This product is not supported for your selected Datadog site. ().

gcp_websecurityscanner_scan_config

ancestors

Type: UNORDERED_LIST_STRING

authentication

Type: STRUCT
Provider name: authentication
Description: The authentication configuration. If specified, service will use the authentication configuration during scanning.

  • custom_account
    Type: STRUCT
    Provider name: customAccount
    Description: Authentication using a custom account.
    • login_url
      Type: STRING
      Provider name: loginUrl
      Description: Required. The login form URL of the website.
    • password
      Type: STRING
      Provider name: password
      Description: Required. Input only. The password of the custom account. The credential is stored encrypted and not returned in any response nor included in audit logs.
    • username
      Type: STRING
      Provider name: username
      Description: Required. The user name of the custom account.
  • google_account
    Type: STRUCT
    Provider name: googleAccount
    Description: Authentication using a Google account.
    • password
      Type: STRING
      Provider name: password
      Description: Required. Input only. The password of the Google account. The credential is stored encrypted and not returned in any response nor included in audit logs.
    • username
      Type: STRING
      Provider name: username
      Description: Required. The user name of the Google account.
  • iap_credential
    Type: STRUCT
    Provider name: iapCredential
    Description: Authentication using Identity-Aware-Proxy (IAP).
    • iap_test_service_account_info
      Type: STRUCT
      Provider name: iapTestServiceAccountInfo
      Description: Authentication configuration when Web-Security-Scanner service account is added in Identity-Aware-Proxy (IAP) access policies.
      • target_audience_client_id
        Type: STRING
        Provider name: targetAudienceClientId
        Description: Required. Describes OAuth2 client id of resources protected by Identity-Aware-Proxy (IAP).

blacklist_patterns

Type: UNORDERED_LIST_STRING
Provider name: blacklistPatterns
Description: The excluded URL patterns as described in https://cloud.google.com/security-command-center/docs/how-to-use-web-security-scanner#excluding_urls

export_to_security_command_center

Type: STRING
Provider name: exportToSecurityCommandCenter
Description: Controls export of scan configurations and results to Security Command Center.
Possible values:

  • EXPORT_TO_SECURITY_COMMAND_CENTER_UNSPECIFIED - Use default, which is ENABLED.
  • ENABLED - Export results of this scan to Security Command Center.
  • DISABLED - Do not export results of this scan to Security Command Center.

gcp_display_name

Type: STRING
Provider name: displayName
Description: Required. The user provided display name of the ScanConfig.

ignore_http_status_errors

Type: BOOLEAN
Provider name: ignoreHttpStatusErrors
Description: Whether to keep scanning even if most requests return HTTP error codes.

labels

Type: UNORDERED_LIST_STRING

latest_run

Type: STRUCT
Provider name: latestRun

  • end_time
    Type: TIMESTAMP
    Provider name: endTime
    Description: Output only. The time at which the ScanRun reached termination state - that the ScanRun is either finished or stopped by user.
  • error_trace
    Type: STRUCT
    Provider name: errorTrace
    Description: Output only. If result_state is an ERROR, this field provides the primary reason for scan’s termination and more details, if such are available.
    • code
      Type: STRING
      Provider name: code
      Description: Output only. Indicates the error reason code.
      Possible values:
      • CODE_UNSPECIFIED - Default value is never used.
      • INTERNAL_ERROR - Indicates that the scan run failed due to an internal server error.
      • SCAN_CONFIG_ISSUE - Indicates a scan configuration error, usually due to outdated ScanConfig settings, such as starting_urls or the DNS configuration.
      • AUTHENTICATION_CONFIG_ISSUE - Indicates an authentication error, usually due to outdated ScanConfig authentication settings.
      • TIMED_OUT_WHILE_SCANNING - Indicates a scan operation timeout, usually caused by a very large site.
      • TOO_MANY_REDIRECTS - Indicates that a scan encountered excessive redirects, either to authentication or some other page outside of the scan scope.
      • TOO_MANY_HTTP_ERRORS - Indicates that a scan encountered numerous errors from the web site pages. When available, most_common_http_error_code field indicates the most common HTTP error code encountered during the scan.
      • STARTING_URLS_CRAWL_HTTP_ERRORS - Indicates that some of the starting web urls returned HTTP errors during the scan.
    • most_common_http_error_code
      Type: INT32
      Provider name: mostCommonHttpErrorCode
      Description: Output only. If the scan encounters TOO_MANY_HTTP_ERRORS, this field indicates the most common HTTP error code, if such is available. For example, if this code is 404, the scan has encountered too many NOT_FOUND responses.
    • scan_config_error
      Type: STRUCT
      Provider name: scanConfigError
      Description: Output only. If the scan encounters SCAN_CONFIG_ISSUE error, this field has the error message encountered during scan configuration validation that is performed before each scan run.
      • code
        Type: STRING
        Provider name: code
        Description: Output only. Indicates the reason code for a configuration failure.
        Possible values:
        • CODE_UNSPECIFIED - There is no error.
        • OK - There is no error.
        • INTERNAL_ERROR - Indicates an internal server error. Please DO NOT USE THIS ERROR CODE unless the root cause is truly unknown.
        • APPENGINE_API_BACKEND_ERROR - One of the seed URLs is an App Engine URL but we cannot validate the scan settings due to an App Engine API backend error.
        • APPENGINE_API_NOT_ACCESSIBLE - One of the seed URLs is an App Engine URL but we cannot access the App Engine API to validate scan settings.
        • APPENGINE_DEFAULT_HOST_MISSING - One of the seed URLs is an App Engine URL but the Default Host of the App Engine is not set.
        • CANNOT_USE_GOOGLE_COM_ACCOUNT - Google corporate accounts can not be used for scanning.
        • CANNOT_USE_OWNER_ACCOUNT - The account of the scan creator can not be used for scanning.
        • COMPUTE_API_BACKEND_ERROR - This scan targets Compute Engine, but we cannot validate scan settings due to a Compute Engine API backend error.
        • COMPUTE_API_NOT_ACCESSIBLE - This scan targets Compute Engine, but we cannot access the Compute Engine API to validate the scan settings.
        • CUSTOM_LOGIN_URL_DOES_NOT_BELONG_TO_CURRENT_PROJECT - The Custom Login URL does not belong to the current project.
        • CUSTOM_LOGIN_URL_MALFORMED - The Custom Login URL is malformed (can not be parsed).
        • CUSTOM_LOGIN_URL_MAPPED_TO_NON_ROUTABLE_ADDRESS - The Custom Login URL is mapped to a non-routable IP address in DNS.
        • CUSTOM_LOGIN_URL_MAPPED_TO_UNRESERVED_ADDRESS - The Custom Login URL is mapped to an IP address which is not reserved for the current project.
        • CUSTOM_LOGIN_URL_HAS_NON_ROUTABLE_IP_ADDRESS - The Custom Login URL has a non-routable IP address.
        • CUSTOM_LOGIN_URL_HAS_UNRESERVED_IP_ADDRESS - The Custom Login URL has an IP address which is not reserved for the current project.
        • DUPLICATE_SCAN_NAME - Another scan with the same name (case-sensitive) already exists.
        • INVALID_FIELD_VALUE - A field is set to an invalid value.
        • FAILED_TO_AUTHENTICATE_TO_TARGET - There was an error trying to authenticate to the scan target.
        • FINDING_TYPE_UNSPECIFIED - Finding type value is not specified in the list findings request.
        • FORBIDDEN_TO_SCAN_COMPUTE - Scan targets Compute Engine, yet current project was not whitelisted for Google Compute Engine Scanning Alpha access.
        • FORBIDDEN_UPDATE_TO_MANAGED_SCAN - User tries to update managed scan
        • MALFORMED_FILTER - The supplied filter is malformed. For example, it can not be parsed, does not have a filter type in expression, or the same filter type appears more than once.
        • MALFORMED_RESOURCE_NAME - The supplied resource name is malformed (can not be parsed).
        • PROJECT_INACTIVE - The current project is not in an active state.
        • REQUIRED_FIELD - A required field is not set.
        • RESOURCE_NAME_INCONSISTENT - Project id, scanconfig id, scanrun id, or finding id are not consistent with each other in resource name.
        • SCAN_ALREADY_RUNNING - The scan being requested to start is already running.
        • SCAN_NOT_RUNNING - The scan that was requested to be stopped is not running.
        • SEED_URL_DOES_NOT_BELONG_TO_CURRENT_PROJECT - One of the seed URLs does not belong to the current project.
        • SEED_URL_MALFORMED - One of the seed URLs is malformed (can not be parsed).
        • SEED_URL_MAPPED_TO_NON_ROUTABLE_ADDRESS - One of the seed URLs is mapped to a non-routable IP address in DNS.
        • SEED_URL_MAPPED_TO_UNRESERVED_ADDRESS - One of the seed URLs is mapped to an IP address which is not reserved for the current project.
        • SEED_URL_HAS_NON_ROUTABLE_IP_ADDRESS - One of the seed URLs has on-routable IP address.
        • SEED_URL_HAS_UNRESERVED_IP_ADDRESS - One of the seed URLs has an IP address that is not reserved for the current project.
        • SERVICE_ACCOUNT_NOT_CONFIGURED - The Web Security Scanner service account is not configured under the project.
        • TOO_MANY_SCANS - A project has reached the maximum number of scans.
        • UNABLE_TO_RESOLVE_PROJECT_INFO - Resolving the details of the current project fails.
        • UNSUPPORTED_BLACKLIST_PATTERN_FORMAT - One or more blacklist patterns were in the wrong format.
        • UNSUPPORTED_FILTER - The supplied filter is not supported.
        • UNSUPPORTED_FINDING_TYPE - The supplied finding type is not supported. For example, we do not provide findings of the given finding type.
        • UNSUPPORTED_URL_SCHEME - The URL scheme of one or more of the supplied URLs is not supported.
        • CLOUD_ASSET_INVENTORY_ASSET_NOT_FOUND - CAI is not able to list assets.
      • field_name
        Type: STRING
        Provider name: fieldName
        Description: Output only. Indicates the full name of the ScanConfig field that triggers this error, for example “scan_config.max_qps”. This field is provided for troubleshooting purposes only and its actual value can change in the future.
  • execution_state
    Type: STRING
    Provider name: executionState
    Description: Output only. The execution state of the ScanRun.
    Possible values:
    • EXECUTION_STATE_UNSPECIFIED - Represents an invalid state caused by internal server error. This value should never be returned.
    • QUEUED - The scan is waiting in the queue.
    • SCANNING - The scan is in progress.
    • FINISHED - The scan is either finished or stopped by user.
  • has_vulnerabilities
    Type: BOOLEAN
    Provider name: hasVulnerabilities
    Description: Output only. Whether the scan run has found any vulnerabilities.
  • name
    Type: STRING
    Provider name: name
    Description: Output only. The resource name of the ScanRun. The name follows the format of ‘projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}’. The ScanRun IDs are generated by the system.
  • progress_percent
    Type: INT32
    Provider name: progressPercent
    Description: Output only. The percentage of total completion ranging from 0 to 100. If the scan is in queue, the value is 0. If the scan is running, the value ranges from 0 to 100. If the scan is finished, the value is 100.
  • result_state
    Type: STRING
    Provider name: resultState
    Description: Output only. The result state of the ScanRun. This field is only available after the execution state reaches “FINISHED”.
    Possible values:
    • RESULT_STATE_UNSPECIFIED - Default value. This value is returned when the ScanRun is not yet finished.
    • SUCCESS - The scan finished without errors.
    • ERROR - The scan finished with errors.
    • KILLED - The scan was terminated by user.
  • start_time
    Type: TIMESTAMP
    Provider name: startTime
    Description: Output only. The time at which the ScanRun started.
  • urls_crawled_count
    Type: INT64
    Provider name: urlsCrawledCount
    Description: Output only. The number of URLs crawled during this ScanRun. If the scan is in progress, the value represents the number of URLs crawled up to now.
  • urls_tested_count
    Type: INT64
    Provider name: urlsTestedCount
    Description: Output only. The number of URLs tested during this ScanRun. If the scan is in progress, the value represents the number of URLs tested up to now. The number of URLs tested is usually larger than the number URLS crawled because typically a crawled URL is tested with multiple test payloads.
  • warning_traces
    Type: UNORDERED_LIST_STRUCT
    Provider name: warningTraces
    Description: Output only. A list of warnings, if such are encountered during this scan run.
    • code
      Type: STRING
      Provider name: code
      Description: Output only. Indicates the warning code.
      Possible values:
      • CODE_UNSPECIFIED - Default value is never used.
      • INSUFFICIENT_CRAWL_RESULTS - Indicates that a scan discovered an unexpectedly low number of URLs. This is sometimes caused by complex navigation features or by using a single URL for numerous pages.
      • TOO_MANY_CRAWL_RESULTS - Indicates that a scan discovered too many URLs to test, or excessive redundant URLs.
      • TOO_MANY_FUZZ_TASKS - Indicates that too many tests have been generated for the scan. Customer should try reducing the number of starting URLs, increasing the QPS rate, or narrowing down the scope of the scan using the excluded patterns.
      • BLOCKED_BY_IAP - Indicates that a scan is blocked by IAP.
      • NO_STARTING_URL_FOUND_FOR_MANAGED_SCAN - Indicates that no seeds is found for a scan

managed_scan

Type: BOOLEAN
Provider name: managedScan
Description: Whether the scan config is managed by Web Security Scanner, output only.

max_qps

Type: INT32
Provider name: maxQps
Description: The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. If the field is unspecified or its value is set 0, server will default to 15. Other values outside of [5, 20] range will be rejected with INVALID_ARGUMENT error.

name

Type: STRING
Provider name: name
Description: Identifier. The resource name of the ScanConfig. The name follows the format of ‘projects/{projectId}/scanConfigs/{scanConfigId}’. The ScanConfig IDs are generated by the system.

organization_id

Type: STRING

parent

Type: STRING

project_id

Type: STRING

project_number

Type: STRING

resource_name

Type: STRING

risk_level

Type: STRING
Provider name: riskLevel
Description: The risk level selected for the scan
Possible values:

  • RISK_LEVEL_UNSPECIFIED - Use default, which is NORMAL.
  • NORMAL - Normal scanning (Recommended)
  • LOW - Lower impact scanning

schedule

Type: STRUCT
Provider name: schedule
Description: The schedule of the ScanConfig.

  • interval_duration_days
    Type: INT32
    Provider name: intervalDurationDays
    Description: Required. The duration of time between executions in days.
  • schedule_time
    Type: TIMESTAMP
    Provider name: scheduleTime
    Description: A timestamp indicates when the next run will be scheduled. The value is refreshed by the server after each run. If unspecified, it will default to current server time, which means the scan will be scheduled to start immediately.

starting_urls

Type: UNORDERED_LIST_STRING
Provider name: startingUrls
Description: Required. The starting URLs from which the scanner finds site pages.

static_ip_scan

Type: BOOLEAN
Provider name: staticIpScan
Description: Whether the scan configuration has enabled static IP address scan feature. If enabled, the scanner will access applications from static IP addresses.

tags

Type: UNORDERED_LIST_STRING

target_platforms

Type: UNORDERED_LIST_STRING
Provider name: targetPlatforms
Description: Set of Google Cloud platforms targeted by the scan. If empty, APP_ENGINE will be used as a default.

user_agent

Type: STRING
Provider name: userAgent
Description: The user agent used during scanning.
Possible values:

  • USER_AGENT_UNSPECIFIED - The user agent is unknown. Service will default to CHROME_LINUX.
  • CHROME_LINUX - Chrome on Linux. This is the service default if unspecified.
  • CHROME_ANDROID - Chrome on Android.
  • SAFARI_IPHONE - Safari on IPhone.