oci_vulnerability_scanning_container_scan_target

This resource provides the Container Scan Target resource in Oracle Cloud Infrastructure Vulnerability Scanning service.

Creates a new ContainerScanTarget. A container scan target specifies a group of one or more Docker image repositories in Oracle Cloud Infrastructure Registry (OCIR) that you want routinely scanned for security vulnerabilities.

Example Usage

resource "oci_vulnerability_scanning_container_scan_target" "test_container_scan_target" {
	#Required
	compartment_id = var.compartment_id
	container_scan_recipe_id = oci_vulnerability_scanning_container_scan_recipe.test_container_scan_recipe.id
	target_registry {
		#Required
		compartment_id = var.compartment_id
		type = var.container_scan_target_target_registry_type

		#Optional
		repositories = var.container_scan_target_target_registry_repositories
		url = var.container_scan_target_target_registry_url
	}

	#Optional
	defined_tags = {"foo-namespace.bar-key"= "value"}
	description = var.container_scan_target_description
	display_name = var.container_scan_target_display_name
	freeform_tags = {"bar-key"= "value"}
}

Argument Reference

The following arguments are supported:

• compartment_id - (Required) (Updatable) The OCID of the container scan target’s compartment
• container_scan_recipe_id - (Required) (Updatable) ID of the container scan recipe this target applies.
• defined_tags - (Optional) (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace.bar-key": "value"}
• description - (Optional) (Updatable) Target description.
• display_name - (Optional) (Updatable) User friendly name of container scan target. If not present, will be auto-generated.
• freeform_tags - (Optional) (Updatable) Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"}
• target_registry - (Required) (Updatable) Registry information for a container scan target
  • compartment_id - (Required) (Updatable) The OCID of the compartment to perform the scans in. All listed repositories must be in the compartment.
  • repositories - (Optional) (Updatable) List of repositories to scan images in. If left empty, the target defaults to scanning all repos in the compartmentId
  • type - (Required) (Updatable) The scan level
  • url - (Optional) (Updatable) URL of the registry. Required for non-OCIR registry types (for OCIR registry types, it can be inferred from the tenancy).

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

Attributes Reference

The following attributes are exported:

• compartment_id - The OCID of the container scan target’s compartment
• container_scan_recipe_id - ID of the container scan recipe this target applies.
• defined_tags - Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace.bar-key": "value"}
• description - Target description.
• display_name - User friendly name of container scan target
• freeform_tags - Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"}
• id - The OCID of container scan target. Immutable and generated on creation.
• state - The current state of the config.
• system_tags - Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud.free-tier-retained": "true"}
• target_registry - Registry information for a container scan target
  • compartment_id - The OCID of the compartment to perform the scans in. All listed repositories must be in the compartment.
  • repositories - List of repositories to scan images in. If left empty, the target defaults to scanning all repos in the compartmentId
  • type - The scan level
  • url - URL of the registry.
• time_created - Date and time the target was created, format as described in RFC 3339
• time_updated - Date and time the target was last updated, format as described in RFC 3339

Timeouts

The timeouts block allows you to specify timeouts for certain operations: * create - (Defaults to 20 minutes), when creating the Container Scan Target * update - (Defaults to 20 minutes), when updating the Container Scan Target * delete - (Defaults to 20 minutes), when destroying the Container Scan Target

Import

ContainerScanTargets can be imported using the id, e.g.

$ terraform import oci_vulnerability_scanning_container_scan_target.test_container_scan_target "id"