Google Cloud Security Scanner Scan Config
This page shows how to write Terraform for Cloud Security Scanner Scan Config and write them securely.
google_security_scanner_scan_config (Terraform)
The Scan Config in Cloud Security Scanner can be configured in Terraform with the resource name google_security_scanner_scan_config
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
The following arguments are supported:
display_name
- (Required) The user provider display name of the ScanConfig.starting_urls
- (Required) The starting URLs from which the scanner finds site pages.
max_qps
- (Optional) The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. Defaults to 15.authentication
- (Optional) The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.user_agent
- (Optional) Type of the user agents used for scanning Default value isCHROME_LINUX
. Possible values areUSER_AGENT_UNSPECIFIED
,CHROME_LINUX
,CHROME_ANDROID
, andSAFARI_IPHONE
.blacklist_patterns
- (Optional) The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urlsschedule
- (Optional) The schedule of the ScanConfig Structure is documented below.target_platforms
- (Optional) Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default. Each value may be one ofAPP_ENGINE
andCOMPUTE
.export_to_security_command_center
- (Optional) Controls export of scan configurations and results to Cloud Security Command Center. Default value isENABLED
. Possible values areENABLED
andDISABLED
.project
- (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
The authentication
block supports:
google_account
- (Optional) Describes authentication configuration that uses a Google account. Structure is documented below.custom_account
- (Optional) Describes authentication configuration that uses a custom account. Structure is documented below.
The google_account
block supports:
username
- (Required) The user name of the Google account.password
- (Required) The password of the Google account. The credential is stored encrypted in GCP. Note: This property is sensitive and will not be displayed in the plan.
The custom_account
block supports:
username
- (Required) The user name of the custom account.password
- (Required) The password of the custom account. The credential is stored encrypted in GCP. Note: This property is sensitive and will not be displayed in the plan.login_url
- (Required) The login form URL of the website.
The schedule
block supports:
schedule_time
- (Optional) A timestamp indicates when the next run will be scheduled. The value is refreshed by the server after each run. If unspecified, it will default to current server time, which means the scan will be scheduled to start immediately.interval_duration_days
- (Required) The duration of time between executions in days
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format[[name]]
name
- A server defined name for this index. Format:projects/[[project]]/scanConfigs/[[server_generated_id]]
Explanation in Terraform Registry
A ScanConfig resource contains the configurations to launch a scan.
Warning: This resource is in beta, and should be used with the terraform-provider-google-beta provider. See Provider Versions for more details on beta resources. To get more information about ScanConfig, see:
- API documentation
- How-to Guides
- Using Cloud Security Scanner
Warning: All arguments including
authentication.google_account.password
andauthentication.custom_account.password
will be stored in the raw state as plain-text. Read more about sensitive data in state.