The ALIYUN::CR::ScanRule type creates a scan rule or a content analysis rule.
Syntax
{
"Type": "ALIYUN::CR::ScanRule",
"Properties": {
"InstanceId": String,
"RepoTagFilterPattern": String,
"RuleName": String,
"ScanType": String,
"ScanScope": String,
"TriggerType": String,
"Namespaces": List,
"RepoNames": List
}
}Properties
|
Parameter |
Type |
Required |
Updatable |
Description |
Constraints |
|
InstanceId |
String |
Yes |
No |
The ID of the ACR instance. |
None |
|
RepoTagFilterPattern |
String |
Yes |
Yes |
The regular expression that matches tags to trigger scans. |
None |
|
RuleName |
String |
Yes |
Yes |
The name of the scan rule. |
None |
|
ScanScope |
String |
Yes |
Yes |
The scan scope. |
Valid values:
|
|
ScanType |
String |
Yes |
No |
The scan type. |
Valid values:
|
|
TriggerType |
String |
Yes |
Yes |
The trigger type. |
Valid values:
|
|
Namespaces |
List |
No |
Yes |
The list of namespaces. |
This parameter is required when ScanScope is set to NAMESPACE. If ScanScope is set to REPO, this parameter must be a list that contains a single namespace. |
|
RepoNames |
List |
No |
Yes |
The list of repositories. |
This parameter is required when ScanScope is set to REPO. It must be empty when ScanScope is set to NAMESPACE or INSTANCE. |
Return values
Fn::GetAtt
-
RepoTagFilterPattern: The regular expression that matches tags to trigger scans.
-
ScanType: The scan type.
-
TriggerType: The trigger type.
-
ScanScope: The scan scope.
-
Namespaces: The list of namespaces.
-
ScanRuleId: The ID of the scan rule.
-
InstanceId: The ID of the ACR instance.
-
CreateTime: The time when the scan rule was created.
-
UpdateTime: The time when the scan rule was last updated.
-
RepoNames: The list of repositories.
-
RuleName: The name of the scan rule.
Examples
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
RepoTagFilterPattern:
Type: String
Description:
en: The regular expression that matches tags to trigger scans.
zh: 触发扫描的标签匹配正则表达式。
Required: true
ScanType:
Type: String
Description:
en: |-
The scan type. Valid values:
* VUL: Cloud Security Scanner.
* SBOM: content analysis.
zh: 扫描类型。取值范围:* VUL:产品云安全扫描器。* SBOM:产品内容分析。
Required: true
ScanScope:
Type: String
Description:
en: |-
The scan scope. Valid values:
* NAMESPACE: namespace.
* REPO: repository.
* INSTANCE: CR instance.
zh: 扫描范围。取值范围:NAMESPACE:命名空间。REPO:仓库。INSTANCE:CR实例。
AllowedValues:
- NAMESPACE
- REPO
- INSTANCE
Required: true
Namespaces:
AssociationPropertyMetadata:
Parameter:
Type: String
Description:
en: The name of the namespace.
zh: 命名空间名称。
Required: false
AssociationProperty: List[Parameter]
Type: Json
Description:
en: |-
The list of namespaces to scan.
* Required if ScanScope is set to NAMESPACE.
* If ScanScope is set to REPO, this parameter must be a list containing a single namespace.
zh: 命名空间列表。* 当扫描范围为NAMESPACE时,此参数不能为空。* 如果扫描范围为REPO,必须为此参数指定唯一的命名空间。
Required: false
TriggerType:
Type: String
Description:
en: |-
The trigger type. Valid values:
* AUTO: Triggers scans automatically.
* MANUAL: Triggers scans only when manually invoked.
zh: 触发类型。取值范围:* AUTO:自动触发。* MANUAL:手动触发。
AllowedValues:
- MANUAL
- AUTO
Required: true
InstanceId:
Type: String
Description:
en: The ID of the ACR instance.
zh: ACR实例ID。
Required: true
RuleName:
Type: String
Description:
en: The name of the scan rule.
zh: 扫描规则名称。
Required: true
Resources:
ExtensionResource:
Type: ALIYUN::CR::ScanRule
Properties:
RepoTagFilterPattern:
Ref: RepoTagFilterPattern
ScanType:
Ref: ScanType
ScanScope:
Ref: ScanScope
Namespaces:
Ref: Namespaces
TriggerType:
Ref: TriggerType
InstanceId:
Ref: InstanceId
RuleName:
Ref: RuleName
Outputs:
RepoTagFilterPattern:
Description:
en: The regular expression that matches tags to trigger scans.
zh: 触发扫描的标签匹配正则表达式。
Value:
Fn::GetAtt:
- ExtensionResource
- RepoTagFilterPattern
ScanType:
Description:
en: The scan type.
zh: 扫描类型。
Value:
Fn::GetAtt:
- ExtensionResource
- ScanType
TriggerType:
Description:
en: The trigger type.
zh: 触发类型。
Value:
Fn::GetAtt:
- ExtensionResource
- TriggerType
ScanScope:
Description:
en: The scan scope.
zh: 扫描范围。
Value:
Fn::GetAtt:
- ExtensionResource
- ScanScope
Namespaces:
Description:
en: The list of namespaces.
zh: 命名空间列表。
Value:
Fn::GetAtt:
- ExtensionResource
- Namespaces
ScanRuleId:
Description:
en: The ID of the scan rule.
zh: 扫描规则的ID。
Value:
Fn::GetAtt:
- ExtensionResource
- ScanRuleId
InstanceId:
Description:
en: The ID of the ACR instance.
zh: ACR实例ID。
Value:
Fn::GetAtt:
- ExtensionResource
- InstanceId
CreateTime:
Description:
en: The time when the scan rule was created.
zh: 扫描规则的创建时间。
Value:
Fn::GetAtt:
- ExtensionResource
- CreateTime
UpdateTime:
Description:
en: The time when the scan rule was last updated.
zh: 扫描规则的变更时间。
Value:
Fn::GetAtt:
- ExtensionResource
- UpdateTime
RepoNames:
Description:
en: The list of repositories.
zh: 仓库列表。
Value:
Fn::GetAtt:
- ExtensionResource
- RepoNames
RuleName:
Description:
en: The name of the scan rule.
zh: 扫描规则名称。
Value:
Fn::GetAtt:
- ExtensionResource
- RuleName
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"RepoTagFilterPattern": {
"Type": "String",
"Description": {
"en": "The regular expression that matches tags to trigger scans.",
"zh": "触发扫描的标签匹配正则表达式。"
},
"Required": true
},
"ScanType": {
"Type": "String",
"Description": {
"en": "The scan type. Valid values: \n* VUL: Cloud Security Scanner.\n* SBOM: content analysis.",
"zh": "扫描类型。取值范围:* VUL:产品云安全扫描器。* SBOM:产品内容分析。"
},
"Required": true
},
"ScanScope": {
"Type": "String",
"Description": {
"en": "The scan scope. Valid values:\n* NAMESPACE: namespace.\n* REPO: repository.\n* INSTANCE: CR instance.",
"zh": "扫描范围。取值范围:NAMESPACE:命名空间。REPO:仓库。INSTANCE:CR实例。"
},
"AllowedValues": [
"NAMESPACE",
"REPO",
"INSTANCE"
],
"Required": true
},
"Namespaces": {
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "String",
"Description": {
"en": "The name of the namespace.",
"zh": "命名空间名称。"
},
"Required": false
}
},
"AssociationProperty": "List[Parameter]",
"Type": "Json",
"Description": {
"en": "The list of namespaces to scan.\n* Required if ScanScope is set to NAMESPACE.\n* If ScanScope is set to REPO, this parameter must be a list containing a single namespace.",
"zh": "命名空间列表。* 当扫描范围为NAMESPACE时,此参数不能为空。* 如果扫描范围为REPO,必须为此参数指定唯一的命名空间。"
},
"Required": false
},
"TriggerType": {
"Type": "String",
"Description": {
"en": "The trigger type. Valid values:\n* AUTO: Triggers scans automatically.\n* MANUAL: Triggers scans only when manually invoked.",
"zh": "触发类型。取值范围:* AUTO:自动触发。* MANUAL:手动触发。"
},
"AllowedValues": [
"MANUAL",
"AUTO"
],
"Required": true
},
"InstanceId": {
"Type": "String",
"Description": {
"en": "The ID of the ACR instance.",
"zh": "ACR实例ID。"
},
"Required": true
},
"RuleName": {
"Type": "String",
"Description": {
"en": "The name of the scan rule.",
"zh": "扫描规则名称。"
},
"Required": true
}
},
"Resources": {
"ExtensionResource": {
"Type": "ALIYUN::CR::ScanRule",
"Properties": {
"RepoTagFilterPattern": {
"Ref": "RepoTagFilterPattern"
},
"ScanType": {
"Ref": "ScanType"
},
"ScanScope": {
"Ref": "ScanScope"
},
"Namespaces": {
"Ref": "Namespaces"
},
"TriggerType": {
"Ref": "TriggerType"
},
"InstanceId": {
"Ref": "InstanceId"
},
"RuleName": {
"Ref": "RuleName"
}
}
}
},
"Outputs": {
"RepoTagFilterPattern": {
"Description": {
"en": "The regular expression that matches tags to trigger scans.",
"zh": "触发扫描的标签匹配正则表达式。"
},
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"RepoTagFilterPattern"
]
}
},
"ScanType": {
"Description": {
"en": "The scan type.",
"zh": "扫描类型。"
},
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"ScanType"
]
}
},
"TriggerType": {
"Description": {
"en": "The trigger type.",
"zh": "触发类型。"
},
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"TriggerType"
]
}
},
"ScanScope": {
"Description": {
"en": "The scan scope.",
"zh": "扫描范围。"
},
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"ScanScope"
]
}
},
"Namespaces": {
"Description": {
"en": "The list of namespaces.",
"zh": "命名空间列表。"
},
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"Namespaces"
]
}
},
"ScanRuleId": {
"Description": {
"en": "The ID of the scan rule.",
"zh": "扫描规则的ID。"
},
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"ScanRuleId"
]
}
},
"InstanceId": {
"Description": {
"en": "The ID of the ACR instance.",
"zh": "ACR实例ID。"
},
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"InstanceId"
]
}
},
"CreateTime": {
"Description": {
"en": "The time when the scan rule was created.",
"zh": "扫描规则的创建时间。"
},
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"CreateTime"
]
}
},
"UpdateTime": {
"Description": {
"en": "The time when the scan rule was last updated.",
"zh": "扫描规则的变更时间。"
},
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"UpdateTime"
]
}
},
"RepoNames": {
"Description": {
"en": "The list of repositories.",
"zh": "仓库列表。"
},
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"RepoNames"
]
}
},
"RuleName": {
"Description": {
"en": "The name of the scan rule.",
"zh": "扫描规则名称。"
},
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"RuleName"
]
}
}
}
}