ALIYUN::CR::ScanRule类型用于创建扫描或内容分析规则。
语法
{
"Type": "ALIYUN::CR::ScanRule",
"Properties": {
"InstanceId": String,
"RepoTagFilterPattern": String,
"RuleName": String,
"ScanType": String,
"ScanScope": String,
"TriggerType": String,
"Namespaces": List,
"RepoNames": List
}
}属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
InstanceId |
String |
是 |
否 |
ACR实例ID。 |
无 |
|
RepoTagFilterPattern |
String |
是 |
是 |
触发扫描的标签匹配正则表达式。 |
无 |
|
RuleName |
String |
是 |
是 |
扫描规则名称。 |
无 |
|
ScanScope |
String |
是 |
是 |
扫描范围。 |
允许值:
|
|
ScanType |
String |
是 |
否 |
扫描类型。 |
取值范围:
|
|
TriggerType |
String |
是 |
是 |
触发类型。 |
取值范围:
|
|
Namespaces |
List |
否 |
是 |
命名空间列表。 |
当扫描范围为NAMESPACE时,此参数不能为空。如果扫描范围为REPO,必须为此参数指定唯一的命名空间。 |
|
RepoNames |
List |
否 |
是 |
仓库列表。 |
当扫描范围为NAMESPACE时,此参数必须为空。当扫描范围为REPO时,此参数不能为空。 |
返回值
Fn::GetAtt
-
RepoTagFilterPattern:触发扫描的标签匹配正则表达式。
-
ScanType:扫描类型。
-
TriggerType:触发类型。
-
ScanScope:扫描范围。
-
Namespaces:命名空间列表。
-
ScanRuleId:扫描规则的ID。
-
InstanceId:ACR实例ID。
-
CreateTime:扫描规则的创建时间。
-
UpdateTime:扫描规则的变更时间。
-
RepoNames:仓库列表。
-
RuleName:扫描规则名称。
示例
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
RepoTagFilterPattern:
Type: String
Description:
en: The tag that triggers the scan matches the regular expression.
zh: 触发扫描的标签匹配正则表达式。
Required: true
ScanType:
Type: String
Description:
en: |-
The scan type. Valid values:
* VUL: Products Cloud Security Scanner.
* SBOM: Product Content Analysis.
zh: 扫描类型。取值范围:* VUL:产品云安全扫描器。* SBOM:产品内容分析。
Required: true
ScanScope:
Type: String
Description:
en: |-
The scan scope. Valid values:
NAMESPACE: namespace.
REPO: repository.
INSTANCE: CR instance.
zh: 扫描范围。取值范围:NAMESPACE:命名空间。REPO:仓库。INSTANCE:CR实例。
AllowedValues:
- NAMESPACE
- REPO
- INSTANCE
Required: true
Namespaces:
AssociationPropertyMetadata:
Parameter:
Type: String
Description:
en: Namespace name.
zh: 命名空间名称。
Required: false
AssociationProperty: List[Parameter]
Type: Json
Description:
en: |-
The list of namespaces.
* When the scan scope is NAMESPACE, this parameter cannot be empty.
* If the scan scope is REPO, you must specify a unique Namespace for this parameter.
zh: 命名空间列表。* 当扫描范围为NAMESPACE时,此参数不能为空。* 如果扫描范围为REPO,必须为此参数指定唯一的命名空间。
Required: false
TriggerType:
Type: String
Description:
en: |-
Trigger type. Valid values:
* AUTO: automatically trigger.
* MANUAL: manually trigger.
zh: 触发类型。取值范围:* AUTO:自动触发。* MANUAL:手动触发。
AllowedValues:
- MANUAL
- AUTO
Required: true
InstanceId:
Type: String
Description:
en: ACR Instance ID.
zh: ACR实例ID。
Required: true
RuleName:
Type: String
Description:
en: The scan rule name.
zh: 扫描规则名称。
Required: true
Resources:
ExtensionResource:
Type: ALIYUN::CR::ScanRule
Properties:
RepoTagFilterPattern:
Ref: RepoTagFilterPattern
ScanType:
Ref: ScanType
ScanScope:
Ref: ScanScope
Namespaces:
Ref: Namespaces
TriggerType:
Ref: TriggerType
InstanceId:
Ref: InstanceId
RuleName:
Ref: RuleName
Outputs:
RepoTagFilterPattern:
Description:
en: The tag that triggers the scan matches the regular expression.
zh: 触发扫描的标签匹配正则表达式。
Value:
Fn::GetAtt:
- ExtensionResource
- RepoTagFilterPattern
ScanType:
Description:
en: The scan type.
zh: 扫描类型。
Value:
Fn::GetAtt:
- ExtensionResource
- ScanType
TriggerType:
Description:
en: Trigger type.
zh: 触发类型。
Value:
Fn::GetAtt:
- ExtensionResource
- TriggerType
ScanScope:
Description:
en: The scan scope.
zh: 扫描范围。
Value:
Fn::GetAtt:
- ExtensionResource
- ScanScope
Namespaces:
Description:
en: The list of namespaces.
zh: 命名空间列表。
Value:
Fn::GetAtt:
- ExtensionResource
- Namespaces
ScanRuleId:
Description:
en: The ID of the scan rule.
zh: 扫描规则的ID。
Value:
Fn::GetAtt:
- ExtensionResource
- ScanRuleId
InstanceId:
Description:
en: ACR Instance ID.
zh: ACR实例ID。
Value:
Fn::GetAtt:
- ExtensionResource
- InstanceId
CreateTime:
Description:
en: Creation time of the scan rule.
zh: 扫描规则的创建时间。
Value:
Fn::GetAtt:
- ExtensionResource
- CreateTime
UpdateTime:
Description:
en: Change time of the scan rule.
zh: 扫描规则的变更时间。
Value:
Fn::GetAtt:
- ExtensionResource
- UpdateTime
RepoNames:
Description:
en: The list of repositories.
zh: 仓库列表。
Value:
Fn::GetAtt:
- ExtensionResource
- RepoNames
RuleName:
Description:
en: The scan rule name.
zh: 扫描规则名称。
Value:
Fn::GetAtt:
- ExtensionResource
- RuleName
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"RepoTagFilterPattern": {
"Type": "String",
"Description": {
"en": "The tag that triggers the scan matches the regular expression.",
"zh": "触发扫描的标签匹配正则表达式。"
},
"Required": true
},
"ScanType": {
"Type": "String",
"Description": {
"en": "The scan type. Valid values: \n* VUL: Products Cloud Security Scanner.\n* SBOM: Product Content Analysis.",
"zh": "扫描类型。取值范围:* VUL:产品云安全扫描器。* SBOM:产品内容分析。"
},
"Required": true
},
"ScanScope": {
"Type": "String",
"Description": {
"en": "The scan scope. Valid values:\nNAMESPACE: namespace.\nREPO: repository.\nINSTANCE: CR instance.",
"zh": "扫描范围。取值范围:NAMESPACE:命名空间。REPO:仓库。INSTANCE:CR实例。"
},
"AllowedValues": [
"NAMESPACE",
"REPO",
"INSTANCE"
],
"Required": true
},
"Namespaces": {
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "String",
"Description": {
"en": "Namespace name.",
"zh": "命名空间名称。"
},
"Required": false
}
},
"AssociationProperty": "List[Parameter]",
"Type": "Json",
"Description": {
"en": "The list of namespaces.\n* When the scan scope is NAMESPACE, this parameter cannot be empty.\n* If the scan scope is REPO, you must specify a unique Namespace for this parameter.",
"zh": "命名空间列表。* 当扫描范围为NAMESPACE时,此参数不能为空。* 如果扫描范围为REPO,必须为此参数指定唯一的命名空间。"
},
"Required": false
},
"TriggerType": {
"Type": "String",
"Description": {
"en": "Trigger type. Valid values:\n* AUTO: automatically trigger.\n* MANUAL: manually trigger.",
"zh": "触发类型。取值范围:* AUTO:自动触发。* MANUAL:手动触发。"
},
"AllowedValues": [
"MANUAL",
"AUTO"
],
"Required": true
},
"InstanceId": {
"Type": "String",
"Description": {
"en": "ACR Instance ID.",
"zh": "ACR实例ID。"
},
"Required": true
},
"RuleName": {
"Type": "String",
"Description": {
"en": "The scan rule name.",
"zh": "扫描规则名称。"
},
"Required": true
}
},
"Resources": {
"ExtensionResource": {
"Type": "ALIYUN::CR::ScanRule",
"Properties": {
"RepoTagFilterPattern": {
"Ref": "RepoTagFilterPattern"
},
"ScanType": {
"Ref": "ScanType"
},
"ScanScope": {
"Ref": "ScanScope"
},
"Namespaces": {
"Ref": "Namespaces"
},
"TriggerType": {
"Ref": "TriggerType"
},
"InstanceId": {
"Ref": "InstanceId"
},
"RuleName": {
"Ref": "RuleName"
}
}
}
},
"Outputs": {
"RepoTagFilterPattern": {
"Description": {
"en": "The tag that triggers the scan matches the regular expression.",
"zh": "触发扫描的标签匹配正则表达式。"
},
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"RepoTagFilterPattern"
]
}
},
"ScanType": {
"Description": {
"en": "The scan type.",
"zh": "扫描类型。"
},
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"ScanType"
]
}
},
"TriggerType": {
"Description": {
"en": "Trigger type.",
"zh": "触发类型。"
},
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"TriggerType"
]
}
},
"ScanScope": {
"Description": {
"en": "The scan scope.",
"zh": "扫描范围。"
},
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"ScanScope"
]
}
},
"Namespaces": {
"Description": {
"en": "The list of namespaces.",
"zh": "命名空间列表。"
},
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"Namespaces"
]
}
},
"ScanRuleId": {
"Description": {
"en": "The ID of the scan rule.",
"zh": "扫描规则的ID。"
},
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"ScanRuleId"
]
}
},
"InstanceId": {
"Description": {
"en": "ACR Instance ID.",
"zh": "ACR实例ID。"
},
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"InstanceId"
]
}
},
"CreateTime": {
"Description": {
"en": "Creation time of the scan rule.",
"zh": "扫描规则的创建时间。"
},
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"CreateTime"
]
}
},
"UpdateTime": {
"Description": {
"en": "Change time of the scan rule.",
"zh": "扫描规则的变更时间。"
},
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"UpdateTime"
]
}
},
"RepoNames": {
"Description": {
"en": "The list of repositories.",
"zh": "仓库列表。"
},
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"RepoNames"
]
}
},
"RuleName": {
"Description": {
"en": "The scan rule name.",
"zh": "扫描规则名称。"
},
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"RuleName"
]
}
}
}
}
该文章对您有帮助吗?