REST Resource: projects.scanConfigs

Resource: ScanConfig

A ScanConfig resource contains the configurations to launch a scan.

JSON representation
{
  "name": string,
  "displayName": string,
  "maxQps": integer,
  "startingUrls": [
    string
  ],
  "authentication": {
    object (Authentication)
  },
  "userAgent": enum (UserAgent),
  "blacklistPatterns": [
    string
  ],
  "schedule": {
    object (Schedule)
  },
  "targetPlatforms": [
    enum (TargetPlatform)
  ],
  "exportToSecurityCommandCenter": enum (ExportToSecurityCommandCenter),
  "latestRun": {
    object (ScanRun)
  },
  "riskLevel": enum (RiskLevel),
  "managedScan": boolean,
  "staticIpScan": boolean,
  "ignoreHttpStatusErrors": boolean
}
Fields
name

string

The resource name of the ScanConfig. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}'. The ScanConfig IDs are generated by the system.

displayName

string

Required. The user provided display name of the ScanConfig.

maxQps

integer

The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. If the field is unspecified or its value is set 0, server will default to 15. Other values outside of [5, 20] range will be rejected with INVALID_ARGUMENT error.

startingUrls[]

string

Required. The starting URLs from which the scanner finds site pages.

authentication

object (Authentication)

The authentication configuration. If specified, service will use the authentication configuration during scanning.

userAgent

enum (UserAgent)

The user agent used during scanning.

blacklistPatterns[]

string

The excluded URL patterns as described in https://cloud.google.com/security-command-center/docs/how-to-use-web-security-scanner#excluding_urls

schedule

object (Schedule)

The schedule of the ScanConfig.

targetPlatforms[]

enum (TargetPlatform)

Set of Google Cloud platforms targeted by the scan. If empty, APP_ENGINE will be used as a default.

exportToSecurityCommandCenter

enum (ExportToSecurityCommandCenter)

Controls export of scan configurations and results to Security Command Center.

latestRun

object (ScanRun)

Latest ScanRun if available.

riskLevel

enum (RiskLevel)

The risk level selected for the scan

managedScan

boolean

Whether the scan config is managed by Web Security Scanner, output only.

staticIpScan

boolean

Whether the scan configuration has enabled static IP address scan feature. If enabled, the scanner will access applications from static IP addresses.

ignoreHttpStatusErrors

boolean

Whether to keep scanning even if most requests return HTTP error codes.

Authentication

Scan authentication configuration.

JSON representation
{

  // Union field authentication can be only one of the following:
  "googleAccount": {
    object (GoogleAccount)
  },
  "customAccount": {
    object (CustomAccount)
  },
  "iapCredential": {
    object (IapCredential)
  }
  // End of list of possible types for union field authentication.
}
Fields
Union field authentication. Required. Authentication configuration authentication can be only one of the following:
googleAccount
(deprecated)

object (GoogleAccount)

Authentication using a Google account.

customAccount

object (CustomAccount)

Authentication using a custom account.

iapCredential

object (IapCredential)

Authentication using Identity-Aware-Proxy (IAP).

GoogleAccount

Describes authentication configuration that uses a Google account.

JSON representation
{
  "username": string,
  "password": string
}
Fields
username

string

Required. The user name of the Google account.

password

string

Required. Input only. The password of the Google account. The credential is stored encrypted and not returned in any response nor included in audit logs.

CustomAccount

Describes authentication configuration that uses a custom account.

JSON representation
{
  "username": string,
  "password": string,
  "loginUrl": string
}
Fields
username

string

Required. The user name of the custom account.

password

string

Required. Input only. The password of the custom account. The credential is stored encrypted and not returned in any response nor included in audit logs.

loginUrl

string

Required. The login form URL of the website.

IapCredential

Describes authentication configuration for Identity-Aware-Proxy (IAP).

JSON representation
{

  // Union field iap_credentials can be only one of the following:
  "iapTestServiceAccountInfo": {
    object (IapTestServiceAccountInfo)
  }
  // End of list of possible types for union field iap_credentials.
}
Fields
Union field iap_credentials. Identity-Aware-Proxy (IAP) Authentication Configuration iap_credentials can be only one of the following:
iapTestServiceAccountInfo

object (IapTestServiceAccountInfo)

Authentication configuration when Web-Security-Scanner service account is added in Identity-Aware-Proxy (IAP) access policies.

IapTestServiceAccountInfo

Describes authentication configuration when Web-Security-Scanner service account is added in Identity-Aware-Proxy (IAP) access policies.

JSON representation
{
  "targetAudienceClientId": string
}
Fields
targetAudienceClientId

string

Required. Describes OAuth2 Client ID of resources protected by Identity-Aware-Proxy(IAP).

UserAgent

Type of user agents used for scanning.

Enums
USER_AGENT_UNSPECIFIED The user agent is unknown. Service will default to CHROME_LINUX.
CHROME_LINUX Chrome on Linux. This is the service default if unspecified.
CHROME_ANDROID Chrome on Android.
SAFARI_IPHONE Safari on IPhone.

Schedule

Scan schedule configuration.

JSON representation
{
  "scheduleTime": string,
  "intervalDurationDays": integer
}
Fields
scheduleTime

string (Timestamp format)

A timestamp indicates when the next run will be scheduled. The value is refreshed by the server after each run. If unspecified, it will default to current server time, which means the scan will be scheduled to start immediately.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

intervalDurationDays

integer

Required. The duration of time between executions in days.

TargetPlatform

Google Cloud platforms supported by Web Security Scanner.

Enums
TARGET_PLATFORM_UNSPECIFIED The target platform is unknown. Requests with this enum value will be rejected with INVALID_ARGUMENT error.
APP_ENGINE Google App Engine service.
COMPUTE Google Compute Engine service.
CLOUD_RUN Google Cloud Run service.
CLOUD_FUNCTIONS Google Cloud Function service.

ExportToSecurityCommandCenter

Controls export of scan configurations and results to Security Command Center.

Enums
EXPORT_TO_SECURITY_COMMAND_CENTER_UNSPECIFIED Use default, which is ENABLED.
ENABLED Export results of this scan to Security Command Center.
DISABLED Do not export results of this scan to Security Command Center.

RiskLevel

Scan risk levels supported by Web Security Scanner. LOW impact scanning will minimize requests with the potential to modify data. To achieve the maximum scan coverage, NORMAL risk level is recommended.

Enums
RISK_LEVEL_UNSPECIFIED Use default, which is NORMAL.
NORMAL Normal scanning (Recommended)
LOW Lower impact scanning

Methods

create

Creates a new ScanConfig.

delete

Deletes an existing ScanConfig and its child resources.

get

Gets a ScanConfig.

list

Lists ScanConfigs under a given project.

patch

Updates a ScanConfig.

start

Start a ScanRun according to the given ScanConfig.