Docs Home
sysdig 1.56.1 published on Thursday, May 8, 2025 by sysdiglabs
sysdig.SecureScanningPolicyAssignment
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as sysdig from "@pulumi/sysdig";
const assignmentExample = new sysdig.SecureScanningPolicyAssignment("assignmentExample", {items: [
{
name: "myassignment1",
image: {
type: "tag",
value: "latest",
},
registry: "docker.io",
repository: "example",
policyIds: ["default"],
},
{
name: "",
image: {
type: "tag",
value: "latest",
},
registry: "*",
repository: "*",
policyIds: [sysdig_secure_scanning_policy.scanning_policy_example.id],
whitelistIds: [],
},
{
name: "default",
image: {
type: "tag",
value: "*",
},
registry: "*",
repository: "*",
policyIds: [
sysdig_secure_scanning_policy.scanning_policy_example.id,
"default",
],
},
]});
import pulumi
import pulumi_sysdig as sysdig
assignment_example = sysdig.SecureScanningPolicyAssignment("assignmentExample", items=[
{
"name": "myassignment1",
"image": {
"type": "tag",
"value": "latest",
},
"registry": "docker.io",
"repository": "example",
"policy_ids": ["default"],
},
{
"name": "",
"image": {
"type": "tag",
"value": "latest",
},
"registry": "*",
"repository": "*",
"policy_ids": [sysdig_secure_scanning_policy["scanning_policy_example"]["id"]],
"whitelist_ids": [],
},
{
"name": "default",
"image": {
"type": "tag",
"value": "*",
},
"registry": "*",
"repository": "*",
"policy_ids": [
sysdig_secure_scanning_policy["scanning_policy_example"]["id"],
"default",
],
},
])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/sysdig/sysdig"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sysdig.NewSecureScanningPolicyAssignment(ctx, "assignmentExample", &sysdig.SecureScanningPolicyAssignmentArgs{
Items: sysdig.SecureScanningPolicyAssignmentItemArray{
&sysdig.SecureScanningPolicyAssignmentItemArgs{
Name: pulumi.String("myassignment1"),
Image: &sysdig.SecureScanningPolicyAssignmentItemImageArgs{
Type: pulumi.String("tag"),
Value: pulumi.String("latest"),
},
Registry: pulumi.String("docker.io"),
Repository: pulumi.String("example"),
PolicyIds: pulumi.StringArray{
pulumi.String("default"),
},
},
&sysdig.SecureScanningPolicyAssignmentItemArgs{
Name: pulumi.String(""),
Image: &sysdig.SecureScanningPolicyAssignmentItemImageArgs{
Type: pulumi.String("tag"),
Value: pulumi.String("latest"),
},
Registry: pulumi.String("*"),
Repository: pulumi.String("*"),
PolicyIds: pulumi.StringArray{
sysdig_secure_scanning_policy.Scanning_policy_example.Id,
},
WhitelistIds: pulumi.StringArray{},
},
&sysdig.SecureScanningPolicyAssignmentItemArgs{
Name: pulumi.String("default"),
Image: &sysdig.SecureScanningPolicyAssignmentItemImageArgs{
Type: pulumi.String("tag"),
Value: pulumi.String("*"),
},
Registry: pulumi.String("*"),
Repository: pulumi.String("*"),
PolicyIds: pulumi.StringArray{
sysdig_secure_scanning_policy.Scanning_policy_example.Id,
pulumi.String("default"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sysdig = Pulumi.Sysdig;
return await Deployment.RunAsync(() =>
{
var assignmentExample = new Sysdig.SecureScanningPolicyAssignment("assignmentExample", new()
{
Items = new[]
{
new Sysdig.Inputs.SecureScanningPolicyAssignmentItemArgs
{
Name = "myassignment1",
Image = new Sysdig.Inputs.SecureScanningPolicyAssignmentItemImageArgs
{
Type = "tag",
Value = "latest",
},
Registry = "docker.io",
Repository = "example",
PolicyIds = new[]
{
"default",
},
},
new Sysdig.Inputs.SecureScanningPolicyAssignmentItemArgs
{
Name = "",
Image = new Sysdig.Inputs.SecureScanningPolicyAssignmentItemImageArgs
{
Type = "tag",
Value = "latest",
},
Registry = "*",
Repository = "*",
PolicyIds = new[]
{
sysdig_secure_scanning_policy.Scanning_policy_example.Id,
},
WhitelistIds = new() { },
},
new Sysdig.Inputs.SecureScanningPolicyAssignmentItemArgs
{
Name = "default",
Image = new Sysdig.Inputs.SecureScanningPolicyAssignmentItemImageArgs
{
Type = "tag",
Value = "*",
},
Registry = "*",
Repository = "*",
PolicyIds = new[]
{
sysdig_secure_scanning_policy.Scanning_policy_example.Id,
"default",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sysdig.SecureScanningPolicyAssignment;
import com.pulumi.sysdig.SecureScanningPolicyAssignmentArgs;
import com.pulumi.sysdig.inputs.SecureScanningPolicyAssignmentItemArgs;
import com.pulumi.sysdig.inputs.SecureScanningPolicyAssignmentItemImageArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var assignmentExample = new SecureScanningPolicyAssignment("assignmentExample", SecureScanningPolicyAssignmentArgs.builder()
.items(
SecureScanningPolicyAssignmentItemArgs.builder()
.name("myassignment1")
.image(SecureScanningPolicyAssignmentItemImageArgs.builder()
.type("tag")
.value("latest")
.build())
.registry("docker.io")
.repository("example")
.policyIds("default")
.build(),
SecureScanningPolicyAssignmentItemArgs.builder()
.name("")
.image(SecureScanningPolicyAssignmentItemImageArgs.builder()
.type("tag")
.value("latest")
.build())
.registry("*")
.repository("*")
.policyIds(sysdig_secure_scanning_policy.scanning_policy_example().id())
.whitelistIds()
.build(),
SecureScanningPolicyAssignmentItemArgs.builder()
.name("default")
.image(SecureScanningPolicyAssignmentItemImageArgs.builder()
.type("tag")
.value("*")
.build())
.registry("*")
.repository("*")
.policyIds(
sysdig_secure_scanning_policy.scanning_policy_example().id(),
"default")
.build())
.build());
}
}
resources:
assignmentExample:
type: sysdig:SecureScanningPolicyAssignment
properties:
items:
- name: myassignment1
image:
type: tag
value: latest
registry: docker.io
repository: example
policyIds:
- default
- name: ""
image:
type: tag
value: latest
registry: '*'
repository: '*'
policyIds:
- ${sysdig_secure_scanning_policy.scanning_policy_example.id}
whitelistIds: []
- name: default
image:
type: tag
value: '*'
registry: '*'
repository: '*'
policyIds:
- ${sysdig_secure_scanning_policy.scanning_policy_example.id}
- default
Items block
name- (Optional) The name of the Secure scanning policy assignment.registry- (Required) Any registry domain (e.g. quay.io). Wildcards are supported; an asterisk * specifies any registry.repository- (Required) Any repository (typically = name of the image). Wildcards are supported; an asterisk * specifies any repository.image- (Required) Block to define the image tag.policy_ids- (Required) Scanning policy IDs assigned to the given Registry/Repository:tag. At least 1 required.whitelist_ids- (Optional) List of vulnerability exception list associated with the assignment.
Image block
type- equal always to “tag”value- Image tag, any tag. Wildcards are supported; an asterisk * specifies any tag.
Create SecureScanningPolicyAssignment Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecureScanningPolicyAssignment(name: string, args: SecureScanningPolicyAssignmentArgs, opts?: CustomResourceOptions);@overload
def SecureScanningPolicyAssignment(resource_name: str,
args: SecureScanningPolicyAssignmentArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SecureScanningPolicyAssignment(resource_name: str,
opts: Optional[ResourceOptions] = None,
items: Optional[Sequence[SecureScanningPolicyAssignmentItemArgs]] = None,
policy_bundle_id: Optional[str] = None,
secure_scanning_policy_assignment_id: Optional[str] = None,
timeouts: Optional[SecureScanningPolicyAssignmentTimeoutsArgs] = None)func NewSecureScanningPolicyAssignment(ctx *Context, name string, args SecureScanningPolicyAssignmentArgs, opts ...ResourceOption) (*SecureScanningPolicyAssignment, error)public SecureScanningPolicyAssignment(string name, SecureScanningPolicyAssignmentArgs args, CustomResourceOptions? opts = null)
public SecureScanningPolicyAssignment(String name, SecureScanningPolicyAssignmentArgs args)
public SecureScanningPolicyAssignment(String name, SecureScanningPolicyAssignmentArgs args, CustomResourceOptions options)
type: sysdig:SecureScanningPolicyAssignment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecureScanningPolicyAssignmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecureScanningPolicyAssignmentArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecureScanningPolicyAssignmentArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecureScanningPolicyAssignmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecureScanningPolicyAssignmentArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var secureScanningPolicyAssignmentResource = new Sysdig.SecureScanningPolicyAssignment("secureScanningPolicyAssignmentResource", new()
{
Items = new[]
{
new Sysdig.Inputs.SecureScanningPolicyAssignmentItemArgs
{
Image = new Sysdig.Inputs.SecureScanningPolicyAssignmentItemImageArgs
{
Value = "string",
Type = "string",
},
PolicyIds = new[]
{
"string",
},
Registry = "string",
Repository = "string",
Id = "string",
Name = "string",
WhitelistIds = new[]
{
"string",
},
},
},
PolicyBundleId = "string",
SecureScanningPolicyAssignmentId = "string",
Timeouts = new Sysdig.Inputs.SecureScanningPolicyAssignmentTimeoutsArgs
{
Create = "string",
Delete = "string",
Read = "string",
Update = "string",
},
});
example, err := sysdig.NewSecureScanningPolicyAssignment(ctx, "secureScanningPolicyAssignmentResource", &sysdig.SecureScanningPolicyAssignmentArgs{
Items: sysdig.SecureScanningPolicyAssignmentItemArray{
&sysdig.SecureScanningPolicyAssignmentItemArgs{
Image: &sysdig.SecureScanningPolicyAssignmentItemImageArgs{
Value: pulumi.String("string"),
Type: pulumi.String("string"),
},
PolicyIds: pulumi.StringArray{
pulumi.String("string"),
},
Registry: pulumi.String("string"),
Repository: pulumi.String("string"),
Id: pulumi.String("string"),
Name: pulumi.String("string"),
WhitelistIds: pulumi.StringArray{
pulumi.String("string"),
},
},
},
PolicyBundleId: pulumi.String("string"),
SecureScanningPolicyAssignmentId: pulumi.String("string"),
Timeouts: &sysdig.SecureScanningPolicyAssignmentTimeoutsArgs{
Create: pulumi.String("string"),
Delete: pulumi.String("string"),
Read: pulumi.String("string"),
Update: pulumi.String("string"),
},
})
var secureScanningPolicyAssignmentResource = new SecureScanningPolicyAssignment("secureScanningPolicyAssignmentResource", SecureScanningPolicyAssignmentArgs.builder()
.items(SecureScanningPolicyAssignmentItemArgs.builder()
.image(SecureScanningPolicyAssignmentItemImageArgs.builder()
.value("string")
.type("string")
.build())
.policyIds("string")
.registry("string")
.repository("string")
.id("string")
.name("string")
.whitelistIds("string")
.build())
.policyBundleId("string")
.secureScanningPolicyAssignmentId("string")
.timeouts(SecureScanningPolicyAssignmentTimeoutsArgs.builder()
.create("string")
.delete("string")
.read("string")
.update("string")
.build())
.build());
secure_scanning_policy_assignment_resource = sysdig.SecureScanningPolicyAssignment("secureScanningPolicyAssignmentResource",
items=[{
"image": {
"value": "string",
"type": "string",
},
"policy_ids": ["string"],
"registry": "string",
"repository": "string",
"id": "string",
"name": "string",
"whitelist_ids": ["string"],
}],
policy_bundle_id="string",
secure_scanning_policy_assignment_id="string",
timeouts={
"create": "string",
"delete": "string",
"read": "string",
"update": "string",
})
const secureScanningPolicyAssignmentResource = new sysdig.SecureScanningPolicyAssignment("secureScanningPolicyAssignmentResource", {
items: [{
image: {
value: "string",
type: "string",
},
policyIds: ["string"],
registry: "string",
repository: "string",
id: "string",
name: "string",
whitelistIds: ["string"],
}],
policyBundleId: "string",
secureScanningPolicyAssignmentId: "string",
timeouts: {
create: "string",
"delete": "string",
read: "string",
update: "string",
},
});
type: sysdig:SecureScanningPolicyAssignment
properties:
items:
- id: string
image:
type: string
value: string
name: string
policyIds:
- string
registry: string
repository: string
whitelistIds:
- string
policyBundleId: string
secureScanningPolicyAssignmentId: string
timeouts:
create: string
delete: string
read: string
update: string
SecureScanningPolicyAssignment Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SecureScanningPolicyAssignment resource accepts the following input properties:
- Items
List<Secure
Scanning Policy Assignment Item> - List of scanning policy assignments. Priority is defined from top to bottom with the order of the items.
- Policy
Bundle stringId - Bundle for the policy assignment. The only value accepted is "default".
- Secure
Scanning stringPolicy Assignment Id - Timeouts
Secure
Scanning Policy Assignment Timeouts
- Items
[]Secure
Scanning Policy Assignment Item Args - List of scanning policy assignments. Priority is defined from top to bottom with the order of the items.
- Policy
Bundle stringId - Bundle for the policy assignment. The only value accepted is "default".
- Secure
Scanning stringPolicy Assignment Id - Timeouts
Secure
Scanning Policy Assignment Timeouts Args
- items
List<Secure
Scanning Policy Assignment Item> - List of scanning policy assignments. Priority is defined from top to bottom with the order of the items.
- policy
Bundle StringId - Bundle for the policy assignment. The only value accepted is "default".
- secure
Scanning StringPolicy Assignment Id - timeouts
Secure
Scanning Policy Assignment Timeouts
- items
Secure
Scanning Policy Assignment Item[] - List of scanning policy assignments. Priority is defined from top to bottom with the order of the items.
- policy
Bundle stringId - Bundle for the policy assignment. The only value accepted is "default".
- secure
Scanning stringPolicy Assignment Id - timeouts
Secure
Scanning Policy Assignment Timeouts
- items
Sequence[Secure
Scanning Policy Assignment Item Args] - List of scanning policy assignments. Priority is defined from top to bottom with the order of the items.
- policy_
bundle_ strid - Bundle for the policy assignment. The only value accepted is "default".
- secure_
scanning_ strpolicy_ assignment_ id - timeouts
Secure
Scanning Policy Assignment Timeouts Args
- items List<Property Map>
- List of scanning policy assignments. Priority is defined from top to bottom with the order of the items.
- policy
Bundle StringId - Bundle for the policy assignment. The only value accepted is "default".
- secure
Scanning StringPolicy Assignment Id - timeouts Property Map
Outputs
All input properties are implicitly available as output properties. Additionally, the SecureScanningPolicyAssignment resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing SecureScanningPolicyAssignment Resource
Get an existing SecureScanningPolicyAssignment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecureScanningPolicyAssignmentState, opts?: CustomResourceOptions): SecureScanningPolicyAssignment@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
items: Optional[Sequence[SecureScanningPolicyAssignmentItemArgs]] = None,
policy_bundle_id: Optional[str] = None,
secure_scanning_policy_assignment_id: Optional[str] = None,
timeouts: Optional[SecureScanningPolicyAssignmentTimeoutsArgs] = None) -> SecureScanningPolicyAssignmentfunc GetSecureScanningPolicyAssignment(ctx *Context, name string, id IDInput, state *SecureScanningPolicyAssignmentState, opts ...ResourceOption) (*SecureScanningPolicyAssignment, error)public static SecureScanningPolicyAssignment Get(string name, Input<string> id, SecureScanningPolicyAssignmentState? state, CustomResourceOptions? opts = null)public static SecureScanningPolicyAssignment get(String name, Output<String> id, SecureScanningPolicyAssignmentState state, CustomResourceOptions options)resources: _: type: sysdig:SecureScanningPolicyAssignment get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Items
List<Secure
Scanning Policy Assignment Item> - List of scanning policy assignments. Priority is defined from top to bottom with the order of the items.
- Policy
Bundle stringId - Bundle for the policy assignment. The only value accepted is "default".
- Secure
Scanning stringPolicy Assignment Id - Timeouts
Secure
Scanning Policy Assignment Timeouts
- Items
[]Secure
Scanning Policy Assignment Item Args - List of scanning policy assignments. Priority is defined from top to bottom with the order of the items.
- Policy
Bundle stringId - Bundle for the policy assignment. The only value accepted is "default".
- Secure
Scanning stringPolicy Assignment Id - Timeouts
Secure
Scanning Policy Assignment Timeouts Args
- items
List<Secure
Scanning Policy Assignment Item> - List of scanning policy assignments. Priority is defined from top to bottom with the order of the items.
- policy
Bundle StringId - Bundle for the policy assignment. The only value accepted is "default".
- secure
Scanning StringPolicy Assignment Id - timeouts
Secure
Scanning Policy Assignment Timeouts
- items
Secure
Scanning Policy Assignment Item[] - List of scanning policy assignments. Priority is defined from top to bottom with the order of the items.
- policy
Bundle stringId - Bundle for the policy assignment. The only value accepted is "default".
- secure
Scanning stringPolicy Assignment Id - timeouts
Secure
Scanning Policy Assignment Timeouts
- items
Sequence[Secure
Scanning Policy Assignment Item Args] - List of scanning policy assignments. Priority is defined from top to bottom with the order of the items.
- policy_
bundle_ strid - Bundle for the policy assignment. The only value accepted is "default".
- secure_
scanning_ strpolicy_ assignment_ id - timeouts
Secure
Scanning Policy Assignment Timeouts Args
- items List<Property Map>
- List of scanning policy assignments. Priority is defined from top to bottom with the order of the items.
- policy
Bundle StringId - Bundle for the policy assignment. The only value accepted is "default".
- secure
Scanning StringPolicy Assignment Id - timeouts Property Map
Supporting Types
SecureScanningPolicyAssignmentItem, SecureScanningPolicyAssignmentItemArgs
- Image
Secure
Scanning Policy Assignment Item Image - Policy
Ids List<string> - Registry string
- Repository string
- Id string
- Name string
- Whitelist
Ids List<string>
- Image
Secure
Scanning Policy Assignment Item Image - Policy
Ids []string - Registry string
- Repository string
- Id string
- Name string
- Whitelist
Ids []string
- image
Secure
Scanning Policy Assignment Item Image - policy
Ids List<String> - registry String
- repository String
- id String
- name String
- whitelist
Ids List<String>
- image
Secure
Scanning Policy Assignment Item Image - policy
Ids string[] - registry string
- repository string
- id string
- name string
- whitelist
Ids string[]
- image
Secure
Scanning Policy Assignment Item Image - policy_
ids Sequence[str] - registry str
- repository str
- id str
- name str
- whitelist_
ids Sequence[str]
- image Property Map
- policy
Ids List<String> - registry String
- repository String
- id String
- name String
- whitelist
Ids List<String>
SecureScanningPolicyAssignmentItemImage, SecureScanningPolicyAssignmentItemImageArgs
SecureScanningPolicyAssignmentTimeouts, SecureScanningPolicyAssignmentTimeoutsArgs
Import
Secure scanning policies can be imported using the ID, e.g.
$ pulumi import sysdig:index/secureScanningPolicyAssignment:SecureScanningPolicyAssignment example default
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- sysdig sysdiglabs/terraform-provider-sysdig
- License
- Notes
- This Pulumi package is based on the
sysdigTerraform Provider.