- Resource: ScanConfig
- Authentication
- GoogleAccount
- CustomAccount
- IapCredential
- IapTestServiceAccountInfo
- UserAgent
- Schedule
- ExportToSecurityCommandCenter
- RiskLevel
- Methods
Resource: ScanConfig
A ScanConfig resource contains the configurations to launch a scan.
JSON representation |
---|
{ "name": string, "displayName": string, "maxQps": integer, "startingUrls": [ string ], "authentication": { object ( |
Fields | |
---|---|
name |
The resource name of the ScanConfig. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}'. The ScanConfig IDs are generated by the system. |
display |
Required. The user provided display name of the ScanConfig. |
max |
The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. If the field is unspecified or its value is set 0, server will default to 15. Other values outside of [5, 20] range will be rejected with INVALID_ARGUMENT error. |
starting |
Required. The starting URLs from which the scanner finds site pages. |
authentication |
The authentication configuration. If specified, service will use the authentication configuration during scanning. |
user |
The user agent used during scanning. |
blacklist |
The excluded URL patterns as described in https://cloud.google.com/security-command-center/docs/how-to-use-web-security-scanner#excluding_urls |
schedule |
The schedule of the ScanConfig. |
export |
Controls export of scan configurations and results to Security Command Center. |
risk |
The risk level selected for the scan |
managed |
Whether the scan config is managed by Web Security Scanner, output only. |
static |
Whether the scan configuration has enabled static IP address scan feature. If enabled, the scanner will access applications from static IP addresses. |
ignore |
Whether to keep scanning even if most requests return HTTP error codes. |
Authentication
Scan authentication configuration.
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field authentication . Required. Authentication configuration authentication can be only one of the following: |
|
googleAccount |
Authentication using a Google account. |
custom |
Authentication using a custom account. |
iap |
Authentication using Identity-Aware-Proxy (IAP). |
GoogleAccount
Describes authentication configuration that uses a Google account.
JSON representation |
---|
{ "username": string, "password": string } |
Fields | |
---|---|
username |
Required. The user name of the Google account. |
password |
Required. Input only. The password of the Google account. The credential is stored encrypted and not returned in any response nor included in audit logs. |
CustomAccount
Describes authentication configuration that uses a custom account.
JSON representation |
---|
{ "username": string, "password": string, "loginUrl": string } |
Fields | |
---|---|
username |
Required. The user name of the custom account. |
password |
Required. Input only. The password of the custom account. The credential is stored encrypted and not returned in any response nor included in audit logs. |
login |
Required. The login form URL of the website. |
IapCredential
Describes authentication configuration for Identity-Aware-Proxy (IAP).
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field iap_credentials . Identity-Aware-Proxy (IAP) Authentication Configuration iap_credentials can be only one of the following: |
|
iap |
Authentication configuration when Web-Security-Scanner service account is added in Identity-Aware-Proxy (IAP) access policies. |
IapTestServiceAccountInfo
Describes authentication configuration when Web-Security-Scanner service account is added in Identity-Aware-Proxy (IAP) access policies.
JSON representation |
---|
{ "targetAudienceClientId": string } |
Fields | |
---|---|
target |
Required. Describes OAuth2 client id of resources protected by Identity-Aware-Proxy (IAP). |
UserAgent
Type of user agents used for scanning.
Enums | |
---|---|
USER_AGENT_UNSPECIFIED |
The user agent is unknown. Service will default to CHROME_LINUX. |
CHROME_LINUX |
Chrome on Linux. This is the service default if unspecified. |
CHROME_ANDROID |
Chrome on Android. |
SAFARI_IPHONE |
Safari on IPhone. |
Schedule
Scan schedule configuration.
JSON representation |
---|
{ "scheduleTime": string, "intervalDurationDays": integer } |
Fields | |
---|---|
schedule |
A timestamp indicates when the next run will be scheduled. The value is refreshed by the server after each run. If unspecified, it will default to current server time, which means the scan will be scheduled to start immediately. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
interval |
Required. The duration of time between executions in days. |
ExportToSecurityCommandCenter
Controls export of scan configurations and results to Security Command Center.
Enums | |
---|---|
EXPORT_TO_SECURITY_COMMAND_CENTER_UNSPECIFIED |
Use default, which is ENABLED. |
ENABLED |
Export results of this scan to Security Command Center. |
DISABLED |
Do not export results of this scan to Security Command Center. |
RiskLevel
Scan risk levels supported by Web Security Scanner. LOW impact scanning will minimize requests with the potential to modify data. To achieve the maximum scan coverage, NORMAL risk level is recommended.
Enums | |
---|---|
RISK_LEVEL_UNSPECIFIED |
Use default, which is NORMAL. |
NORMAL |
Normal scanning (Recommended) |
LOW |
Lower impact scanning |
Methods |
|
---|---|
|
Creates a new ScanConfig. |
|
Deletes an existing ScanConfig and its child resources. |
|
Gets a ScanConfig. |
|
Lists ScanConfigs under a given project. |
|
Updates a ScanConfig. |
|
Start a ScanRun according to the given ScanConfig. |