Google Cloud v8.21.0, Mar 5 25

Google Cloud v8.21.0 published on Wednesday, Mar 5, 2025 by Pulumi

gcp.compute.SecurityScanConfig

Explore with Pulumi AI

Google Cloud v8.21.0 published on Wednesday, Mar 5, 2025 by Pulumi

pulumi/pulumi-gcp

Example Usage

Scan Config Basic

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const scannerStaticIp = new gcp.compute.Address("scanner_static_ip", {name: "scan-basic-static-ip"});
const scan_config = new gcp.compute.SecurityScanConfig("scan-config", {
    displayName: "scan-config",
    startingUrls: [pulumi.interpolate`http://${scannerStaticIp.address}`],
    targetPlatforms: ["COMPUTE"],
});

import pulumi
import pulumi_gcp as gcp

scanner_static_ip = gcp.compute.Address("scanner_static_ip", name="scan-basic-static-ip")
scan_config = gcp.compute.SecurityScanConfig("scan-config",
    display_name="scan-config",
    starting_urls=[scanner_static_ip.address.apply(lambda address: f"http://{address}")],
    target_platforms=["COMPUTE"])

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		scannerStaticIp, err := compute.NewAddress(ctx, "scanner_static_ip", &compute.AddressArgs{
			Name: pulumi.String("scan-basic-static-ip"),
		})
		if err != nil {
			return err
		}
		_, err = compute.NewSecurityScanConfig(ctx, "scan-config", &compute.SecurityScanConfigArgs{
			DisplayName: pulumi.String("scan-config"),
			StartingUrls: pulumi.StringArray{
				scannerStaticIp.Address.ApplyT(func(address string) (string, error) {
					return fmt.Sprintf("http://%v", address), nil
				}).(pulumi.StringOutput),
			},
			TargetPlatforms: pulumi.StringArray{
				pulumi.String("COMPUTE"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var scannerStaticIp = new Gcp.Compute.Address("scanner_static_ip", new()
    {
        Name = "scan-basic-static-ip",
    });

    var scan_config = new Gcp.Compute.SecurityScanConfig("scan-config", new()
    {
        DisplayName = "scan-config",
        StartingUrls = new[]
        {
            scannerStaticIp.IPAddress.Apply(address => $"http://{address}"),
        },
        TargetPlatforms = new[]
        {
            "COMPUTE",
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Address;
import com.pulumi.gcp.compute.AddressArgs;
import com.pulumi.gcp.compute.SecurityScanConfig;
import com.pulumi.gcp.compute.SecurityScanConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var scannerStaticIp = new Address("scannerStaticIp", AddressArgs.builder()
            .name("scan-basic-static-ip")
            .build());

        var scan_config = new SecurityScanConfig("scan-config", SecurityScanConfigArgs.builder()
            .displayName("scan-config")
            .startingUrls(scannerStaticIp.address().applyValue(address -> String.format("http://%s", address)))
            .targetPlatforms("COMPUTE")
            .build());

    }
}

resources:
  scannerStaticIp:
    type: gcp:compute:Address
    name: scanner_static_ip
    properties:
      name: scan-basic-static-ip
  scan-config:
    type: gcp:compute:SecurityScanConfig
    properties:
      displayName: scan-config
      startingUrls:
        - http://${scannerStaticIp.address}
      targetPlatforms:
        - COMPUTE

Create SecurityScanConfig Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SecurityScanConfig(name: string, args: SecurityScanConfigArgs, opts?: CustomResourceOptions);

@overload
def SecurityScanConfig(resource_name: str,
                       args: SecurityScanConfigArgs,
                       opts: Optional[ResourceOptions] = None)

@overload
def SecurityScanConfig(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       display_name: Optional[str] = None,
                       starting_urls: Optional[Sequence[str]] = None,
                       authentication: Optional[SecurityScanConfigAuthenticationArgs] = None,
                       blacklist_patterns: Optional[Sequence[str]] = None,
                       export_to_security_command_center: Optional[str] = None,
                       max_qps: Optional[int] = None,
                       project: Optional[str] = None,
                       schedule: Optional[SecurityScanConfigScheduleArgs] = None,
                       target_platforms: Optional[Sequence[str]] = None,
                       user_agent: Optional[str] = None)

func NewSecurityScanConfig(ctx *Context, name string, args SecurityScanConfigArgs, opts ...ResourceOption) (*SecurityScanConfig, error)

public SecurityScanConfig(string name, SecurityScanConfigArgs args, CustomResourceOptions? opts = null)

public SecurityScanConfig(String name, SecurityScanConfigArgs args)
public SecurityScanConfig(String name, SecurityScanConfigArgs args, CustomResourceOptions options)

type: gcp:compute:SecurityScanConfig
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SecurityScanConfigArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecurityScanConfigArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecurityScanConfigArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecurityScanConfigArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecurityScanConfigArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var securityScanConfigResource = new Gcp.Compute.SecurityScanConfig("securityScanConfigResource", new()
{
    DisplayName = "string",
    StartingUrls = new[]
    {
        "string",
    },
    Authentication = new Gcp.Compute.Inputs.SecurityScanConfigAuthenticationArgs
    {
        CustomAccount = new Gcp.Compute.Inputs.SecurityScanConfigAuthenticationCustomAccountArgs
        {
            LoginUrl = "string",
            Password = "string",
            Username = "string",
        },
        GoogleAccount = new Gcp.Compute.Inputs.SecurityScanConfigAuthenticationGoogleAccountArgs
        {
            Password = "string",
            Username = "string",
        },
    },
    BlacklistPatterns = new[]
    {
        "string",
    },
    ExportToSecurityCommandCenter = "string",
    MaxQps = 0,
    Project = "string",
    Schedule = new Gcp.Compute.Inputs.SecurityScanConfigScheduleArgs
    {
        IntervalDurationDays = 0,
        ScheduleTime = "string",
    },
    TargetPlatforms = new[]
    {
        "string",
    },
    UserAgent = "string",
});

example, err := compute.NewSecurityScanConfig(ctx, "securityScanConfigResource", &compute.SecurityScanConfigArgs{
	DisplayName: pulumi.String("string"),
	StartingUrls: pulumi.StringArray{
		pulumi.String("string"),
	},
	Authentication: &compute.SecurityScanConfigAuthenticationArgs{
		CustomAccount: &compute.SecurityScanConfigAuthenticationCustomAccountArgs{
			LoginUrl: pulumi.String("string"),
			Password: pulumi.String("string"),
			Username: pulumi.String("string"),
		},
		GoogleAccount: &compute.SecurityScanConfigAuthenticationGoogleAccountArgs{
			Password: pulumi.String("string"),
			Username: pulumi.String("string"),
		},
	},
	BlacklistPatterns: pulumi.StringArray{
		pulumi.String("string"),
	},
	ExportToSecurityCommandCenter: pulumi.String("string"),
	MaxQps:                        pulumi.Int(0),
	Project:                       pulumi.String("string"),
	Schedule: &compute.SecurityScanConfigScheduleArgs{
		IntervalDurationDays: pulumi.Int(0),
		ScheduleTime:         pulumi.String("string"),
	},
	TargetPlatforms: pulumi.StringArray{
		pulumi.String("string"),
	},
	UserAgent: pulumi.String("string"),
})

var securityScanConfigResource = new SecurityScanConfig("securityScanConfigResource", SecurityScanConfigArgs.builder()
    .displayName("string")
    .startingUrls("string")
    .authentication(SecurityScanConfigAuthenticationArgs.builder()
        .customAccount(SecurityScanConfigAuthenticationCustomAccountArgs.builder()
            .loginUrl("string")
            .password("string")
            .username("string")
            .build())
        .googleAccount(SecurityScanConfigAuthenticationGoogleAccountArgs.builder()
            .password("string")
            .username("string")
            .build())
        .build())
    .blacklistPatterns("string")
    .exportToSecurityCommandCenter("string")
    .maxQps(0)
    .project("string")
    .schedule(SecurityScanConfigScheduleArgs.builder()
        .intervalDurationDays(0)
        .scheduleTime("string")
        .build())
    .targetPlatforms("string")
    .userAgent("string")
    .build());

security_scan_config_resource = gcp.compute.SecurityScanConfig("securityScanConfigResource",
    display_name="string",
    starting_urls=["string"],
    authentication={
        "custom_account": {
            "login_url": "string",
            "password": "string",
            "username": "string",
        },
        "google_account": {
            "password": "string",
            "username": "string",
        },
    },
    blacklist_patterns=["string"],
    export_to_security_command_center="string",
    max_qps=0,
    project="string",
    schedule={
        "interval_duration_days": 0,
        "schedule_time": "string",
    },
    target_platforms=["string"],
    user_agent="string")

const securityScanConfigResource = new gcp.compute.SecurityScanConfig("securityScanConfigResource", {
    displayName: "string",
    startingUrls: ["string"],
    authentication: {
        customAccount: {
            loginUrl: "string",
            password: "string",
            username: "string",
        },
        googleAccount: {
            password: "string",
            username: "string",
        },
    },
    blacklistPatterns: ["string"],
    exportToSecurityCommandCenter: "string",
    maxQps: 0,
    project: "string",
    schedule: {
        intervalDurationDays: 0,
        scheduleTime: "string",
    },
    targetPlatforms: ["string"],
    userAgent: "string",
});

type: gcp:compute:SecurityScanConfig
properties:
    authentication:
        customAccount:
            loginUrl: string
            password: string
            username: string
        googleAccount:
            password: string
            username: string
    blacklistPatterns:
        - string
    displayName: string
    exportToSecurityCommandCenter: string
    maxQps: 0
    project: string
    schedule:
        intervalDurationDays: 0
        scheduleTime: string
    startingUrls:
        - string
    targetPlatforms:
        - string
    userAgent: string

SecurityScanConfig Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SecurityScanConfig resource accepts the following input properties:

DisplayName string: The user provider display name of the ScanConfig.
StartingUrls List<string>: The starting URLs from which the scanner finds site pages.
Authentication SecurityScanConfigAuthentication: The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.
BlacklistPatterns List<string>: The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urls
ExportToSecurityCommandCenter string: Controls export of scan configurations and results to Cloud Security Command Center. Default value is ENABLED. Possible values are: ENABLED, DISABLED.
MaxQps int: The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. Defaults to 15.
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Schedule SecurityScanConfigSchedule: The schedule of the ScanConfig Structure is documented below.
TargetPlatforms List<string>: Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default. Each value may be one of: APP_ENGINE, COMPUTE.
UserAgent string: Type of the user agents used for scanning Default value is CHROME_LINUX. Possible values are: USER_AGENT_UNSPECIFIED, CHROME_LINUX, CHROME_ANDROID, SAFARI_IPHONE.

DisplayName string: The user provider display name of the ScanConfig.
StartingUrls []string: The starting URLs from which the scanner finds site pages.
Authentication SecurityScanConfigAuthenticationArgs: The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.
BlacklistPatterns []string: The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urls
ExportToSecurityCommandCenter string: Controls export of scan configurations and results to Cloud Security Command Center. Default value is ENABLED. Possible values are: ENABLED, DISABLED.
MaxQps int: The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. Defaults to 15.
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Schedule SecurityScanConfigScheduleArgs: The schedule of the ScanConfig Structure is documented below.
TargetPlatforms []string: Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default. Each value may be one of: APP_ENGINE, COMPUTE.
UserAgent string: Type of the user agents used for scanning Default value is CHROME_LINUX. Possible values are: USER_AGENT_UNSPECIFIED, CHROME_LINUX, CHROME_ANDROID, SAFARI_IPHONE.

displayName String: The user provider display name of the ScanConfig.
startingUrls List<String>: The starting URLs from which the scanner finds site pages.
authentication SecurityScanConfigAuthentication: The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.
blacklistPatterns List<String>: The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urls
exportToSecurityCommandCenter String: Controls export of scan configurations and results to Cloud Security Command Center. Default value is ENABLED. Possible values are: ENABLED, DISABLED.
maxQps Integer: The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. Defaults to 15.
project String: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
schedule SecurityScanConfigSchedule: The schedule of the ScanConfig Structure is documented below.
targetPlatforms List<String>: Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default. Each value may be one of: APP_ENGINE, COMPUTE.
userAgent String: Type of the user agents used for scanning Default value is CHROME_LINUX. Possible values are: USER_AGENT_UNSPECIFIED, CHROME_LINUX, CHROME_ANDROID, SAFARI_IPHONE.

displayName string: The user provider display name of the ScanConfig.
startingUrls string[]: The starting URLs from which the scanner finds site pages.
authentication SecurityScanConfigAuthentication: The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.
blacklistPatterns string[]: The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urls
exportToSecurityCommandCenter string: Controls export of scan configurations and results to Cloud Security Command Center. Default value is ENABLED. Possible values are: ENABLED, DISABLED.
maxQps number: The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. Defaults to 15.
project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
schedule SecurityScanConfigSchedule: The schedule of the ScanConfig Structure is documented below.
targetPlatforms string[]: Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default. Each value may be one of: APP_ENGINE, COMPUTE.
userAgent string: Type of the user agents used for scanning Default value is CHROME_LINUX. Possible values are: USER_AGENT_UNSPECIFIED, CHROME_LINUX, CHROME_ANDROID, SAFARI_IPHONE.

display_name str: The user provider display name of the ScanConfig.
starting_urls Sequence[str]: The starting URLs from which the scanner finds site pages.
authentication SecurityScanConfigAuthenticationArgs: The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.
blacklist_patterns Sequence[str]: The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urls
export_to_security_command_center str: Controls export of scan configurations and results to Cloud Security Command Center. Default value is ENABLED. Possible values are: ENABLED, DISABLED.
max_qps int: The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. Defaults to 15.
project str: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
schedule SecurityScanConfigScheduleArgs: The schedule of the ScanConfig Structure is documented below.
target_platforms Sequence[str]: Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default. Each value may be one of: APP_ENGINE, COMPUTE.
user_agent str: Type of the user agents used for scanning Default value is CHROME_LINUX. Possible values are: USER_AGENT_UNSPECIFIED, CHROME_LINUX, CHROME_ANDROID, SAFARI_IPHONE.

displayName String: The user provider display name of the ScanConfig.
startingUrls List<String>: The starting URLs from which the scanner finds site pages.
authentication Property Map: The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.
blacklistPatterns List<String>: The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urls
exportToSecurityCommandCenter String: Controls export of scan configurations and results to Cloud Security Command Center. Default value is ENABLED. Possible values are: ENABLED, DISABLED.
maxQps Number: The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. Defaults to 15.
project String: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
schedule Property Map: The schedule of the ScanConfig Structure is documented below.
targetPlatforms List<String>: Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default. Each value may be one of: APP_ENGINE, COMPUTE.
userAgent String: Type of the user agents used for scanning Default value is CHROME_LINUX. Possible values are: USER_AGENT_UNSPECIFIED, CHROME_LINUX, CHROME_ANDROID, SAFARI_IPHONE.

Outputs

All input properties are implicitly available as output properties. Additionally, the SecurityScanConfig resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
Name string: A server defined name for this index. Format: projects/{{project}}/scanConfigs/{{server_generated_id}}

Id string: The provider-assigned unique ID for this managed resource.
Name string: A server defined name for this index. Format: projects/{{project}}/scanConfigs/{{server_generated_id}}

id String: The provider-assigned unique ID for this managed resource.
name String: A server defined name for this index. Format: projects/{{project}}/scanConfigs/{{server_generated_id}}

id string: The provider-assigned unique ID for this managed resource.
name string: A server defined name for this index. Format: projects/{{project}}/scanConfigs/{{server_generated_id}}

id str: The provider-assigned unique ID for this managed resource.
name str: A server defined name for this index. Format: projects/{{project}}/scanConfigs/{{server_generated_id}}

id String: The provider-assigned unique ID for this managed resource.
name String: A server defined name for this index. Format: projects/{{project}}/scanConfigs/{{server_generated_id}}

Look up Existing SecurityScanConfig Resource

Get an existing SecurityScanConfig resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecurityScanConfigState, opts?: CustomResourceOptions): SecurityScanConfig

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        authentication: Optional[SecurityScanConfigAuthenticationArgs] = None,
        blacklist_patterns: Optional[Sequence[str]] = None,
        display_name: Optional[str] = None,
        export_to_security_command_center: Optional[str] = None,
        max_qps: Optional[int] = None,
        name: Optional[str] = None,
        project: Optional[str] = None,
        schedule: Optional[SecurityScanConfigScheduleArgs] = None,
        starting_urls: Optional[Sequence[str]] = None,
        target_platforms: Optional[Sequence[str]] = None,
        user_agent: Optional[str] = None) -> SecurityScanConfig

func GetSecurityScanConfig(ctx *Context, name string, id IDInput, state *SecurityScanConfigState, opts ...ResourceOption) (*SecurityScanConfig, error)

public static SecurityScanConfig Get(string name, Input<string> id, SecurityScanConfigState? state, CustomResourceOptions? opts = null)

public static SecurityScanConfig get(String name, Output<String> id, SecurityScanConfigState state, CustomResourceOptions options)

resources:  _:    type: gcp:compute:SecurityScanConfig    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Authentication SecurityScanConfigAuthentication: The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.
BlacklistPatterns List<string>: The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urls
DisplayName string: The user provider display name of the ScanConfig.
ExportToSecurityCommandCenter string: Controls export of scan configurations and results to Cloud Security Command Center. Default value is ENABLED. Possible values are: ENABLED, DISABLED.
MaxQps int: The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. Defaults to 15.
Name string: A server defined name for this index. Format: projects/{{project}}/scanConfigs/{{server_generated_id}}
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Schedule SecurityScanConfigSchedule: The schedule of the ScanConfig Structure is documented below.
StartingUrls List<string>: The starting URLs from which the scanner finds site pages.
TargetPlatforms List<string>: Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default. Each value may be one of: APP_ENGINE, COMPUTE.
UserAgent string: Type of the user agents used for scanning Default value is CHROME_LINUX. Possible values are: USER_AGENT_UNSPECIFIED, CHROME_LINUX, CHROME_ANDROID, SAFARI_IPHONE.

Authentication SecurityScanConfigAuthenticationArgs: The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.
BlacklistPatterns []string: The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urls
DisplayName string: The user provider display name of the ScanConfig.
ExportToSecurityCommandCenter string: Controls export of scan configurations and results to Cloud Security Command Center. Default value is ENABLED. Possible values are: ENABLED, DISABLED.
MaxQps int: The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. Defaults to 15.
Name string: A server defined name for this index. Format: projects/{{project}}/scanConfigs/{{server_generated_id}}
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Schedule SecurityScanConfigScheduleArgs: The schedule of the ScanConfig Structure is documented below.
StartingUrls []string: The starting URLs from which the scanner finds site pages.
TargetPlatforms []string: Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default. Each value may be one of: APP_ENGINE, COMPUTE.
UserAgent string: Type of the user agents used for scanning Default value is CHROME_LINUX. Possible values are: USER_AGENT_UNSPECIFIED, CHROME_LINUX, CHROME_ANDROID, SAFARI_IPHONE.

authentication SecurityScanConfigAuthentication: The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.
blacklistPatterns List<String>: The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urls
displayName String: The user provider display name of the ScanConfig.
exportToSecurityCommandCenter String: Controls export of scan configurations and results to Cloud Security Command Center. Default value is ENABLED. Possible values are: ENABLED, DISABLED.
maxQps Integer: The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. Defaults to 15.
name String: A server defined name for this index. Format: projects/{{project}}/scanConfigs/{{server_generated_id}}
project String: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
schedule SecurityScanConfigSchedule: The schedule of the ScanConfig Structure is documented below.
startingUrls List<String>: The starting URLs from which the scanner finds site pages.
targetPlatforms List<String>: Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default. Each value may be one of: APP_ENGINE, COMPUTE.
userAgent String: Type of the user agents used for scanning Default value is CHROME_LINUX. Possible values are: USER_AGENT_UNSPECIFIED, CHROME_LINUX, CHROME_ANDROID, SAFARI_IPHONE.

authentication SecurityScanConfigAuthentication: The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.
blacklistPatterns string[]: The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urls
displayName string: The user provider display name of the ScanConfig.
exportToSecurityCommandCenter string: Controls export of scan configurations and results to Cloud Security Command Center. Default value is ENABLED. Possible values are: ENABLED, DISABLED.
maxQps number: The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. Defaults to 15.
name string: A server defined name for this index. Format: projects/{{project}}/scanConfigs/{{server_generated_id}}
project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
schedule SecurityScanConfigSchedule: The schedule of the ScanConfig Structure is documented below.
startingUrls string[]: The starting URLs from which the scanner finds site pages.
targetPlatforms string[]: Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default. Each value may be one of: APP_ENGINE, COMPUTE.
userAgent string: Type of the user agents used for scanning Default value is CHROME_LINUX. Possible values are: USER_AGENT_UNSPECIFIED, CHROME_LINUX, CHROME_ANDROID, SAFARI_IPHONE.

authentication SecurityScanConfigAuthenticationArgs: The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.
blacklist_patterns Sequence[str]: The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urls
display_name str: The user provider display name of the ScanConfig.
export_to_security_command_center str: Controls export of scan configurations and results to Cloud Security Command Center. Default value is ENABLED. Possible values are: ENABLED, DISABLED.
max_qps int: The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. Defaults to 15.
name str: A server defined name for this index. Format: projects/{{project}}/scanConfigs/{{server_generated_id}}
project str: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
schedule SecurityScanConfigScheduleArgs: The schedule of the ScanConfig Structure is documented below.
starting_urls Sequence[str]: The starting URLs from which the scanner finds site pages.
target_platforms Sequence[str]: Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default. Each value may be one of: APP_ENGINE, COMPUTE.
user_agent str: Type of the user agents used for scanning Default value is CHROME_LINUX. Possible values are: USER_AGENT_UNSPECIFIED, CHROME_LINUX, CHROME_ANDROID, SAFARI_IPHONE.

authentication Property Map: The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.
blacklistPatterns List<String>: The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urls
displayName String: The user provider display name of the ScanConfig.
exportToSecurityCommandCenter String: Controls export of scan configurations and results to Cloud Security Command Center. Default value is ENABLED. Possible values are: ENABLED, DISABLED.
maxQps Number: The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. Defaults to 15.
name String: A server defined name for this index. Format: projects/{{project}}/scanConfigs/{{server_generated_id}}
project String: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
schedule Property Map: The schedule of the ScanConfig Structure is documented below.
startingUrls List<String>: The starting URLs from which the scanner finds site pages.
targetPlatforms List<String>: Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default. Each value may be one of: APP_ENGINE, COMPUTE.
userAgent String: Type of the user agents used for scanning Default value is CHROME_LINUX. Possible values are: USER_AGENT_UNSPECIFIED, CHROME_LINUX, CHROME_ANDROID, SAFARI_IPHONE.

Supporting Types

SecurityScanConfigAuthentication, SecurityScanConfigAuthenticationArgs

CustomAccount SecurityScanConfigAuthenticationCustomAccount: Describes authentication configuration that uses a custom account. Structure is documented below.
GoogleAccount SecurityScanConfigAuthenticationGoogleAccount: Describes authentication configuration that uses a Google account. Structure is documented below.

CustomAccount SecurityScanConfigAuthenticationCustomAccount: Describes authentication configuration that uses a custom account. Structure is documented below.
GoogleAccount SecurityScanConfigAuthenticationGoogleAccount: Describes authentication configuration that uses a Google account. Structure is documented below.

customAccount SecurityScanConfigAuthenticationCustomAccount: Describes authentication configuration that uses a custom account. Structure is documented below.
googleAccount SecurityScanConfigAuthenticationGoogleAccount: Describes authentication configuration that uses a Google account. Structure is documented below.

customAccount SecurityScanConfigAuthenticationCustomAccount: Describes authentication configuration that uses a custom account. Structure is documented below.
googleAccount SecurityScanConfigAuthenticationGoogleAccount: Describes authentication configuration that uses a Google account. Structure is documented below.

custom_account SecurityScanConfigAuthenticationCustomAccount: Describes authentication configuration that uses a custom account. Structure is documented below.
google_account SecurityScanConfigAuthenticationGoogleAccount: Describes authentication configuration that uses a Google account. Structure is documented below.

customAccount Property Map: Describes authentication configuration that uses a custom account. Structure is documented below.
googleAccount Property Map: Describes authentication configuration that uses a Google account. Structure is documented below.

SecurityScanConfigAuthenticationCustomAccount, SecurityScanConfigAuthenticationCustomAccountArgs

LoginUrl string: The login form URL of the website.
Password string: The password of the custom account. The credential is stored encrypted in GCP. Note: This property is sensitive and will not be displayed in the plan.
Username string: The user name of the custom account.

LoginUrl string: The login form URL of the website.
Password string: The password of the custom account. The credential is stored encrypted in GCP. Note: This property is sensitive and will not be displayed in the plan.
Username string: The user name of the custom account.

loginUrl String: The login form URL of the website.
password String: The password of the custom account. The credential is stored encrypted in GCP. Note: This property is sensitive and will not be displayed in the plan.
username String: The user name of the custom account.

loginUrl string: The login form URL of the website.
password string: The password of the custom account. The credential is stored encrypted in GCP. Note: This property is sensitive and will not be displayed in the plan.
username string: The user name of the custom account.

login_url str: The login form URL of the website.
password str: The password of the custom account. The credential is stored encrypted in GCP. Note: This property is sensitive and will not be displayed in the plan.
username str: The user name of the custom account.

loginUrl String: The login form URL of the website.
password String: The password of the custom account. The credential is stored encrypted in GCP. Note: This property is sensitive and will not be displayed in the plan.
username String: The user name of the custom account.

SecurityScanConfigAuthenticationGoogleAccount, SecurityScanConfigAuthenticationGoogleAccountArgs

Password string: The password of the Google account. The credential is stored encrypted in GCP. Note: This property is sensitive and will not be displayed in the plan.
Username string: The user name of the Google account.

Password string: The password of the Google account. The credential is stored encrypted in GCP. Note: This property is sensitive and will not be displayed in the plan.
Username string: The user name of the Google account.

password String: The password of the Google account. The credential is stored encrypted in GCP. Note: This property is sensitive and will not be displayed in the plan.
username String: The user name of the Google account.

password string: The password of the Google account. The credential is stored encrypted in GCP. Note: This property is sensitive and will not be displayed in the plan.
username string: The user name of the Google account.

password str: The password of the Google account. The credential is stored encrypted in GCP. Note: This property is sensitive and will not be displayed in the plan.
username str: The user name of the Google account.

password String: The password of the Google account. The credential is stored encrypted in GCP. Note: This property is sensitive and will not be displayed in the plan.
username String: The user name of the Google account.

SecurityScanConfigSchedule, SecurityScanConfigScheduleArgs

IntervalDurationDays int: The duration of time between executions in days
ScheduleTime string: A timestamp indicates when the next run will be scheduled. The value is refreshed by the server after each run. If unspecified, it will default to current server time, which means the scan will be scheduled to start immediately.

IntervalDurationDays int: The duration of time between executions in days
ScheduleTime string: A timestamp indicates when the next run will be scheduled. The value is refreshed by the server after each run. If unspecified, it will default to current server time, which means the scan will be scheduled to start immediately.

intervalDurationDays Integer: The duration of time between executions in days
scheduleTime String: A timestamp indicates when the next run will be scheduled. The value is refreshed by the server after each run. If unspecified, it will default to current server time, which means the scan will be scheduled to start immediately.

intervalDurationDays number: The duration of time between executions in days
scheduleTime string: A timestamp indicates when the next run will be scheduled. The value is refreshed by the server after each run. If unspecified, it will default to current server time, which means the scan will be scheduled to start immediately.

interval_duration_days int: The duration of time between executions in days
schedule_time str: A timestamp indicates when the next run will be scheduled. The value is refreshed by the server after each run. If unspecified, it will default to current server time, which means the scan will be scheduled to start immediately.

intervalDurationDays Number: The duration of time between executions in days
scheduleTime String: A timestamp indicates when the next run will be scheduled. The value is refreshed by the server after each run. If unspecified, it will default to current server time, which means the scan will be scheduled to start immediately.

Import

ScanConfig can be imported using any of these accepted formats:

{{project}}/{{name}}
{{project}} {{name}}
{{name}}

When using the pulumi import command, ScanConfig can be imported using one of the formats above. For example:

$ pulumi import gcp:compute/securityScanConfig:SecurityScanConfig default {{project}}/{{name}}

$ pulumi import gcp:compute/securityScanConfig:SecurityScanConfig default "{{project}} {{name}}"

$ pulumi import gcp:compute/securityScanConfig:SecurityScanConfig default {{name}}

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Google Cloud (GCP) Classic pulumi/pulumi-gcp
License: Apache-2.0
Notes: This Pulumi package is based on the google-beta Terraform Provider.

Google Cloud v8.21.0 published on Wednesday, Mar 5, 2025 by Pulumi

pulumi/pulumi-gcp

gcp.compute.SecurityScanConfig

On this page

On this page

Example Usage

Scan Config Basic

Create SecurityScanConfig Resource

Constructor syntax

Parameters

Constructor example

SecurityScanConfig Resource Properties

Inputs

Outputs

Look up Existing SecurityScanConfig Resource

Supporting Types

SecurityScanConfigAuthentication, SecurityScanConfigAuthenticationArgs

SecurityScanConfigAuthenticationCustomAccount, SecurityScanConfigAuthenticationCustomAccountArgs

SecurityScanConfigAuthenticationGoogleAccount, SecurityScanConfigAuthenticationGoogleAccountArgs

SecurityScanConfigSchedule, SecurityScanConfigScheduleArgs

Import

Package Details

On this page

On this page