicates if risk resources are ignored.
    IgnoredRiskResources List<string>
    List of ignored risk resources.
    IgnoredSensitiveResources List<string>
    Images List<string>
    List of images.
    KubeCisEnabled bool
    Performs a Kubernetes CIS benchmark check for the host.
    KubernetesControls List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyKubernetesControl>
    List of Kubernetes controls.
    KubernetesControlsAvdIds List<string>
    KubernetesControlsNames List<string>
    Labels List<string>
    List of labels.
    Lastupdate string
    LinuxCisEnabled bool
    MalwareAction string
    MaximumScore double
    Value of allowed maximum score.
    MaximumScoreEnabled bool
    Indicates if exceeding the maximum score is scanned.
    MaximumScoreExcludeNoFix bool
    MonitoredMalwarePaths List<string>
    Name string
    OnlyNoneRootUsers bool
    Indicates if raise a warning for images that should only be run as root.
    OpenshiftHardeningEnabled bool
    PackagesBlackListEnabled bool
    Indicates if packages blacklist is relevant.
    PackagesBlackLists List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyPackagesBlackList>
    List of blacklisted images.
    PackagesWhiteListEnabled bool
    Indicates if packages whitelist is relevant.
    PackagesWhiteLists List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyPackagesWhiteList>
    List of whitelisted images.
    PartialResultsImageFail bool
    Permission string
    PolicySettings Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyPolicySettings
    ReadOnly bool
    Registries List<string>
    List of registries.
    Registry string
    RequiredLabels List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyRequiredLabel>
    RequiredLabelsEnabled bool
    ScanMalwareInArchives bool
    ScanNfsMounts bool
    ScanProcessMemory bool
    ScanSensitiveData bool
    Indicates if scan should include sensitive data in the image.
    ScanWindowsRegistry bool
    ScapEnabled bool
    Indicates if scanning should include scap.
    ScapFiles List<string>
    List of SCAP user scripts for checks.
    Scopes List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyScope>
    TrustedBaseImages List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyTrustedBaseImage>
    List of trusted images.
    TrustedBaseImagesEnabled bool
    Indicates if list of trusted base images is relevant.
    VulnerabilityExploitability bool
    VulnerabilityScoreRanges List<int>
    WhitelistedLicenses List<string>
    List of whitelisted licenses.
    WhitelistedLicensesEnabled bool
    Indicates if license blacklist is relevant.
    ApplicationScopes []string
    AggregatedVulnerability map[string]string
    Aggregated vulnerability information.
    AllowedImages []string
    List of explicitly allowed images.
    AssuranceType string
    What type of assurance policy is described.
    AuditOnFailure bool
    Indicates if auditing for failures.
    Author string
    Name of user account that created the policy.
    AutoScanConfigured bool
    AutoScanEnabled bool
    AutoScanTimes []FunctionAssurancePolicyAutoScanTimeArgs
    BlacklistPermissions []string
    List of function's forbidden permissions.
    BlacklistPermissionsEnabled bool
    Indicates if blacklist permissions is relevant.
    BlacklistedLicenses []string
    List of blacklisted licenses.
    BlacklistedLicensesEnabled bool
    Indicates if license blacklist is relevant.
    BlockFailed bool
    Indicates if failed images are blocked.
    ControlExcludeNoFix bool
    CustomChecks []FunctionAssurancePolicyCustomCheckArgs
    List of Custom user scripts for checks.
    CustomChecksEnabled bool
    Indicates if scanning should include custom checks.
    CustomSeverity string
    CustomSeverityEnabled bool
    CvesBlackListEnabled bool
    Indicates if CVEs blacklist is relevant.
    CvesBlackLists []string
    List of CVEs blacklisted items.
    CvesWhiteListEnabled bool
    Indicates if CVEs whitelist is relevant.
    CvesWhiteLists []string
    List of cves whitelisted licenses
    CvssSeverity string
    Identifier of the cvss severity.
    CvssSeverityEnabled bool
    Indicates if the cvss severity is scanned.
    CvssSeverityExcludeNoFix bool
    Indicates that policy should ignore cvss cases that do not have a known fix.
    Description string
    DisallowExploitTypes []string
    DisallowMalware bool
    Indicates if malware should block the image.
    DockerCisEnabled bool
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    Domain string
    Name of the container image.
    DomainName string
    DtaEnabled bool
    DtaSeverity string
    Enabled bool
    Enforce bool
    EnforceAfterDays int
    EnforceExcessivePermissions bool
    ExceptionalMonitoredMalwarePaths []string
    ExcludeApplicationScopes []string
    FailCicd bool
    Indicates if cicd failures will fail the image.
    ForbiddenLabels []FunctionAssurancePolicyForbiddenLabelArgs
    ForbiddenLabelsEnabled bool
    ForceMicroenforcer bool
    FunctionIntegrityEnabled bool
    IgnoreBaseImageVln bool
    IgnoreRecentlyPublishedVln bool
    IgnoreRecentlyPublishedVlnPeriod int
    IgnoreRiskResourcesEnabled bool
    Indicates if risk resources are ignored.
    IgnoredRiskResources []string
    List of ignored risk resources.
    IgnoredSensitiveResources []string
    Images []string
    List of images.
    KubeCisEnabled bool
    Performs a Kubernetes CIS benchmark check for the host.
    KubernetesControls []FunctionAssurancePolicyKubernetesControlArgs
    List of Kubernetes controls.
    KubernetesControlsAvdIds []string
    KubernetesControlsNames []string
    Labels []string
    List of labels.
    Lastupdate string
    LinuxCisEnabled bool
    MalwareAction string
    MaximumScore float64
    Value of allowed maximum score.
    MaximumScoreEnabled bool
    Indicates if exceeding the maximum score is scanned.
    MaximumScoreExcludeNoFix bool
    MonitoredMalwarePaths []string
    Name string
    OnlyNoneRootUsers bool
    Indicates if raise a warning for images that should only be run as root.
    OpenshiftHardeningEnabled bool
    PackagesBlackListEnabled bool
    Indicates if packages blacklist is relevant.
    PackagesBlackLists []FunctionAssurancePolicyPackagesBlackListArgs
    List of blacklisted images.
    PackagesWhiteListEnabled bool
    Indicates if packages whitelist is relevant.
    PackagesWhiteLists []FunctionAssurancePolicyPackagesWhiteListArgs
    List of whitelisted images.
    PartialResultsImageFail bool
    Permission string
    PolicySettings FunctionAssurancePolicyPolicySettingsArgs
    ReadOnly bool
    Registries []string
    List of registries.
    Registry string
    RequiredLabels []FunctionAssurancePolicyRequiredLabelArgs
    RequiredLabelsEnabled bool
    ScanMalwareInArchives bool
    ScanNfsMounts bool
    ScanProcessMemory bool
    ScanSensitiveData bool
    Indicates if scan should include sensitive data in the image.
    ScanWindowsRegistry bool
    ScapEnabled bool
    Indicates if scanning should include scap.
    ScapFiles []string
    List of SCAP user scripts for checks.
    Scopes []FunctionAssurancePolicyScopeArgs
    TrustedBaseImages []FunctionAssurancePolicyTrustedBaseImageArgs
    List of trusted images.
    TrustedBaseImagesEnabled bool
    Indicates if list of trusted base images is relevant.
    VulnerabilityExploitability bool
    VulnerabilityScoreRanges []int
    WhitelistedLicenses []string
    List of whitelisted licenses.
    WhitelistedLicensesEnabled bool
    Indicates if license blacklist is relevant.
    applicationScopes List<String>
    aggregatedVulnerability Map<String,String>
    Aggregated vulnerability information.
    allowedImages List<String>
    List of explicitly allowed images.
    assuranceType String
    What type of assurance policy is described.
    auditOnFailure Boolean
    Indicates if auditing for failures.
    author String
    Name of user account that created the policy.
    autoScanConfigured Boolean
    autoScanEnabled Boolean
    autoScanTimes List<FunctionAssurancePolicyAutoScanTime>
    blacklistPermissions List<String>
    List of function's forbidden permissions.
    blacklistPermissionsEnabled Boolean
    Indicates if blacklist permissions is relevant.
    blacklistedLicenses List<String>
    List of blacklisted licenses.
    blacklistedLicensesEnabled Boolean
    Indicates if license blacklist is relevant.
    blockFailed Boolean
    Indicates if failed images are blocked.
    controlExcludeNoFix Boolean
    customChecks List<FunctionAssurancePolicyCustomCheck>
    List of Custom user scripts for checks.
    customChecksEnabled Boolean
    Indicates if scanning should include custom checks.
    customSeverity String
    customSeverityEnabled Boolean
    cvesBlackListEnabled Boolean
    Indicates if CVEs blacklist is relevant.
    cvesBlackLists List<String>
    List of CVEs blacklisted items.
    cvesWhiteListEnabled Boolean
    Indicates if CVEs whitelist is relevant.
    cvesWhiteLists List<String>
    List of cves whitelisted licenses
    cvssSeverity String
    Identifier of the cvss severity.
    cvssSeverityEnabled Boolean
    Indicates if the cvss severity is scanned.
    cvssSeverityExcludeNoFix Boolean
    Indicates that policy should ignore cvss cases that do not have a known fix.
    description String
    disallowExploitTypes List<String>
    disallowMalware Boolean
    Indicates if malware should block the image.
    dockerCisEnabled Boolean
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    domain String
    Name of the container image.
    domainName String
    dtaEnabled Boolean
    dtaSeverity String
    enabled Boolean
    enforce Boolean
    enforceAfterDays Integer
    enforceExcessivePermissions Boolean
    exceptionalMonitoredMalwarePaths List<String>
    excludeApplicationScopes List<String>
    failCicd Boolean
    Indicates if cicd failures will fail the image.
    forbiddenLabels List<FunctionAssurancePolicyForbiddenLabel>
    forbiddenLabelsEnabled Boolean
    forceMicroenforcer Boolean
    functionIntegrityEnabled Boolean
    ignoreBaseImageVln Boolean
    ignoreRecentlyPublishedVln Boolean
    ignoreRecentlyPublishedVlnPeriod Integer
    ignoreRiskResourcesEnabled Boolean
    Indicates if risk resources are ignored.
    ignoredRiskResources List<String>
    List of ignored risk resources.
    ignoredSensitiveResources List<String>
    images List<String>
    List of images.
    kubeCisEnabled Boolean
    Performs a Kubernetes CIS benchmark check for the host.
    kubernetesControls List<FunctionAssurancePolicyKubernetesControl>
    List of Kubernetes controls.
    kubernetesControlsAvdIds List<String>
    kubernetesControlsNames List<String>
    labels List<String>
    List of labels.
    lastupdate String
    linuxCisEnabled Boolean
    malwareAction String
    maximumScore Double
    Value of allowed maximum score.
    maximumScoreEnabled Boolean
    Indicates if exceeding the maximum score is scanned.
    maximumScoreExcludeNoFix Boolean
    monitoredMalwarePaths List<String>
    name String
    onlyNoneRootUsers Boolean
    Indicates if raise a warning for images that should only be run as root.
    openshiftHardeningEnabled Boolean
    packagesBlackListEnabled Boolean
    Indicates if packages blacklist is relevant.
    packagesBlackLists List<FunctionAssurancePolicyPackagesBlackList>
    List of blacklisted images.
    packagesWhiteListEnabled Boolean
    Indicates if packages whitelist is relevant.
    packagesWhiteLists List<FunctionAssurancePolicyPackagesWhiteList>
    List of whitelisted images.
    partialResultsImageFail Boolean
    permission String
    policySettings FunctionAssurancePolicyPolicySettings
    readOnly Boolean
    registries List<String>
    List of registries.
    registry String
    requiredLabels List<FunctionAssurancePolicyRequiredLabel>
    requiredLabelsEnabled Boolean
    scanMalwareInArchives Boolean
    scanNfsMounts Boolean
    scanProcessMemory Boolean
    scanSensitiveData Boolean
    Indicates if scan should include sensitive data in the image.
    scanWindowsRegistry Boolean
    scapEnabled Boolean
    Indicates if scanning should include scap.
    scapFiles List<String>
    List of SCAP user scripts for checks.
    scopes List<FunctionAssurancePolicyScope>
    trustedBaseImages List<FunctionAssurancePolicyTrustedBaseImage>
    List of trusted images.
    trustedBaseImagesEnabled Boolean
    Indicates if list of trusted base images is relevant.
    vulnerabilityExploitability Boolean
    vulnerabilityScoreRanges List<Integer>
    whitelistedLicenses List<String>
    List of whitelisted licenses.
    whitelistedLicensesEnabled Boolean
    Indicates if license blacklist is relevant.
    applicationScopes string[]
    aggregatedVulnerability {[key: string]: string}
    Aggregated vulnerability information.
    allowedImages string[]
    List of explicitly allowed images.
    assuranceType string
    What type of assurance policy is described.
    auditOnFailure boolean
    Indicates if auditing for failures.
    author string
    Name of user account that created the policy.
    autoScanConfigured boolean
    autoScanEnabled boolean
    autoScanTimes FunctionAssurancePolicyAutoScanTime[]
    blacklistPermissions string[]
    List of function's forbidden permissions.
    blacklistPermissionsEnabled boolean
    Indicates if blacklist permissions is relevant.
    blacklistedLicenses string[]
    List of blacklisted licenses.
    blacklistedLicensesEnabled boolean
    Indicates if license blacklist is relevant.
    blockFailed boolean
    Indicates if failed images are blocked.
    controlExcludeNoFix boolean
    customChecks FunctionAssurancePolicyCustomCheck[]
    List of Custom user scripts for checks.
    customChecksEnabled boolean
    Indicates if scanning should include custom checks.
    customSeverity string
    customSeverityEnabled boolean
    cvesBlackListEnabled boolean
    Indicates if CVEs blacklist is relevant.
    cvesBlackLists string[]
    List of CVEs blacklisted items.
    cvesWhiteListEnabled boolean
    Indicates if CVEs whitelist is relevant.
    cvesWhiteLists string[]
    List of cves whitelisted licenses
    cvssSeverity string
    Identifier of the cvss severity.
    cvssSeverityEnabled boolean
    Indicates if the cvss severity is scanned.
    cvssSeverityExcludeNoFix boolean
    Indicates that policy should ignore cvss cases that do not have a known fix.
    description string
    disallowExploitTypes string[]
    disallowMalware boolean
    Indicates if malware should block the image.
    dockerCisEnabled boolean
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    domain string
    Name of the container image.
    domainName string
    dtaEnabled boolean
    dtaSeverity string
    enabled boolean
    enforce boolean
    enforceAfterDays number
    enforceExcessivePermissions boolean
    exceptionalMonitoredMalwarePaths string[]
    excludeApplicationScopes string[]
    failCicd boolean
    Indicates if cicd failures will fail the image.
    forbiddenLabels FunctionAssurancePolicyForbiddenLabel[]
    forbiddenLabelsEnabled boolean
    forceMicroenforcer boolean
    functionIntegrityEnabled boolean
    ignoreBaseImageVln boolean
    ignoreRecentlyPublishedVln boolean
    ignoreRecentlyPublishedVlnPeriod number
    ignoreRiskResourcesEnabled boolean
    Indicates if risk resources are ignored.
    ignoredRiskResources string[]
    List of ignored risk resources.
    ignoredSensitiveResources string[]
    images string[]
    List of images.
    kubeCisEnabled boolean
    Performs a Kubernetes CIS benchmark check for the host.
    kubernetesControls FunctionAssurancePolicyKubernetesControl[]
    List of Kubernetes controls.
    kubernetesControlsAvdIds string[]
    kubernetesControlsNames string[]
    labels string[]
    List of labels.
    lastupdate string
    linuxCisEnabled boolean
    malwareAction string
    maximumScore number
    Value of allowed maximum score.
    maximumScoreEnabled boolean
    Indicates if exceeding the maximum score is scanned.
    maximumScoreExcludeNoFix boolean
    monitoredMalwarePaths string[]
    name string
    onlyNoneRootUsers boolean
    Indicates if raise a warning for images that should only be run as root.
    openshiftHardeningEnabled boolean
    packagesBlackListEnabled boolean
    Indicates if packages blacklist is relevant.
    packagesBlackLists FunctionAssurancePolicyPackagesBlackList[]
    List of blacklisted images.
    packagesWhiteListEnabled boolean
    Indicates if packages whitelist is relevant.
    packagesWhiteLists FunctionAssurancePolicyPackagesWhiteList[]
    List of whitelisted images.
    partialResultsImageFail boolean
    permission string
    policySettings FunctionAssurancePolicyPolicySettings
    readOnly boolean
    registries string[]
    List of registries.
    registry string
    requiredLabels FunctionAssurancePolicyRequiredLabel[]
    requiredLabelsEnabled boolean
    scanMalwareInArchives boolean
    scanNfsMounts boolean
    scanProcessMemory boolean
    scanSensitiveData boolean
    Indicates if scan should include sensitive data in the image.
    scanWindowsRegistry boolean
    scapEnabled boolean
    Indicates if scanning should include scap.
    scapFiles string[]
    List of SCAP user scripts for checks.
    scopes FunctionAssurancePolicyScope[]
    trustedBaseImages FunctionAssurancePolicyTrustedBaseImage[]
    List of trusted images.
    trustedBaseImagesEnabled boolean
    Indicates if list of trusted base images is relevant.
    vulnerabilityExploitability boolean
    vulnerabilityScoreRanges number[]
    whitelistedLicenses string[]
    List of whitelisted licenses.
    whitelistedLicensesEnabled boolean
    Indicates if license blacklist is relevant.
    application_scopes Sequence[str]
    aggregated_vulnerability Mapping[str, str]
    Aggregated vulnerability information.
    allowed_images Sequence[str]
    List of explicitly allowed images.
    assurance_type str
    What type of assurance policy is described.
    audit_on_failure bool
    Indicates if auditing for failures.
    author str
    Name of user account that created the policy.
    auto_scan_configured bool
    auto_scan_enabled bool
    auto_scan_times Sequence[FunctionAssurancePolicyAutoScanTimeArgs]
    blacklist_permissions Sequence[str]
    List of function's forbidden permissions.
    blacklist_permissions_enabled bool
    Indicates if blacklist permissions is relevant.
    blacklisted_licenses Sequence[str]
    List of blacklisted licenses.
    blacklisted_licenses_enabled bool
    Indicates if license blacklist is relevant.
    block_failed bool
    Indicates if failed images are blocked.
    control_exclude_no_fix bool
    custom_checks Sequence[FunctionAssurancePolicyCustomCheckArgs]
    List of Custom user scripts for checks.
    custom_checks_enabled bool
    Indicates if scanning should include custom checks.
    custom_severity str
    custom_severity_enabled bool
    cves_black_list_enabled bool
    Indicates if CVEs blacklist is relevant.
    cves_black_lists Sequence[str]
    List of CVEs blacklisted items.
    cves_white_list_enabled bool
    Indicates if CVEs whitelist is relevant.
    cves_white_lists Sequence[str]
    List of cves whitelisted licenses
    cvss_severity str
    Identifier of the cvss severity.
    cvss_severity_enabled bool
    Indicates if the cvss severity is scanned.
    cvss_severity_exclude_no_fix bool
    Indicates that policy should ignore cvss cases that do not have a known fix.
    description str
    disallow_exploit_types Sequence[str]
    disallow_malware bool
    Indicates if malware should block the image.
    docker_cis_enabled bool
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    domain str
    Name of the container image.
    domain_name str
    dta_enabled bool
    dta_severity str
    enabled bool
    enforce bool
    enforce_after_days int
    enforce_excessive_permissions bool
    exceptional_monitored_malware_paths Sequence[str]
    exclude_application_scopes Sequence[str]
    fail_cicd bool
    Indicates if cicd failures will fail the image.
    forbidden_labels Sequence[FunctionAssurancePolicyForbiddenLabelArgs]
    forbidden_labels_enabled bool
    force_microenforcer bool
    function_integrity_enabled bool
    ignore_base_image_vln bool
    ignore_recently_published_vln bool
    ignore_recently_published_vln_period int
    ignore_risk_resources_enabled bool
    Indicates if risk resources are ignored.
    ignored_risk_resources Sequence[str]
    List of ignored risk resources.
    ignored_sensitive_resources Sequence[str]
    images Sequence[str]
    List of images.
    kube_cis_enabled bool
    Performs a Kubernetes CIS benchmark check for the host.
    kubernetes_controls Sequence[FunctionAssurancePolicyKubernetesControlArgs]
    List of Kubernetes controls.
    kubernetes_controls_avd_ids Sequence[str]
    kubernetes_controls_names Sequence[str]
    labels Sequence[str]
    List of labels.
    lastupdate str
    linux_cis_enabled bool
    malware_action str
    maximum_score float
    Value of allowed maximum score.
    maximum_score_enabled bool
    Indicates if exceeding the maximum score is scanned.
    maximum_score_exclude_no_fix bool
    monitored_malware_paths Sequence[str]
    name str
    only_none_root_users bool
    Indicates if raise a warning for images that should only be run as root.
    openshift_hardening_enabled bool
    packages_black_list_enabled bool
    Indicates if packages blacklist is relevant.
    packages_black_lists Sequence[FunctionAssurancePolicyPackagesBlackListArgs]
    List of blacklisted images.
    packages_white_list_enabled bool
    Indicates if packages whitelist is relevant.
    packages_white_lists Sequence[FunctionAssurancePolicyPackagesWhiteListArgs]
    List of whitelisted images.
    partial_results_image_fail bool
    permission str
    policy_settings FunctionAssurancePolicyPolicySettingsArgs
    read_only bool
    registries Sequence[str]
    List of registries.
    registry str
    required_labels Sequence[FunctionAssurancePolicyRequiredLabelArgs]
    required_labels_enabled bool
    scan_malware_in_archives bool
    scan_nfs_mounts bool
    scan_process_memory bool
    scan_sensitive_data bool
    Indicates if scan should include sensitive data in the image.
    scan_windows_registry bool
    scap_enabled bool
    Indicates if scanning should include scap.
    scap_files Sequence[str]
    List of SCAP user scripts for checks.
    scopes Sequence[FunctionAssurancePolicyScopeArgs]
    trusted_base_images Sequence[FunctionAssurancePolicyTrustedBaseImageArgs]
    List of trusted images.
    trusted_base_images_enabled bool
    Indicates if list of trusted base images is relevant.
    vulnerability_exploitability bool
    vulnerability_score_ranges Sequence[int]
    whitelisted_licenses Sequence[str]
    List of whitelisted licenses.
    whitelisted_licenses_enabled bool
    Indicates if license blacklist is relevant.
    applicationScopes List<String>
    aggregatedVulnerability Map<String>
    Aggregated vulnerability information.
    allowedImages List<String>
    List of explicitly allowed images.
    assuranceType String
    What type of assurance policy is described.
    auditOnFailure Boolean
    Indicates if auditing for failures.
    author String
    Name of user account that created the policy.
    autoScanConfigured Boolean
    autoScanEnabled Boolean
    autoScanTimes List<Property Map>
    blacklistPermissions List<String>
    List of function's forbidden permissions.
    blacklistPermissionsEnabled Boolean
    Indicates if blacklist permissions is relevant.
    blacklistedLicenses List<String>
    List of blacklisted licenses.
    blacklistedLicensesEnabled Boolean
    Indicates if license blacklist is relevant.
    blockFailed Boolean
    Indicates if failed images are blocked.
    controlExcludeNoFix Boolean
    customChecks List<Property Map>
    List of Custom user scripts for checks.
    customChecksEnabled Boolean
    Indicates if scanning should include custom checks.
    customSeverity String
    customSeverityEnabled Boolean
    cvesBlackListEnabled Boolean
    Indicates if CVEs blacklist is relevant.
    cvesBlackLists List<String>
    List of CVEs blacklisted items.
    cvesWhiteListEnabled Boolean
    Indicates if CVEs whitelist is relevant.
    cvesWhiteLists List<String>
    List of cves whitelisted licenses
    cvssSeverity String
    Identifier of the cvss severity.
    cvssSeverityEnabled Boolean
    Indicates if the cvss severity is scanned.
    cvssSeverityExcludeNoFix Boolean
    Indicates that policy should ignore cvss cases that do not have a known fix.
    description String
    disallowExploitTypes List<String>
    disallowMalware Boolean
    Indicates if malware should block the image.
    dockerCisEnabled Boolean
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    domain String
    Name of the container image.
    domainName String
    dtaEnabled Boolean
    dtaSeverity String
    enabled Boolean
    enforce Boolean
    enforceAfterDays Number
    enforceExcessivePermissions Boolean
    exceptionalMonitoredMalwarePaths List<String>
    excludeApplicationScopes List<String>
    failCicd Boolean
    Indicates if cicd failures will fail the image.
    forbiddenLabels List<Property Map>
    forbiddenLabelsEnabled Boolean
    forceMicroenforcer Boolean
    functionIntegrityEnabled Boolean
    ignoreBaseImageVln Boolean
    ignoreRecentlyPublishedVln Boolean
    ignoreRecentlyPublishedVlnPeriod Number
    ignoreRiskResourcesEnabled Boolean
    Indicates if risk resources are ignored.
    ignoredRiskResources List<String>
    List of ignored risk resources.
    ignoredSensitiveResources List<String>
    images List<String>
    List of images.
    kubeCisEnabled Boolean
    Performs a Kubernetes CIS benchmark check for the host.
    kubernetesControls List<Property Map>
    List of Kubernetes controls.
    kubernetesControlsAvdIds List<String>
    kubernetesControlsNames List<String>
    labels List<String>
    List of labels.
    lastupdate String
    linuxCisEnabled Boolean
    malwareAction String
    maximumScore Number
    Value of allowed maximum score.
    maximumScoreEnabled Boolean
    Indicates if exceeding the maximum score is scanned.
    maximumScoreExcludeNoFix Boolean
    monitoredMalwarePaths List<String>
    name String
    onlyNoneRootUsers Boolean
    Indicates if raise a warning for images that should only be run as root.
    openshiftHardeningEnabled Boolean
    packagesBlackListEnabled Boolean
    Indicates if packages blacklist is relevant.
    packagesBlackLists List<Property Map>
    List of blacklisted images.
    packagesWhiteListEnabled Boolean
    Indicates if packages whitelist is relevant.
    packagesWhiteLists List<Property Map>
    List of whitelisted images.
    partialResultsImageFail Boolean
    permission String
    policySettings Property Map
    readOnly Boolean
    registries List<String>
    List of registries.
    registry String
    requiredLabels List<Property Map>
    requiredLabelsEnabled Boolean
    scanMalwareInArchives Boolean
    scanNfsMounts Boolean
    scanProcessMemory Boolean
    scanSensitiveData Boolean
    Indicates if scan should include sensitive data in the image.
    scanWindowsRegistry Boolean
    scapEnabled Boolean
    Indicates if scanning should include scap.
    scapFiles List<String>
    List of SCAP user scripts for checks.
    scopes List<Property Map>
    trustedBaseImages List<Property Map>
    List of trusted images.
    trustedBaseImagesEnabled Boolean
    Indicates if list of trusted base images is relevant.
    vulnerabilityExploitability Boolean
    vulnerabilityScoreRanges List<Number>
    whitelistedLicenses List<String>
    List of whitelisted licenses.
    whitelistedLicensesEnabled Boolean
    Indicates if license blacklist is relevant.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the FunctionAssurancePolicy resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing FunctionAssurancePolicy Resource

    Get an existing FunctionAssurancePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: FunctionAssurancePolicyState, opts?: CustomResourceOptions): FunctionAssurancePolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            aggregated_vulnerability: Optional[Mapping[str, str]] = None,
            allowed_images: Optional[Sequence[str]] = None,
            application_scopes: Optional[Sequence[str]] = None,
            assurance_type: Optional[str] = None,
            audit_on_failure: Optional[bool] = None,
            author: Optional[str] = None,
            auto_scan_configured: Optional[bool] = None,
            auto_scan_enabled: Optional[bool] = None,
            auto_scan_times: Optional[Sequence[FunctionAssurancePolicyAutoScanTimeArgs]] = None,
            blacklist_permissions: Optional[Sequence[str]] = None,
            blacklist_permissions_enabled: Optional[bool] = None,
            blacklisted_licenses: Optional[Sequence[str]] = None,
            blacklisted_licenses_enabled: Optional[bool] = None,
            block_failed: Optional[bool] = None,
            control_exclude_no_fix: Optional[bool] = None,
            custom_checks: Optional[Sequence[FunctionAssurancePolicyCustomCheckArgs]] = None,
            custom_checks_enabled: Optional[bool] = None,
            custom_severity: Optional[str] = None,
            custom_severity_enabled: Optional[bool] = None,
            cves_black_list_enabled: Optional[bool] = None,
            cves_black_lists: Optional[Sequence[str]] = None,
            cves_white_list_enabled: Optional[bool] = None,
            cves_white_lists: Optional[Sequence[str]] = None,
            cvss_severity: Optional[str] = None,
            cvss_severity_enabled: Optional[bool] = None,
            cvss_severity_exclude_no_fix: Optional[bool] = None,
            description: Optional[str] = None,
            disallow_exploit_types: Optional[Sequence[str]] = None,
            disallow_malware: Optional[bool] = None,
            docker_cis_enabled: Optional[bool] = None,
            domain: Optional[str] = None,
            domain_name: Optional[str] = None,
            dta_enabled: Optional[bool] = None,
            dta_severity: Optional[str] = None,
            enabled: Optional[bool] = None,
            enforce: Optional[bool] = None,
            enforce_after_days: Optional[int] = None,
            enforce_excessive_permissions: Optional[bool] = None,
            exceptional_monitored_malware_paths: Optional[Sequence[str]] = None,
            exclude_application_scopes: Optional[Sequence[str]] = None,
            fail_cicd: Optional[bool] = None,
            forbidden_labels: Optional[Sequence[FunctionAssurancePolicyForbiddenLabelArgs]] = None,
            forbidden_labels_enabled: Optional[bool] = None,
            force_microenforcer: Optional[bool] = None,
            function_integrity_enabled: Optional[bool] = None,
            ignore_base_image_vln: Optional[bool] = None,
            ignore_recently_published_vln: Optional[bool] = None,
            ignore_recently_published_vln_period: Optional[int] = None,
            ignore_risk_resources_enabled: Optional[bool] = None,
            ignored_risk_resources: Optional[Sequence[str]] = None,
            ignored_sensitive_resources: Optional[Sequence[str]] = None,
            images: Optional[Sequence[str]] = None,
            kube_cis_enabled: Optional[bool] = None,
            kubernetes_controls: Optional[Sequence[FunctionAssurancePolicyKubernetesControlArgs]] = None,
            kubernetes_controls_avd_ids: Optional[Sequence[str]] = None,
            kubernetes_controls_names: Optional[Sequence[str]] = None,
            labels: Optional[Sequence[str]] = None,
            lastupdate: Optional[str] = None,
            linux_cis_enabled: Optional[bool] = None,
            malware_action: Optional[str] = None,
            maximum_score: Optional[float] = None,
            maximum_score_enabled: Optional[bool] = None,
            maximum_score_exclude_no_fix: Optional[bool] = None,
            monitored_malware_paths: Optional[Sequence[str]] = None,
            name: Optional[str] = None,
            only_none_root_users: Optional[bool] = None,
            openshift_hardening_enabled: Optional[bool] = None,
            packages_black_list_enabled: Optional[bool] = None,
            packages_black_lists: Optional[Sequence[FunctionAssurancePolicyPackagesBlackListArgs]] = None,
            packages_white_list_enabled: Optional[bool] = None,
            packages_white_lists: Optional[Sequence[FunctionAssurancePolicyPackagesWhiteListArgs]] = None,
            partial_results_image_fail: Optional[bool] = None,
            permission: Optional[str] = None,
            policy_settings: Optional[FunctionAssurancePolicyPolicySettingsArgs] = None,
            read_only: Optional[bool] = None,
            registries: Optional[Sequence[str]] = None,
            registry: Optional[str] = None,
            required_labels: Optional[Sequence[FunctionAssurancePolicyRequiredLabelArgs]] = None,
            required_labels_enabled: Optional[bool] = None,
            scan_malware_in_archives: Optional[bool] = None,
            scan_nfs_mounts: Optional[bool] = None,
            scan_process_memory: Optional[bool] = None,
            scan_sensitive_data: Optional[bool] = None,
            scan_windows_registry: Optional[bool] = None,
            scap_enabled: Optional[bool] = None,
            scap_files: Optional[Sequence[str]] = None,
            scopes: Optional[Sequence[FunctionAssurancePolicyScopeArgs]] = None,
            trusted_base_images: Optional[Sequence[FunctionAssurancePolicyTrustedBaseImageArgs]] = None,
            trusted_base_images_enabled: Optional[bool] = None,
            vulnerability_exploitability: Optional[bool] = None,
            vulnerability_score_ranges: Optional[Sequence[int]] = None,
            whitelisted_licenses: Optional[Sequence[str]] = None,
            whitelisted_licenses_enabled: Optional[bool] = None) -> FunctionAssurancePolicy
    func GetFunctionAssurancePolicy(ctx *Context, name string, id IDInput, state *FunctionAssurancePolicyState, opts ...ResourceOption) (*FunctionAssurancePolicy, error)
    public static FunctionAssurancePolicy Get(string name, Input<string> id, FunctionAssurancePolicyState? state, CustomResourceOptions? opts = null)
    public static FunctionAssurancePolicy get(String name, Output<String> id, FunctionAssurancePolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AggregatedVulnerability Dictionary<string, string>
    Aggregated vulnerability information.
    AllowedImages List<string>
    List of explicitly allowed images.
    ApplicationScopes List<string>
    AssuranceType string
    What type of assurance policy is described.
    AuditOnFailure bool
    Indicates if auditing for failures.
    Author string
    Name of user account that created the policy.
    AutoScanConfigured bool
    AutoScanEnabled bool
    AutoScanTimes List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyAutoScanTime>
    BlacklistPermissions List<string>
    List of function's forbidden permissions.
    BlacklistPermissionsEnabled bool
    Indicates if blacklist permissions is relevant.
    BlacklistedLicenses List<string>
    List of blacklisted licenses.
    BlacklistedLicensesEnabled bool
    Indicates if license blacklist is relevant.
    BlockFailed bool
    Indicates if failed images are blocked.
    ControlExcludeNoFix bool
    CustomChecks List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyCustomCheck>
    List of Custom user scripts for checks.
    CustomChecksEnabled bool
    Indicates if scanning should include custom checks.
    CustomSeverity string
    CustomSeverityEnabled bool
    CvesBlackListEnabled bool
    Indicates if CVEs blacklist is relevant.
    CvesBlackLists List<string>
    List of CVEs blacklisted items.
    CvesWhiteListEnabled bool
    Indicates if CVEs whitelist is relevant.
    CvesWhiteLists List<string>
    List of cves whitelisted licenses
    CvssSeverity string
    Identifier of the cvss severity.
    CvssSeverityEnabled bool
    Indicates if the cvss severity is scanned.
    CvssSeverityExcludeNoFix bool
    Indicates that policy should ignore cvss cases that do not have a known fix.
    Description string
    DisallowExploitTypes List<string>
    DisallowMalware bool
    Indicates if malware should block the image.
    DockerCisEnabled bool
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    Domain string
    Name of the container image.
    DomainName string
    DtaEnabled bool
    DtaSeverity string
    Enabled bool
    Enforce bool
    EnforceAfterDays int
    EnforceExcessivePermissions bool
    ExceptionalMonitoredMalwarePaths List<string>
    ExcludeApplicationScopes List<string>
    FailCicd bool
    Indicates if cicd failures will fail the image.
    ForbiddenLabels List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyForbiddenLabel>
    ForbiddenLabelsEnabled bool
    ForceMicroenforcer bool
    FunctionIntegrityEnabled bool
    IgnoreBaseImageVln bool
    IgnoreRecentlyPublishedVln bool
    IgnoreRecentlyPublishedVlnPeriod int
    IgnoreRiskResourcesEnabled bool
    Indicates if risk resources are ignored.
    IgnoredRiskResources List<string>
    List of ignored risk resources.
    IgnoredSensitiveResources List<string>
    Images List<string>
    List of images.
    KubeCisEnabled bool
    Performs a Kubernetes CIS benchmark check for the host.
    KubernetesControls List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyKubernetesControl>
    List of Kubernetes controls.
    KubernetesControlsAvdIds List<string>
    KubernetesControlsNames List<string>
    Labels List<string>
    List of labels.
    Lastupdate string
    LinuxCisEnabled bool
    MalwareAction string
    MaximumScore double
    Value of allowed maximum score.
    MaximumScoreEnabled bool
    Indicates if exceeding the maximum score is scanned.
    MaximumScoreExcludeNoFix bool
    MonitoredMalwarePaths List<string>
    Name string
    OnlyNoneRootUsers bool
    Indicates if raise a warning for images that should only be run as root.
    OpenshiftHardeningEnabled bool
    PackagesBlackListEnabled bool
    Indicates if packages blacklist is relevant.
    PackagesBlackLists List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyPackagesBlackList>
    List of blacklisted images.
    PackagesWhiteListEnabled bool
    Indicates if packages whitelist is relevant.
    PackagesWhiteLists List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyPackagesWhiteList>
    List of whitelisted images.
    PartialResultsImageFail bool
    Permission string
    PolicySettings Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyPolicySettings
    ReadOnly bool
    Registries List<string>
    List of registries.
    Registry string
    RequiredLabels List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyRequiredLabel>
    RequiredLabelsEnabled bool
    ScanMalwareInArchives bool
    ScanNfsMounts bool
    ScanProcessMemory bool
    ScanSensitiveData bool
    Indicates if scan should include sensitive data in the image.
    ScanWindowsRegistry bool
    ScapEnabled bool
    Indicates if scanning should include scap.
    ScapFiles List<string>
    List of SCAP user scripts for checks.
    Scopes List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyScope>
    TrustedBaseImages List<Pulumiverse.Aquasec.Inputs.FunctionAssurancePolicyTrustedBaseImage>
    List of trusted images.
    TrustedBaseImagesEnabled bool
    Indicates if list of trusted base images is relevant.
    VulnerabilityExploitability bool
    VulnerabilityScoreRanges List<int>
    WhitelistedLicenses List<string>
    List of whitelisted licenses.
    WhitelistedLicensesEnabled bool
    Indicates if license blacklist is relevant.
    AggregatedVulnerability map[string]string
    Aggregated vulnerability information.
    AllowedImages []string
    List of explicitly allowed images.
    ApplicationScopes []string
    AssuranceType string
    What type of assurance policy is described.
    AuditOnFailure bool
    Indicates if auditing for failures.
    Author string
    Name of user account that created the policy.
    AutoScanConfigured bool
    AutoScanEnabled bool
    AutoScanTimes []FunctionAssurancePolicyAutoScanTimeArgs
    BlacklistPermissions []string
    List of function's forbidden permissions.
    BlacklistPermissionsEnabled bool
    Indicates if blacklist permissions is relevant.
    BlacklistedLicenses []string
    List of blacklisted licenses.
    BlacklistedLicensesEnabled bool
    Indicates if license blacklist is relevant.
    BlockFailed bool
    Indicates if failed images are blocked.
    ControlExcludeNoFix bool
    CustomChecks []FunctionAssurancePolicyCustomCheckArgs
    List of Custom user scripts for checks.
    CustomChecksEnabled bool
    Indicates if scanning should include custom checks.
    CustomSeverity string
    CustomSeverityEnabled bool
    CvesBlackListEnabled bool
    Indicates if CVEs blacklist is relevant.
    CvesBlackLists []string
    List of CVEs blacklisted items.
    CvesWhiteListEnabled bool
    Indicates if CVEs whitelist is relevant.
    CvesWhiteLists []string
    List of cves whitelisted licenses
    CvssSeverity string
    Identifier of the cvss severity.
    CvssSeverityEnabled bool
    Indicates if the cvss severity is scanned.
    CvssSeverityExcludeNoFix bool
    Indicates that policy should ignore cvss cases that do not have a known fix.
    Description string
    DisallowExploitTypes []string
    DisallowMalware bool
    Indicates if malware should block the image.
    DockerCisEnabled bool
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    Domain string
    Name of the container image.
    DomainName string
    DtaEnabled bool
    DtaSeverity string
    Enabled bool
    Enforce bool
    EnforceAfterDays int
    EnforceExcessivePermissions bool
    ExceptionalMonitoredMalwarePaths []string
    ExcludeApplicationScopes []string
    FailCicd bool
    Indicates if cicd failures will fail the image.
    ForbiddenLabels []FunctionAssurancePolicyForbiddenLabelArgs
    ForbiddenLabelsEnabled bool
    ForceMicroenforcer bool
    FunctionIntegrityEnabled bool
    IgnoreBaseImageVln bool
    IgnoreRecentlyPublishedVln bool
    IgnoreRecentlyPublishedVlnPeriod int
    IgnoreRiskResourcesEnabled bool
    Indicates if risk resources are ignored.
    IgnoredRiskResources []string
    List of ignored risk resources.
    IgnoredSensitiveResources []string
    Images []string
    List of images.
    KubeCisEnabled bool
    Performs a Kubernetes CIS benchmark check for the host.
    KubernetesControls []FunctionAssurancePolicyKubernetesControlArgs
    List of Kubernetes controls.
    KubernetesControlsAvdIds []string
    KubernetesControlsNames []string
    Labels []string
    List of labels.
    Lastupdate string
    LinuxCisEnabled bool
    MalwareAction string
    MaximumScore float64
    Value of allowed maximum score.
    MaximumScoreEnabled bool
    Indicates if exceeding the maximum score is scanned.
    MaximumScoreExcludeNoFix bool
    MonitoredMalwarePaths []string
    Name string
    OnlyNoneRootUsers bool
    Indicates if raise a warning for images that should only be run as root.
    OpenshiftHardeningEnabled bool
    PackagesBlackListEnabled bool
    Indicates if packages blacklist is relevant.
    PackagesBlackLists []FunctionAssurancePolicyPackagesBlackListArgs
    List of blacklisted images.
    PackagesWhiteListEnabled bool
    Indicates if packages whitelist is relevant.
    PackagesWhiteLists []FunctionAssurancePolicyPackagesWhiteListArgs
    List of whitelisted images.
    PartialResultsImageFail bool
    Permission string
    PolicySettings FunctionAssurancePolicyPolicySettingsArgs
    ReadOnly bool
    Registries []string
    List of registries.
    Registry string
    RequiredLabels []FunctionAssurancePolicyRequiredLabelArgs
    RequiredLabelsEnabled bool
    ScanMalwareInArchives bool
    ScanNfsMounts bool
    ScanProcessMemory bool
    ScanSensitiveData bool
    Indicates if scan should include sensitive data in the image.
    ScanWindowsRegistry bool
    ScapEnabled bool
    Indicates if scanning should include scap.
    ScapFiles []string
    List of SCAP user scripts for checks.
    Scopes []FunctionAssurancePolicyScopeArgs
    TrustedBaseImages []FunctionAssurancePolicyTrustedBaseImageArgs
    List of trusted images.
    TrustedBaseImagesEnabled bool
    Indicates if list of trusted base images is relevant.
    VulnerabilityExploitability bool
    VulnerabilityScoreRanges []int
    WhitelistedLicenses []string
    List of whitelisted licenses.
    WhitelistedLicensesEnabled bool
    Indicates if license blacklist is relevant.
    aggregatedVulnerability Map<String,String>
    Aggregated vulnerability information.
    allowedImages List<String>
    List of explicitly allowed images.
    applicationScopes List<String>
    assuranceType String
    What type of assurance policy is described.
    auditOnFailure Boolean
    Indicates if auditing for failures.
    author String
    Name of user account that created the policy.
    autoScanConfigured Boolean
    autoScanEnabled Boolean
    autoScanTimes List<FunctionAssurancePolicyAutoScanTime>
    blacklistPermissions List<String>
    List of function's forbidden permissions.
    blacklistPermissionsEnabled Boolean
    Indicates if blacklist permissions is relevant.
    blacklistedLicenses List<String>
    List of blacklisted licenses.
    blacklistedLicensesEnabled Boolean
    Indicates if license blacklist is relevant.
    blockFailed Boolean
    Indicates if failed images are blocked.
    controlExcludeNoFix Boolean
    customChecks List<FunctionAssurancePolicyCustomCheck>
    List of Custom user scripts for checks.
    customChecksEnabled Boolean
    Indicates if scanning should include custom checks.
    customSeverity String
    customSeverityEnabled Boolean
    cvesBlackListEnabled Boolean
    Indicates if CVEs blacklist is relevant.
    cvesBlackLists List<String>
    List of CVEs blacklisted items.
    cvesWhiteListEnabled Boolean
    Indicates if CVEs whitelist is relevant.
    cvesWhiteLists List<String>
    List of cves whitelisted licenses
    cvssSeverity String
    Identifier of the cvss severity.
    cvssSeverityEnabled Boolean
    Indicates if the cvss severity is scanned.
    cvssSeverityExcludeNoFix Boolean
    Indicates that policy should ignore cvss cases that do not have a known fix.
    description String
    disallowExploitTypes List<String>
    disallowMalware Boolean
    Indicates if malware should block the image.
    dockerCisEnabled Boolean
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    domain String
    Name of the container image.
    domainName String
    dtaEnabled Boolean
    dtaSeverity String
    enabled Boolean
    enforce Boolean
    enforceAfterDays Integer
    enforceExcessivePermissions Boolean
    exceptionalMonitoredMalwarePaths List<String>
    excludeApplicationScopes List<String>
    failCicd Boolean
    Indicates if cicd failures will fail the image.
    forbiddenLabels List<FunctionAssurancePolicyForbiddenLabel>
    forbiddenLabelsEnabled Boolean
    forceMicroenforcer Boolean
    functionIntegrityEnabled Boolean
    ignoreBaseImageVln Boolean
    ignoreRecentlyPublishedVln Boolean
    ignoreRecentlyPublishedVlnPeriod Integer
    ignoreRiskResourcesEnabled Boolean
    Indicates if risk resources are ignored.
    ignoredRiskResources List<String>
    List of ignored risk resources.
    ignoredSensitiveResources List<String>
    images List<String>
    List of images.
    kubeCisEnabled Boolean
    Performs a Kubernetes CIS benchmark check for the host.
    kubernetesControls List<FunctionAssurancePolicyKubernetesControl>
    List of Kubernetes controls.
    kubernetesControlsAvdIds List<String>
    kubernetesControlsNames List<String>
    labels List<String>
    List of labels.
    lastupdate String
    linuxCisEnabled Boolean
    malwareAction String
    maximumScore Double
    Value of allowed maximum score.
    maximumScoreEnabled Boolean
    Indicates if exceeding the maximum score is scanned.
    maximumScoreExcludeNoFix Boolean
    monitoredMalwarePaths List<String>
    name String
    onlyNoneRootUsers Boolean
    Indicates if raise a warning for images that should only be run as root.
    openshiftHardeningEnabled Boolean
    packagesBlackListEnabled Boolean
    Indicates if packages blacklist is relevant.
    packagesBlackLists List<FunctionAssurancePolicyPackagesBlackList>
    List of blacklisted images.
    packagesWhiteListEnabled Boolean
    Indicates if packages whitelist is relevant.
    packagesWhiteLists List<FunctionAssurancePolicyPackagesWhiteList>
    List of whitelisted images.
    partialResultsImageFail Boolean
    permission String
    policySettings FunctionAssurancePolicyPolicySettings
    readOnly Boolean
    registries List<String>
    List of registries.
    registry String
    requiredLabels List<FunctionAssurancePolicyRequiredLabel>
    requiredLabelsEnabled Boolean
    scanMalwareInArchives Boolean
    scanNfsMounts Boolean
    scanProcessMemory Boolean
    scanSensitiveData Boolean
    Indicates if scan should include sensitive data in the image.
    scanWindowsRegistry Boolean
    scapEnabled Boolean
    Indicates if scanning should include scap.
    scapFiles List<String>
    List of SCAP user scripts for checks.
    scopes List<FunctionAssurancePolicyScope>
    trustedBaseImages List<FunctionAssurancePolicyTrustedBaseImage>
    List of trusted images.
    trustedBaseImagesEnabled Boolean
    Indicates if list of trusted base images is relevant.
    vulnerabilityExploitability Boolean
    vulnerabilityScoreRanges List<Integer>
    whitelistedLicenses List<String>
    List of whitelisted licenses.
    whitelistedLicensesEnabled Boolean
    Indicates if license blacklist is relevant.
    aggregatedVulnerability {[key: string]: string}
    Aggregated vulnerability information.
    allowedImages string[]
    List of explicitly allowed images.
    applicationScopes string[]
    assuranceType string
    What type of assurance policy is described.
    auditOnFailure boolean
    Indicates if auditing for failures.
    author string
    Name of user account that created the policy.
    autoScanConfigured boolean
    autoScanEnabled boolean
    autoScanTimes FunctionAssurancePolicyAutoScanTime[]
    blacklistPermissions string[]
    List of function's forbidden permissions.
    blacklistPermissionsEnabled boolean
    Indicates if blacklist permissions is relevant.
    blacklistedLicenses string[]
    List of blacklisted licenses.
    blacklistedLicensesEnabled boolean
    Indicates if license blacklist is relevant.
    blockFailed boolean
    Indicates if failed images are blocked.
    controlExcludeNoFix boolean
    customChecks FunctionAssurancePolicyCustomCheck[]
    List of Custom user scripts for checks.
    customChecksEnabled boolean
    Indicates if scanning should include custom checks.
    customSeverity string
    customSeverityEnabled boolean
    cvesBlackListEnabled boolean
    Indicates if CVEs blacklist is relevant.
    cvesBlackLists string[]
    List of CVEs blacklisted items.
    cvesWhiteListEnabled boolean
    Indicates if CVEs whitelist is relevant.
    cvesWhiteLists string[]
    List of cves whitelisted licenses
    cvssSeverity string
    Identifier of the cvss severity.
    cvssSeverityEnabled boolean
    Indicates if the cvss severity is scanned.
    cvssSeverityExcludeNoFix boolean
    Indicates that policy should ignore cvss cases that do not have a known fix.
    description string
    disallowExploitTypes string[]
    disallowMalware boolean
    Indicates if malware should block the image.
    dockerCisEnabled boolean
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    domain string
    Name of the container image.
    domainName string
    dtaEnabled boolean
    dtaSeverity string
    enabled boolean
    enforce boolean
    enforceAfterDays number
    enforceExcessivePermissions boolean
    exceptionalMonitoredMalwarePaths string[]
    excludeApplicationScopes string[]
    failCicd boolean
    Indicates if cicd failures will fail the image.
    forbiddenLabels FunctionAssurancePolicyForbiddenLabel[]
    forbiddenLabelsEnabled boolean
    forceMicroenforcer boolean
    functionIntegrityEnabled boolean
    ignoreBaseImageVln boolean
    ignoreRecentlyPublishedVln boolean
    ignoreRecentlyPublishedVlnPeriod number
    ignoreRiskResourcesEnabled boolean
    Indicates if risk resources are ignored.
    ignoredRiskResources string[]
    List of ignored risk resources.
    ignoredSensitiveResources string[]
    images string[]
    List of images.
    kubeCisEnabled boolean
    Performs a Kubernetes CIS benchmark check for the host.
    kubernetesControls FunctionAssurancePolicyKubernetesControl[]
    List of Kubernetes controls.
    kubernetesControlsAvdIds string[]
    kubernetesControlsNames string[]
    labels string[]
    List of labels.
    lastupdate string
    linuxCisEnabled boolean
    malwareAction string
    maximumScore number
    Value of allowed maximum score.
    maximumScoreEnabled boolean
    Indicates if exceeding the maximum score is scanned.
    maximumScoreExcludeNoFix boolean
    monitoredMalwarePaths string[]
    name string
    onlyNoneRootUsers boolean
    Indicates if raise a warning for images that should only be run as root.
    openshiftHardeningEnabled boolean
    packagesBlackListEnabled boolean
    Indicates if packages blacklist is relevant.
    packagesBlackLists FunctionAssurancePolicyPackagesBlackList[]
    List of blacklisted images.
    packagesWhiteListEnabled boolean
    Indicates if packages whitelist is relevant.
    packagesWhiteLists FunctionAssurancePolicyPackagesWhiteList[]
    List of whitelisted images.
    partialResultsImageFail boolean
    permission string
    policySettings FunctionAssurancePolicyPolicySettings
    readOnly boolean
    registries string[]
    List of registries.
    registry string
    requiredLabels FunctionAssurancePolicyRequiredLabel[]
    requiredLabelsEnabled boolean
    scanMalwareInArchives boolean
    scanNfsMounts boolean
    scanProcessMemory boolean
    scanSensitiveData boolean
    Indicates if scan should include sensitive data in the image.
    scanWindowsRegistry boolean
    scapEnabled boolean
    Indicates if scanning should include scap.
    scapFiles string[]
    List of SCAP user scripts for checks.
    scopes FunctionAssurancePolicyScope[]
    trustedBaseImages FunctionAssurancePolicyTrustedBaseImage[]
    List of trusted images.
    trustedBaseImagesEnabled boolean
    Indicates if list of trusted base images is relevant.
    vulnerabilityExploitability boolean
    vulnerabilityScoreRanges number[]
    whitelistedLicenses string[]
    List of whitelisted licenses.
    whitelistedLicensesEnabled boolean
    Indicates if license blacklist is relevant.
    aggregated_vulnerability Mapping[str, str]
    Aggregated vulnerability information.
    allowed_images Sequence[str]
    List of explicitly allowed images.
    application_scopes Sequence[str]
    assurance_type str
    What type of assurance policy is described.
    audit_on_failure bool
    Indicates if auditing for failures.
    author str
    Name of user account that created the policy.
    auto_scan_configured bool
    auto_scan_enabled bool
    auto_scan_times Sequence[FunctionAssurancePolicyAutoScanTimeArgs]
    blacklist_permissions Sequence[str]
    List of function's forbidden permissions.
    blacklist_permissions_enabled bool
    Indicates if blacklist permissions is relevant.
    blacklisted_licenses Sequence[str]
    List of blacklisted licenses.
    blacklisted_licenses_enabled bool
    Indicates if license blacklist is relevant.
    block_failed bool
    Indicates if failed images are blocked.
    control_exclude_no_fix bool
    custom_checks Sequence[FunctionAssurancePolicyCustomCheckArgs]
    List of Custom user scripts for checks.
    custom_checks_enabled bool
    Indicates if scanning should include custom checks.
    custom_severity str
    custom_severity_enabled bool
    cves_black_list_enabled bool
    Indicates if CVEs blacklist is relevant.
    cves_black_lists Sequence[str]
    List of CVEs blacklisted items.
    cves_white_list_enabled bool
    Indicates if CVEs whitelist is relevant.
    cves_white_lists Sequence[str]
    List of cves whitelisted licenses
    cvss_severity str
    Identifier of the cvss severity.
    cvss_severity_enabled bool
    Indicates if the cvss severity is scanned.
    cvss_severity_exclude_no_fix bool
    Indicates that policy should ignore cvss cases that do not have a known fix.
    description str
    disallow_exploit_types Sequence[str]
    disallow_malware bool
    Indicates if malware should block the image.
    docker_cis_enabled bool
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    domain str
    Name of the container image.
    domain_name str
    dta_enabled bool
    dta_severity str
    enabled bool
    enforce bool
    enforce_after_days int
    enforce_excessive_permissions bool
    exceptional_monitored_malware_paths Sequence[str]
    exclude_application_scopes Sequence[str]
    fail_cicd bool
    Indicates if cicd failures will fail the image.
    forbidden_labels Sequence[FunctionAssurancePolicyForbiddenLabelArgs]
    forbidden_labels_enabled bool
    force_microenforcer bool
    function_integrity_enabled bool
    ignore_base_image_vln bool
    ignore_recently_published_vln bool
    ignore_recently_published_vln_period int
    ignore_risk_resources_enabled bool
    Indicates if risk resources are ignored.
    ignored_risk_resources Sequence[str]
    List of ignored risk resources.
    ignored_sensitive_resources Sequence[str]
    images Sequence[str]
    List of images.
    kube_cis_enabled bool
    Performs a Kubernetes CIS benchmark check for the host.
    kubernetes_controls Sequence[FunctionAssurancePolicyKubernetesControlArgs]
    List of Kubernetes controls.
    kubernetes_controls_avd_ids Sequence[str]
    kubernetes_controls_names Sequence[str]
    labels Sequence[str]
    List of labels.
    lastupdate str
    linux_cis_enabled bool
    malware_action str
    maximum_score float
    Value of allowed maximum score.
    maximum_score_enabled bool
    Indicates if exceeding the maximum score is scanned.
    maximum_score_exclude_no_fix bool
    monitored_malware_paths Sequence[str]
    name str
    only_none_root_users bool
    Indicates if raise a warning for images that should only be run as root.
    openshift_hardening_enabled bool
    packages_black_list_enabled bool
    Indicates if packages blacklist is relevant.
    packages_black_lists Sequence[FunctionAssurancePolicyPackagesBlackListArgs]
    List of blacklisted images.
    packages_white_list_enabled bool
    Indicates if packages whitelist is relevant.
    packages_white_lists Sequence[FunctionAssurancePolicyPackagesWhiteListArgs]
    List of whitelisted images.
    partial_results_image_fail bool
    permission str
    policy_settings FunctionAssurancePolicyPolicySettingsArgs
    read_only bool
    registries Sequence[str]
    List of registries.
    registry str
    required_labels Sequence[FunctionAssurancePolicyRequiredLabelArgs]
    required_labels_enabled bool
    scan_malware_in_archives bool
    scan_nfs_mounts bool
    scan_process_memory bool
    scan_sensitive_data bool
    Indicates if scan should include sensitive data in the image.
    scan_windows_registry bool
    scap_enabled bool
    Indicates if scanning should include scap.
    scap_files Sequence[str]
    List of SCAP user scripts for checks.
    scopes Sequence[FunctionAssurancePolicyScopeArgs]
    trusted_base_images Sequence[FunctionAssurancePolicyTrustedBaseImageArgs]
    List of trusted images.
    trusted_base_images_enabled bool
    Indicates if list of trusted base images is relevant.
    vulnerability_exploitability bool
    vulnerability_score_ranges Sequence[int]
    whitelisted_licenses Sequence[str]
    List of whitelisted licenses.
    whitelisted_licenses_enabled bool
    Indicates if license blacklist is relevant.
    aggregatedVulnerability Map<String>
    Aggregated vulnerability information.
    allowedImages List<String>
    List of explicitly allowed images.
    applicationScopes List<String>
    assuranceType String
    What type of assurance policy is described.
    auditOnFailure Boolean
    Indicates if auditing for failures.
    author String
    Name of user account that created the policy.
    autoScanConfigured Boolean
    autoScanEnabled Boolean
    autoScanTimes List<Property Map>
    blacklistPermissions List<String>
    List of function's forbidden permissions.
    blacklistPermissionsEnabled Boolean
    Indicates if blacklist permissions is relevant.
    blacklistedLicenses List<String>
    List of blacklisted licenses.
    blacklistedLicensesEnabled Boolean
    Indicates if license blacklist is relevant.
    blockFailed Boolean
    Indicates if failed images are blocked.
    controlExcludeNoFix Boolean
    customChecks List<Property Map>
    List of Custom user scripts for checks.
    customChecksEnabled Boolean
    Indicates if scanning should include custom checks.
    customSeverity String
    customSeverityEnabled Boolean
    cvesBlackListEnabled Boolean
    Indicates if CVEs blacklist is relevant.
    cvesBlackLists List<String>
    List of CVEs blacklisted items.
    cvesWhiteListEnabled Boolean
    Indicates if CVEs whitelist is relevant.
    cvesWhiteLists List<String>
    List of cves whitelisted licenses
    cvssSeverity String
    Identifier of the cvss severity.
    cvssSeverityEnabled Boolean
    Indicates if the cvss severity is scanned.
    cvssSeverityExcludeNoFix Boolean
    Indicates that policy should ignore cvss cases that do not have a known fix.
    description String
    disallowExploitTypes List<String>
    disallowMalware Boolean
    Indicates if malware should block the image.
    dockerCisEnabled Boolean
    Checks the host according to the Docker CIS benchmark, if Docker is found on the host.
    domain String
    Name of the container image.
    domainName String
    dtaEnabled Boolean
    dtaSeverity String
    enabled Boolean
    enforce Boolean
    enforceAfterDays Number
    enforceExcessivePermissions Boolean
    exceptionalMonitoredMalwarePaths List<String>
    excludeApplicationScopes List<String>
    failCicd Boolean
    Indicates if cicd failures will fail the image.
    forbiddenLabels List<Property Map>
    forbiddenLabelsEnabled Boolean
    forceMicroenforcer Boolean
    functionIntegrityEnabled Boolean
    ignoreBaseImageVln Boolean
    ignoreRecentlyPublishedVln Boolean
    ignoreRecentlyPublishedVlnPeriod Number
    ignoreRiskResourcesEnabled Boolean
    Indicates if risk resources are ignored.
    ignoredRiskResources List<String>
    List of ignored risk resources.
    ignoredSensitiveResources List<String>
    images List<String>
    List of images.
    kubeCisEnabled Boolean
    Performs a Kubernetes CIS benchmark check for the host.
    kubernetesControls List<Property Map>
    List of Kubernetes controls.
    kubernetesControlsAvdIds List<String>
    kubernetesControlsNames List<String>
    labels List<String>
    List of labels.
    lastupdate String
    linuxCisEnabled Boolean
    malwareAction String
    maximumScore Number
    Value of allowed maximum score.
    maximumScoreEnabled Boolean
    Indicates if exceeding the maximum score is scanned.
    maximumScoreExcludeNoFix Boolean
    monitoredMalwarePaths List<String>
    name String
    onlyNoneRootUsers Boolean
    Indicates if raise a warning for images that should only be run as root.
    openshiftHardeningEnabled Boolean
    packagesBlackListEnabled Boolean
    Indicates if packages blacklist is relevant.
    packagesBlackLists List<Property Map>
    List of blacklisted images.
    packagesWhiteListEnabled Boolean
    Indicates if packages whitelist is relevant.
    packagesWhiteLists List<Property Map>
    List of whitelisted images.
    partialResultsImageFail Boolean
    permission String
    policySettings Property Map
    readOnly Boolean
    registries List<String>
    List of registries.
    registry String
    requiredLabels List<Property Map>
    requiredLabelsEnabled Boolean
    scanMalwareInArchives Boolean
    scanNfsMounts Boolean
    scanProcessMemory Boolean
    scanSensitiveData Boolean
    Indicates if scan should include sensitive data in the image.
    scanWindowsRegistry Boolean
    scapEnabled Boolean
    Indicates if scanning should include scap.
    scapFiles List<String>
    List of SCAP user scripts for checks.
    scopes List<Property Map>
    trustedBaseImages List<Property Map>
    List of trusted images.
    trustedBaseImagesEnabled Boolean
    Indicates if list of trusted base images is relevant.
    vulnerabilityExploitability Boolean
    vulnerabilityScoreRanges List<Number>
    whitelistedLicenses List<String>
    List of whitelisted licenses.
    whitelistedLicensesEnabled Boolean
    Indicates if license blacklist is relevant.

    Supporting Types

    FunctionAssurancePolicyAutoScanTime, FunctionAssurancePolicyAutoScanTimeArgs

    Iteration int
    IterationType string
    Time string
    WeekDays List<string>
    Iteration int
    IterationType string
    Time string
    WeekDays []string
    iteration Integer
    iterationType String
    time String
    weekDays List<String>
    iteration number
    iterationType string
    time string
    weekDays string[]
    iteration int
    iteration_type str
    time str
    week_days Sequence[str]
    iteration Number
    iterationType String
    time String
    weekDays List<String>

    FunctionAssurancePolicyCustomCheck, FunctionAssurancePolicyCustomCheckArgs

    Author string
    Name of user account that created the policy.
    Description string
    Engine string
    LastModified int
    Name string
    Path string
    ReadOnly bool
    ScriptId string
    Severity string
    Snippet string
    Author string
    Name of user account that created the policy.
    Description string
    Engine string
    LastModified int
    Name string
    Path string
    ReadOnly bool
    ScriptId string
    Severity string
    Snippet string
    author String
    Name of user account that created the policy.
    description String
    engine String
    lastModified Integer
    name String
    path String
    readOnly Boolean
    scriptId String
    severity String
    snippet String
    author string
    Name of user account that created the policy.
    description string
    engine string
    lastModified number
    name string
    path string
    readOnly boolean
    scriptId string
    severity string
    snippet string
    author str
    Name of user account that created the policy.
    description str
    engine str
    last_modified int
    name str
    path str
    read_only bool
    script_id str
    severity str
    snippet str
    author String
    Name of user account that created the policy.
    description String
    engine String
    lastModified Number
    name String
    path String
    readOnly Boolean
    scriptId String
    severity String
    snippet String

    FunctionAssurancePolicyForbiddenLabel, FunctionAssurancePolicyForbiddenLabelArgs

    Key string
    Value string
    Key string
    Value string
    key String
    value String
    key string
    value string
    key str
    value str
    key String
    value String

    FunctionAssurancePolicyKubernetesControl, FunctionAssurancePolicyKubernetesControlArgs

    AvdId string
    Description string
    Enabled bool
    Kind string
    Name string
    Ootb bool
    ScriptId int
    Severity string
    AvdId string
    Description string
    Enabled bool
    Kind string
    Name string
    Ootb bool
    ScriptId int
    Severity string
    avdId String
    description String
    enabled Boolean
    kind String
    name String
    ootb Boolean
    scriptId Integer
    severity String
    avdId string
    description string
    enabled boolean
    kind string
    name string
    ootb boolean
    scriptId number
    severity string
    avdId String
    description String
    enabled Boolean
    kind String
    name String
    ootb Boolean
    scriptId Number
    severity String

    FunctionAssurancePolicyPackagesBlackList, FunctionAssurancePolicyPackagesBlackListArgs

    Arch string
    Display string
    Epoch string
    Format string
    License string
    Name string
    Release string
    Version string
    VersionRange string
    Arch string
    Display string
    Epoch string
    Format string
    License string
    Name string
    Release string
    Version string
    VersionRange string
    arch String
    display String
    epoch String
    format String
    license String
    name String
    release String
    version String
    versionRange String
    arch string
    display string
    epoch string
    format string
    license string
    name string
    release string
    version string
    versionRange string
    arch String
    display String
    epoch String
    format String
    license String
    name String
    release String
    version String
    versionRange String

    FunctionAssurancePolicyPackagesWhiteList, FunctionAssurancePolicyPackagesWhiteListArgs

    Arch string
    Display string
    Epoch string
    Format string
    License string
    Name string
    Release string
    Version string
    VersionRange string
    Arch string
    Display string
    Epoch string
    Format string
    License string
    Name string
    Release string
    Version string
    VersionRange string
    arch String
    display String
    epoch String
    format String
    license String
    name String
    release String
    version String
    versionRange String
    arch string
    display string
    epoch string
    format string
    license string
    name string
    release string
    version string
    versionRange string
    arch String
    display String
    epoch String
    format String
    license String
    name String
    release String
    version String
    versionRange String

    FunctionAssurancePolicyPolicySettings, FunctionAssurancePolicyPolicySettingsArgs

    enforce Boolean
    isAuditChecked Boolean
    warn Boolean
    warningMessage String
    enforce boolean
    isAuditChecked boolean
    warn boolean
    warningMessage string
    enforce Boolean
    isAuditChecked Boolean
    warn Boolean
    warningMessage String

    FunctionAssurancePolicyRequiredLabel, FunctionAssurancePolicyRequiredLabelArgs

    Key string
    Value string
    Key string
    Value string
    key String
    value String
    key string
    value string
    key str
    value str
    key String
    value String

    FunctionAssurancePolicyScope, FunctionAssurancePolicyScopeArgs

    FunctionAssurancePolicyScopeVariable, FunctionAssurancePolicyScopeVariableArgs

    Attribute string
    Name string
    Value string
    Attribute string
    Name string
    Value string
    attribute String
    name String
    value String
    attribute string
    name string
    value string
    attribute str
    name str
    value str
    attribute String
    name String
    value String

    FunctionAssurancePolicyTrustedBaseImage, FunctionAssurancePolicyTrustedBaseImageArgs

    Imagename string
    Registry string
    Imagename string
    Registry string
    imagename String
    registry String
    imagename string
    registry string
    imagename String
    registry String

    Package Details

    Repository
    aquasec pulumiverse/pulumi-aquasec
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aquasec Terraform Provider.
    aquasec logo
    Aquasec v0.8.29 published on Monday, Jul 22, 2024 by Pulumiverse