scan_configs

Creates, updates, deletes, gets or lists a scan_configs resource.

Overview

Name	`scan_configs`
Type	Resource
Id	`google.websecurityscanner.scan_configs`

Fields

The following fields are returned by SELECT queries:

get
list

Successful response

Name	Datatype	Description
`name`	`string`	Identifier. The resource name of the ScanConfig. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}'. The ScanConfig IDs are generated by the system.
`authentication`	`object`	The authentication configuration. If specified, service will use the authentication configuration during scanning. (id: Authentication)
`blacklistPatterns`	`array`	The excluded URL patterns as described in https://cloud.google.com/security-command-center/docs/how-to-use-web-security-scanner#excluding_urls
`displayName`	`string`	Required. The user provided display name of the ScanConfig.
`exportToSecurityCommandCenter`	`string`	Controls export of scan configurations and results to Security Command Center.
`ignoreHttpStatusErrors`	`boolean`	Whether to keep scanning even if most requests return HTTP error codes.
`latestRun`	`object`	A ScanRun is a output-only resource representing an actual run of the scan. Next id: 12 (id: ScanRun)
`managedScan`	`boolean`	Whether the scan config is managed by Web Security Scanner, output only.
`maxQps`	`integer (int32)`	The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. If the field is unspecified or its value is set 0, server will default to 15. Other values outside of [5, 20] range will be rejected with INVALID_ARGUMENT error.
`riskLevel`	`string`	The risk level selected for the scan
`schedule`	`object`	The schedule of the ScanConfig. (id: Schedule)
`startingUrls`	`array`	Required. The starting URLs from which the scanner finds site pages.
`staticIpScan`	`boolean`	Whether the scan configuration has enabled static IP address scan feature. If enabled, the scanner will access applications from static IP addresses.
`targetPlatforms`	`array`	Set of Google Cloud platforms targeted by the scan. If empty, APP_ENGINE will be used as a default.
`userAgent`	`string`	The user agent used during scanning.

Successful response

Name	Datatype	Description
`name`	`string`	Identifier. The resource name of the ScanConfig. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}'. The ScanConfig IDs are generated by the system.
`authentication`	`object`	The authentication configuration. If specified, service will use the authentication configuration during scanning. (id: Authentication)
`blacklistPatterns`	`array`	The excluded URL patterns as described in https://cloud.google.com/security-command-center/docs/how-to-use-web-security-scanner#excluding_urls
`displayName`	`string`	Required. The user provided display name of the ScanConfig.
`exportToSecurityCommandCenter`	`string`	Controls export of scan configurations and results to Security Command Center.
`ignoreHttpStatusErrors`	`boolean`	Whether to keep scanning even if most requests return HTTP error codes.
`latestRun`	`object`	A ScanRun is a output-only resource representing an actual run of the scan. Next id: 12 (id: ScanRun)
`managedScan`	`boolean`	Whether the scan config is managed by Web Security Scanner, output only.
`maxQps`	`integer (int32)`	The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. If the field is unspecified or its value is set 0, server will default to 15. Other values outside of [5, 20] range will be rejected with INVALID_ARGUMENT error.
`riskLevel`	`string`	The risk level selected for the scan
`schedule`	`object`	The schedule of the ScanConfig. (id: Schedule)
`startingUrls`	`array`	Required. The starting URLs from which the scanner finds site pages.
`staticIpScan`	`boolean`	Whether the scan configuration has enabled static IP address scan feature. If enabled, the scanner will access applications from static IP addresses.
`targetPlatforms`	`array`	Set of Google Cloud platforms targeted by the scan. If empty, APP_ENGINE will be used as a default.
`userAgent`	`string`	The user agent used during scanning.

Methods

The following methods are available for this resource:

Name	Accessible by	Required Params	Optional Params	Description
`get`	`select`	`projectsId`, `scanConfigsId`		Gets a ScanConfig.
`list`	`select`	`projectsId`	`pageToken`, `pageSize`	Lists ScanConfigs under a given project.
`create`	`insert`	`projectsId`		Creates a new ScanConfig.
`patch`	`update`	`projectsId`, `scanConfigsId`	`updateMask`	Updates a ScanConfig. This method support partial update of a ScanConfig.
`delete`	`delete`	`projectsId`, `scanConfigsId`		Deletes an existing ScanConfig and its child resources.
`start`	`exec`	`projectsId`, `scanConfigsId`		Start a ScanRun according to the given ScanConfig.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

Name	Datatype	Description
`projectsId`	`string`
`scanConfigsId`	`string`
`pageSize`	`integer (int32)`
`pageToken`	`string`
`updateMask`	`string (google-fieldmask)`

`SELECT` examples

get
list

Gets a ScanConfig.

SELECT
name,
authentication,
blacklistPatterns,
displayName,
exportToSecurityCommandCenter,
ignoreHttpStatusErrors,
latestRun,
managedScan,
maxQps,
riskLevel,
schedule,
startingUrls,
staticIpScan,
targetPlatforms,
userAgent
FROM google.websecurityscanner.scan_configs
WHERE projectsId = '{{ projectsId }}' -- required
AND scanConfigsId = '{{ scanConfigsId }}' -- required;

Lists ScanConfigs under a given project.

SELECT
name,
authentication,
blacklistPatterns,
displayName,
exportToSecurityCommandCenter,
ignoreHttpStatusErrors,
latestRun,
managedScan,
maxQps,
riskLevel,
schedule,
startingUrls,
staticIpScan,
targetPlatforms,
userAgent
FROM google.websecurityscanner.scan_configs
WHERE projectsId = '{{ projectsId }}' -- required
AND pageToken = '{{ pageToken }}'
AND pageSize = '{{ pageSize }}';

`INSERT` examples

create
Manifest

Creates a new ScanConfig.

INSERT INTO google.websecurityscanner.scan_configs (
data__name,
data__displayName,
data__maxQps,
data__startingUrls,
data__authentication,
data__userAgent,
data__blacklistPatterns,
data__schedule,
data__exportToSecurityCommandCenter,
data__riskLevel,
data__managedScan,
data__staticIpScan,
data__ignoreHttpStatusErrors,
data__latestRun,
data__targetPlatforms,
projectsId
)
SELECT 
'{{ name }}',
'{{ displayName }}',
{{ maxQps }},
'{{ startingUrls }}',
'{{ authentication }}',
'{{ userAgent }}',
'{{ blacklistPatterns }}',
'{{ schedule }}',
'{{ exportToSecurityCommandCenter }}',
'{{ riskLevel }}',
{{ managedScan }},
{{ staticIpScan }},
{{ ignoreHttpStatusErrors }},
'{{ latestRun }}',
'{{ targetPlatforms }}',
'{{ projectsId }}'
RETURNING
name,
authentication,
blacklistPatterns,
displayName,
exportToSecurityCommandCenter,
ignoreHttpStatusErrors,
latestRun,
managedScan,
maxQps,
riskLevel,
schedule,
startingUrls,
staticIpScan,
targetPlatforms,
userAgent
;

# Description fields are for documentation purposes
- name: scan_configs
  props:
    - name: projectsId
      value: string
      description: Required parameter for the scan_configs resource.
    - name: name
      value: string
      description: >
        Identifier. The resource name of the ScanConfig. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}'. The ScanConfig IDs are generated by the system.
        
    - name: displayName
      value: string
      description: >
        Required. The user provided display name of the ScanConfig.
        
    - name: maxQps
      value: integer
      description: >
        The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. If the field is unspecified or its value is set 0, server will default to 15. Other values outside of [5, 20] range will be rejected with INVALID_ARGUMENT error.
        
    - name: startingUrls
      value: array
      description: >
        Required. The starting URLs from which the scanner finds site pages.
        
    - name: authentication
      value: object
      description: >
        The authentication configuration. If specified, service will use the authentication configuration during scanning.
        
    - name: userAgent
      value: string
      description: >
        The user agent used during scanning.
        
      valid_values: ['USER_AGENT_UNSPECIFIED', 'CHROME_LINUX', 'CHROME_ANDROID', 'SAFARI_IPHONE']
    - name: blacklistPatterns
      value: array
      description: >
        The excluded URL patterns as described in https://cloud.google.com/security-command-center/docs/how-to-use-web-security-scanner#excluding_urls
        
    - name: schedule
      value: object
      description: >
        The schedule of the ScanConfig.
        
    - name: exportToSecurityCommandCenter
      value: string
      description: >
        Controls export of scan configurations and results to Security Command Center.
        
      valid_values: ['EXPORT_TO_SECURITY_COMMAND_CENTER_UNSPECIFIED', 'ENABLED', 'DISABLED']
    - name: riskLevel
      value: string
      description: >
        The risk level selected for the scan
        
      valid_values: ['RISK_LEVEL_UNSPECIFIED', 'NORMAL', 'LOW']
    - name: managedScan
      value: boolean
      description: >
        Whether the scan config is managed by Web Security Scanner, output only.
        
    - name: staticIpScan
      value: boolean
      description: >
        Whether the scan configuration has enabled static IP address scan feature. If enabled, the scanner will access applications from static IP addresses.
        
    - name: ignoreHttpStatusErrors
      value: boolean
      description: >
        Whether to keep scanning even if most requests return HTTP error codes.
        
    - name: latestRun
      value: object
      description: >
        A ScanRun is a output-only resource representing an actual run of the scan. Next id: 12
        
    - name: targetPlatforms
      value: array
      description: >
        Set of Google Cloud platforms targeted by the scan. If empty, APP_ENGINE will be used as a default.
        

`UPDATE` examples

patch

Updates a ScanConfig. This method support partial update of a ScanConfig.

UPDATE google.websecurityscanner.scan_configs
SET 
data__name = '{{ name }}',
data__displayName = '{{ displayName }}',
data__maxQps = {{ maxQps }},
data__startingUrls = '{{ startingUrls }}',
data__authentication = '{{ authentication }}',
data__userAgent = '{{ userAgent }}',
data__blacklistPatterns = '{{ blacklistPatterns }}',
data__schedule = '{{ schedule }}',
data__exportToSecurityCommandCenter = '{{ exportToSecurityCommandCenter }}',
data__riskLevel = '{{ riskLevel }}',
data__managedScan = {{ managedScan }},
data__staticIpScan = {{ staticIpScan }},
data__ignoreHttpStatusErrors = {{ ignoreHttpStatusErrors }},
data__latestRun = '{{ latestRun }}',
data__targetPlatforms = '{{ targetPlatforms }}'
WHERE 
projectsId = '{{ projectsId }}' --required
AND scanConfigsId = '{{ scanConfigsId }}' --required
AND updateMask = '{{ updateMask}}'
RETURNING
name,
authentication,
blacklistPatterns,
displayName,
exportToSecurityCommandCenter,
ignoreHttpStatusErrors,
latestRun,
managedScan,
maxQps,
riskLevel,
schedule,
startingUrls,
staticIpScan,
targetPlatforms,
userAgent;

`DELETE` examples

delete

Deletes an existing ScanConfig and its child resources.

DELETE FROM google.websecurityscanner.scan_configs
WHERE projectsId = '{{ projectsId }}' --required
AND scanConfigsId = '{{ scanConfigsId }}' --required;

Lifecycle Methods

start

Start a ScanRun according to the given ScanConfig.

EXEC google.websecurityscanner.scan_configs.start 
@projectsId='{{ projectsId }}' --required, 
@scanConfigsId='{{ scanConfigsId }}' --required;

Overview​

Fields​

Methods​

Parameters​

SELECT examples​

INSERT examples​

UPDATE examples​

DELETE examples​

Lifecycle Methods​