» google_security_scanner_scan_config

A ScanConfig resource contains the configurations to launch a scan.

To get more information about ScanConfig, see:

» Example Usage - Scan Config Basic

resource "google_compute_address" "scanner_static_ip" {
  provider = google-beta
  name     = "scan-basic-static-ip"

resource "google_security_scanner_scan_config" "scan-config" {
  provider         = google-beta
  display_name     = "terraform-scan-config"
  starting_urls    = ["http://${google_compute_address.scanner_static_ip.address}"]
  target_platforms = ["COMPUTE"]

provider "google-beta" {
  region = "us-central1"
  zone   = "us-central1-a"

» Argument Reference

The following arguments are supported:

  • display_name - (Required) The user provider display name of the ScanConfig.

  • starting_urls - (Required) The starting URLs from which the scanner finds site pages.

  • max_qps - (Optional) The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. Defaults to 15.

  • authentication - (Optional) The authentication configuration. If specified, service will use the authentication configuration during scanning. Structure is documented below.

  • user_agent - (Optional) Type of the user agents used for scanning

  • blacklist_patterns - (Optional) The blacklist URL patterns as described in https://cloud.google.com/security-scanner/docs/excluded-urls

  • schedule - (Optional) The schedule of the ScanConfig Structure is documented below.

  • target_platforms - (Optional) Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default.

  • export_to_security_command_center - (Optional) Controls export of scan configurations and results to Cloud Security Command Center.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The authentication block supports:

  • google_account - (Optional) Describes authentication configuration that uses a Google account. Structure is documented below.

  • custom_account - (Optional) Describes authentication configuration that uses a custom account. Structure is documented below.

The google_account block supports:

  • username - (Required) The user name of the Google account.

  • password - (Required) The password of the Google account. The credential is stored encrypted in GCP.

The custom_account block supports:

  • username - (Required) The user name of the custom account.

  • password - (Required) The password of the custom account. The credential is stored encrypted in GCP.

  • login_url - (Required) The login form URL of the website.

The schedule block supports:

  • schedule_time - (Optional) A timestamp indicates when the next run will be scheduled. The value is refreshed by the server after each run. If unspecified, it will default to current server time, which means the scan will be scheduled to start immediately.

  • interval_duration_days - (Required) The duration of time between executions in days

» Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • name - A server defined name for this index. Format: projects/{{project}}/scanConfigs/{{server_generated_id}}

» Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 4 minutes.
  • update - Default is 4 minutes.
  • delete - Default is 4 minutes.

» Import

ScanConfig can be imported using any of these accepted formats:

$ terraform import -provider=google-beta google_security_scanner_scan_config.default projects/{{project}}/scanConfigs/{{name}}
$ terraform import -provider=google-beta google_security_scanner_scan_config.default {{project}}/{{name}}
$ terraform import -provider=google-beta google_security_scanner_scan_config.default {{name}}

» User Project Overrides

This resource supports User Project Overrides.