Docs Home
sysdig 1.53.0 published on Thursday, Apr 17, 2025 by sysdiglabs
sysdig.SecureVulnerabilityAcceptRisk
Explore with Pulumi AI
sysdig 1.53.0 published on Thursday, Apr 17, 2025 by sysdiglabs
Example Usage
Image risk acceptance
import * as pulumi from "@pulumi/pulumi";
import * as sysdig from "@pulumi/sysdig";
const acceptResourceImageExact = new sysdig.SecureVulnerabilityAcceptRisk("acceptResourceImageExact", {
description: "Accept risk for exact NGINX image",
image: "docker.io/library/nginx:1.21.0",
reason: "RiskOwned",
stages: [
"pipeline",
"runtime",
],
});
const acceptResourceImagePrefix = new sysdig.SecureVulnerabilityAcceptRisk("acceptResourceImagePrefix", {
description: "Accept risk for all versions of app image",
expirationDate: "2025-01-02",
image: "docker.io/company/app:*",
reason: "RiskMitigated",
stages: ["pipeline"],
});
const acceptResourceImageSuffix = new sysdig.SecureVulnerabilityAcceptRisk("acceptResourceImageSuffix", {
description: "Accept risk for version 1.0.0 images",
expirationDate: "2025-01-02",
image: "*:1.0.0",
reason: "RiskTransferred",
stages: ["runtime"],
});
const acceptResourceImageContains = new sysdig.SecureVulnerabilityAcceptRisk("acceptResourceImageContains", {
description: "Accept risk for any image containing 'nodejs'",
expirationDate: "2025-01-02",
image: "*nodejs*",
reason: "RiskNotRelevant",
stages: [],
});
import pulumi
import pulumi_sysdig as sysdig
accept_resource_image_exact = sysdig.SecureVulnerabilityAcceptRisk("acceptResourceImageExact",
description="Accept risk for exact NGINX image",
image="docker.io/library/nginx:1.21.0",
reason="RiskOwned",
stages=[
"pipeline",
"runtime",
])
accept_resource_image_prefix = sysdig.SecureVulnerabilityAcceptRisk("acceptResourceImagePrefix",
description="Accept risk for all versions of app image",
expiration_date="2025-01-02",
image="docker.io/company/app:*",
reason="RiskMitigated",
stages=["pipeline"])
accept_resource_image_suffix = sysdig.SecureVulnerabilityAcceptRisk("acceptResourceImageSuffix",
description="Accept risk for version 1.0.0 images",
expiration_date="2025-01-02",
image="*:1.0.0",
reason="RiskTransferred",
stages=["runtime"])
accept_resource_image_contains = sysdig.SecureVulnerabilityAcceptRisk("acceptResourceImageContains",
description="Accept risk for any image containing 'nodejs'",
expiration_date="2025-01-02",
image="*nodejs*",
reason="RiskNotRelevant",
stages=[])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/sysdig/sysdig"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sysdig.NewSecureVulnerabilityAcceptRisk(ctx, "acceptResourceImageExact", &sysdig.SecureVulnerabilityAcceptRiskArgs{
Description: pulumi.String("Accept risk for exact NGINX image"),
Image: pulumi.String("docker.io/library/nginx:1.21.0"),
Reason: pulumi.String("RiskOwned"),
Stages: pulumi.StringArray{
pulumi.String("pipeline"),
pulumi.String("runtime"),
},
})
if err != nil {
return err
}
_, err = sysdig.NewSecureVulnerabilityAcceptRisk(ctx, "acceptResourceImagePrefix", &sysdig.SecureVulnerabilityAcceptRiskArgs{
Description: pulumi.String("Accept risk for all versions of app image"),
ExpirationDate: pulumi.String("2025-01-02"),
Image: pulumi.String("docker.io/company/app:*"),
Reason: pulumi.String("RiskMitigated"),
Stages: pulumi.StringArray{
pulumi.String("pipeline"),
},
})
if err != nil {
return err
}
_, err = sysdig.NewSecureVulnerabilityAcceptRisk(ctx, "acceptResourceImageSuffix", &sysdig.SecureVulnerabilityAcceptRiskArgs{
Description: pulumi.String("Accept risk for version 1.0.0 images"),
ExpirationDate: pulumi.String("2025-01-02"),
Image: pulumi.String("*:1.0.0"),
Reason: pulumi.String("RiskTransferred"),
Stages: pulumi.StringArray{
pulumi.String("runtime"),
},
})
if err != nil {
return err
}
_, err = sysdig.NewSecureVulnerabilityAcceptRisk(ctx, "acceptResourceImageContains", &sysdig.SecureVulnerabilityAcceptRiskArgs{
Description: pulumi.String("Accept risk for any image containing 'nodejs'"),
ExpirationDate: pulumi.String("2025-01-02"),
Image: pulumi.String("*nodejs*"),
Reason: pulumi.String("RiskNotRelevant"),
Stages: pulumi.StringArray{},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sysdig = Pulumi.Sysdig;
return await Deployment.RunAsync(() =>
{
var acceptResourceImageExact = new Sysdig.SecureVulnerabilityAcceptRisk("acceptResourceImageExact", new()
{
Description = "Accept risk for exact NGINX image",
Image = "docker.io/library/nginx:1.21.0",
Reason = "RiskOwned",
Stages = new[]
{
"pipeline",
"runtime",
},
});
var acceptResourceImagePrefix = new Sysdig.SecureVulnerabilityAcceptRisk("acceptResourceImagePrefix", new()
{
Description = "Accept risk for all versions of app image",
ExpirationDate = "2025-01-02",
Image = "docker.io/company/app:*",
Reason = "RiskMitigated",
Stages = new[]
{
"pipeline",
},
});
var acceptResourceImageSuffix = new Sysdig.SecureVulnerabilityAcceptRisk("acceptResourceImageSuffix", new()
{
Description = "Accept risk for version 1.0.0 images",
ExpirationDate = "2025-01-02",
Image = "*:1.0.0",
Reason = "RiskTransferred",
Stages = new[]
{
"runtime",
},
});
var acceptResourceImageContains = new Sysdig.SecureVulnerabilityAcceptRisk("acceptResourceImageContains", new()
{
Description = "Accept risk for any image containing 'nodejs'",
ExpirationDate = "2025-01-02",
Image = "*nodejs*",
Reason = "RiskNotRelevant",
Stages = new[] {},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sysdig.SecureVulnerabilityAcceptRisk;
import com.pulumi.sysdig.SecureVulnerabilityAcceptRiskArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var acceptResourceImageExact = new SecureVulnerabilityAcceptRisk("acceptResourceImageExact", SecureVulnerabilityAcceptRiskArgs.builder()
.description("Accept risk for exact NGINX image")
.image("docker.io/library/nginx:1.21.0")
.reason("RiskOwned")
.stages(
"pipeline",
"runtime")
.build());
var acceptResourceImagePrefix = new SecureVulnerabilityAcceptRisk("acceptResourceImagePrefix", SecureVulnerabilityAcceptRiskArgs.builder()
.description("Accept risk for all versions of app image")
.expirationDate("2025-01-02")
.image("docker.io/company/app:*")
.reason("RiskMitigated")
.stages("pipeline")
.build());
var acceptResourceImageSuffix = new SecureVulnerabilityAcceptRisk("acceptResourceImageSuffix", SecureVulnerabilityAcceptRiskArgs.builder()
.description("Accept risk for version 1.0.0 images")
.expirationDate("2025-01-02")
.image("*:1.0.0")
.reason("RiskTransferred")
.stages("runtime")
.build());
var acceptResourceImageContains = new SecureVulnerabilityAcceptRisk("acceptResourceImageContains", SecureVulnerabilityAcceptRiskArgs.builder()
.description("Accept risk for any image containing 'nodejs'")
.expirationDate("2025-01-02")
.image("*nodejs*")
.reason("RiskNotRelevant")
.stages()
.build());
}
}
resources:
acceptResourceImageExact:
type: sysdig:SecureVulnerabilityAcceptRisk
properties:
description: Accept risk for exact NGINX image
image: docker.io/library/nginx:1.21.0
reason: RiskOwned
stages:
- pipeline
- runtime
acceptResourceImagePrefix:
type: sysdig:SecureVulnerabilityAcceptRisk
properties:
description: Accept risk for all versions of app image
expirationDate: 2025-01-02
image: docker.io/company/app:*
reason: RiskMitigated
stages:
- pipeline
acceptResourceImageSuffix:
type: sysdig:SecureVulnerabilityAcceptRisk
properties:
description: Accept risk for version 1.0.0 images
expirationDate: 2025-01-02
image: '*:1.0.0'
reason: RiskTransferred
stages:
- runtime
acceptResourceImageContains:
type: sysdig:SecureVulnerabilityAcceptRisk
properties:
description: Accept risk for any image containing 'nodejs'
expirationDate: 2025-01-02
image: '*nodejs*'
reason: RiskNotRelevant
stages: []
Hostname risk acceptance
import * as pulumi from "@pulumi/pulumi";
import * as sysdig from "@pulumi/sysdig";
const acceptResourceHostnameExact = new sysdig.SecureVulnerabilityAcceptRisk("acceptResourceHostnameExact", {
description: "Accept risk for production webserver",
hostname: "webserver-prod-01.mydomain.com",
reason: "RiskOwned",
stages: ["runtime"],
});
const acceptResourceHostnameContains = new sysdig.SecureVulnerabilityAcceptRisk("acceptResourceHostnameContains", {
description: "Accept risk for all staging hosts",
expirationDate: "2025-01-02",
hostnameContains: "staging-",
reason: "RiskMitigated",
stages: [],
});
import pulumi
import pulumi_sysdig as sysdig
accept_resource_hostname_exact = sysdig.SecureVulnerabilityAcceptRisk("acceptResourceHostnameExact",
description="Accept risk for production webserver",
hostname="webserver-prod-01.mydomain.com",
reason="RiskOwned",
stages=["runtime"])
accept_resource_hostname_contains = sysdig.SecureVulnerabilityAcceptRisk("acceptResourceHostnameContains",
description="Accept risk for all staging hosts",
expiration_date="2025-01-02",
hostname_contains="staging-",
reason="RiskMitigated",
stages=[])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/sysdig/sysdig"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sysdig.NewSecureVulnerabilityAcceptRisk(ctx, "acceptResourceHostnameExact", &sysdig.SecureVulnerabilityAcceptRiskArgs{
Description: pulumi.String("Accept risk for production webserver"),
Hostname: pulumi.String("webserver-prod-01.mydomain.com"),
Reason: pulumi.String("RiskOwned"),
Stages: pulumi.StringArray{
pulumi.String("runtime"),
},
})
if err != nil {
return err
}
_, err = sysdig.NewSecureVulnerabilityAcceptRisk(ctx, "acceptResourceHostnameContains", &sysdig.SecureVulnerabilityAcceptRiskArgs{
Description: pulumi.String("Accept risk for all staging hosts"),
ExpirationDate: pulumi.String("2025-01-02"),
HostnameContains: pulumi.String("staging-"),
Reason: pulumi.String("RiskMitigated"),
Stages: pulumi.StringArray{},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sysdig = Pulumi.Sysdig;
return await Deployment.RunAsync(() =>
{
var acceptResourceHostnameExact = new Sysdig.SecureVulnerabilityAcceptRisk("acceptResourceHostnameExact", new()
{
Description = "Accept risk for production webserver",
Hostname = "webserver-prod-01.mydomain.com",
Reason = "RiskOwned",
Stages = new[]
{
"runtime",
},
});
var acceptResourceHostnameContains = new Sysdig.SecureVulnerabilityAcceptRisk("acceptResourceHostnameContains", new()
{
Description = "Accept risk for all staging hosts",
ExpirationDate = "2025-01-02",
HostnameContains = "staging-",
Reason = "RiskMitigated",
Stages = new[] {},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sysdig.SecureVulnerabilityAcceptRisk;
import com.pulumi.sysdig.SecureVulnerabilityAcceptRiskArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var acceptResourceHostnameExact = new SecureVulnerabilityAcceptRisk("acceptResourceHostnameExact", SecureVulnerabilityAcceptRiskArgs.builder()
.description("Accept risk for production webserver")
.hostname("webserver-prod-01.mydomain.com")
.reason("RiskOwned")
.stages("runtime")
.build());
var acceptResourceHostnameContains = new SecureVulnerabilityAcceptRisk("acceptResourceHostnameContains", SecureVulnerabilityAcceptRiskArgs.builder()
.description("Accept risk for all staging hosts")
.expirationDate("2025-01-02")
.hostnameContains("staging-")
.reason("RiskMitigated")
.stages()
.build());
}
}
resources:
acceptResourceHostnameExact:
type: sysdig:SecureVulnerabilityAcceptRisk
properties:
description: Accept risk for production webserver
hostname: webserver-prod-01.mydomain.com
reason: RiskOwned
stages:
- runtime
acceptResourceHostnameContains:
type: sysdig:SecureVulnerabilityAcceptRisk
properties:
description: Accept risk for all staging hosts
expirationDate: 2025-01-02
hostnameContains: staging-
reason: RiskMitigated
stages: []
CVE Risk acceptance
import * as pulumi from "@pulumi/pulumi";
import * as sysdig from "@pulumi/sysdig";
const acceptResourceCveGlobally = new sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCveGlobally", {
cve: "CVE-2021-44228",
description: "Accept risk for CVE-2021-44228 globally",
expirationDate: "2025-01-02",
reason: "RiskMitigated",
stages: ["runtime"],
});
const acceptResourceCveImageExact = new sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCveImageExact", {
cve: "CVE-2022-1234",
description: "Accept risk for Python 3.9 image",
image: "docker.io/library/python:3.9",
reason: "RiskOwned",
stages: ["pipeline"],
});
const acceptResourceCveImagePrefix = new sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCveImagePrefix", {
cve: "CVE-2023-4567",
description: "Accept risk for all frontend image versions",
expirationDate: "2025-01-02",
image: "docker.io/company/frontend:*",
reason: "RiskAvoided",
stages: ["runtime"],
});
const acceptResourceCveImageSuffix = new sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCveImageSuffix", {
cve: "CVE-2020-5678",
description: "Accept risk for stable tag images",
expirationDate: "2025-01-02",
image: "*:stable",
reason: "RiskNotRelevant",
stages: [],
});
const acceptResourceCveImageContains = new sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCveImageContains", {
cve: "CVE-2019-7890",
description: "Accept risk for Go-based images",
expirationDate: "2025-01-02",
image: "*golang*",
reason: "Custom",
stages: ["pipeline"],
});
const acceptResourceCveHostnameExact = new sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCveHostnameExact", {
cve: "CVE-2022-8901",
description: "Accept risk for production API server",
expirationDate: "2025-01-02",
hostname: "api-prod-01.mydomain.com",
reason: "RiskTransferred",
stages: ["runtime"],
});
const acceptResourceCveHostnameContains = new sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCveHostnameContains", {
cve: "CVE-2021-5678",
description: "Accept risk for cache servers",
expirationDate: "2025-01-02",
hostnameContains: "cache",
reason: "RiskMitigated",
stages: [],
});
const acceptResourceCvePackage = new sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCvePackage", {
cve: "CVE-2018-12345",
description: "Accept risk for OpenSSL package",
expirationDate: "2025-01-02",
packageName: "openssl",
reason: "RiskOwned",
stages: [
"pipeline",
"runtime",
],
});
const acceptResourceCvePackageAndVersion = new sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCvePackageAndVersion", {
cve: "CVE-2017-6543",
description: "Accept risk for glibc 2.17 package",
expirationDate: "2025-01-02",
packageName: "glibc",
packageVersion: "2.17",
reason: "RiskAvoided",
stages: [],
});
import pulumi
import pulumi_sysdig as sysdig
accept_resource_cve_globally = sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCveGlobally",
cve="CVE-2021-44228",
description="Accept risk for CVE-2021-44228 globally",
expiration_date="2025-01-02",
reason="RiskMitigated",
stages=["runtime"])
accept_resource_cve_image_exact = sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCveImageExact",
cve="CVE-2022-1234",
description="Accept risk for Python 3.9 image",
image="docker.io/library/python:3.9",
reason="RiskOwned",
stages=["pipeline"])
accept_resource_cve_image_prefix = sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCveImagePrefix",
cve="CVE-2023-4567",
description="Accept risk for all frontend image versions",
expiration_date="2025-01-02",
image="docker.io/company/frontend:*",
reason="RiskAvoided",
stages=["runtime"])
accept_resource_cve_image_suffix = sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCveImageSuffix",
cve="CVE-2020-5678",
description="Accept risk for stable tag images",
expiration_date="2025-01-02",
image="*:stable",
reason="RiskNotRelevant",
stages=[])
accept_resource_cve_image_contains = sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCveImageContains",
cve="CVE-2019-7890",
description="Accept risk for Go-based images",
expiration_date="2025-01-02",
image="*golang*",
reason="Custom",
stages=["pipeline"])
accept_resource_cve_hostname_exact = sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCveHostnameExact",
cve="CVE-2022-8901",
description="Accept risk for production API server",
expiration_date="2025-01-02",
hostname="api-prod-01.mydomain.com",
reason="RiskTransferred",
stages=["runtime"])
accept_resource_cve_hostname_contains = sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCveHostnameContains",
cve="CVE-2021-5678",
description="Accept risk for cache servers",
expiration_date="2025-01-02",
hostname_contains="cache",
reason="RiskMitigated",
stages=[])
accept_resource_cve_package = sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCvePackage",
cve="CVE-2018-12345",
description="Accept risk for OpenSSL package",
expiration_date="2025-01-02",
package_name="openssl",
reason="RiskOwned",
stages=[
"pipeline",
"runtime",
])
accept_resource_cve_package_and_version = sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCvePackageAndVersion",
cve="CVE-2017-6543",
description="Accept risk for glibc 2.17 package",
expiration_date="2025-01-02",
package_name="glibc",
package_version="2.17",
reason="RiskAvoided",
stages=[])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/sysdig/sysdig"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sysdig.NewSecureVulnerabilityAcceptRisk(ctx, "acceptResourceCveGlobally", &sysdig.SecureVulnerabilityAcceptRiskArgs{
Cve: pulumi.String("CVE-2021-44228"),
Description: pulumi.String("Accept risk for CVE-2021-44228 globally"),
ExpirationDate: pulumi.String("2025-01-02"),
Reason: pulumi.String("RiskMitigated"),
Stages: pulumi.StringArray{
pulumi.String("runtime"),
},
})
if err != nil {
return err
}
_, err = sysdig.NewSecureVulnerabilityAcceptRisk(ctx, "acceptResourceCveImageExact", &sysdig.SecureVulnerabilityAcceptRiskArgs{
Cve: pulumi.String("CVE-2022-1234"),
Description: pulumi.String("Accept risk for Python 3.9 image"),
Image: pulumi.String("docker.io/library/python:3.9"),
Reason: pulumi.String("RiskOwned"),
Stages: pulumi.StringArray{
pulumi.String("pipeline"),
},
})
if err != nil {
return err
}
_, err = sysdig.NewSecureVulnerabilityAcceptRisk(ctx, "acceptResourceCveImagePrefix", &sysdig.SecureVulnerabilityAcceptRiskArgs{
Cve: pulumi.String("CVE-2023-4567"),
Description: pulumi.String("Accept risk for all frontend image versions"),
ExpirationDate: pulumi.String("2025-01-02"),
Image: pulumi.String("docker.io/company/frontend:*"),
Reason: pulumi.String("RiskAvoided"),
Stages: pulumi.StringArray{
pulumi.String("runtime"),
},
})
if err != nil {
return err
}
_, err = sysdig.NewSecureVulnerabilityAcceptRisk(ctx, "acceptResourceCveImageSuffix", &sysdig.SecureVulnerabilityAcceptRiskArgs{
Cve: pulumi.String("CVE-2020-5678"),
Description: pulumi.String("Accept risk for stable tag images"),
ExpirationDate: pulumi.String("2025-01-02"),
Image: pulumi.String("*:stable"),
Reason: pulumi.String("RiskNotRelevant"),
Stages: pulumi.StringArray{},
})
if err != nil {
return err
}
_, err = sysdig.NewSecureVulnerabilityAcceptRisk(ctx, "acceptResourceCveImageContains", &sysdig.SecureVulnerabilityAcceptRiskArgs{
Cve: pulumi.String("CVE-2019-7890"),
Description: pulumi.String("Accept risk for Go-based images"),
ExpirationDate: pulumi.String("2025-01-02"),
Image: pulumi.String("*golang*"),
Reason: pulumi.String("Custom"),
Stages: pulumi.StringArray{
pulumi.String("pipeline"),
},
})
if err != nil {
return err
}
_, err = sysdig.NewSecureVulnerabilityAcceptRisk(ctx, "acceptResourceCveHostnameExact", &sysdig.SecureVulnerabilityAcceptRiskArgs{
Cve: pulumi.String("CVE-2022-8901"),
Description: pulumi.String("Accept risk for production API server"),
ExpirationDate: pulumi.String("2025-01-02"),
Hostname: pulumi.String("api-prod-01.mydomain.com"),
Reason: pulumi.String("RiskTransferred"),
Stages: pulumi.StringArray{
pulumi.String("runtime"),
},
})
if err != nil {
return err
}
_, err = sysdig.NewSecureVulnerabilityAcceptRisk(ctx, "acceptResourceCveHostnameContains", &sysdig.SecureVulnerabilityAcceptRiskArgs{
Cve: pulumi.String("CVE-2021-5678"),
Description: pulumi.String("Accept risk for cache servers"),
ExpirationDate: pulumi.String("2025-01-02"),
HostnameContains: pulumi.String("cache"),
Reason: pulumi.String("RiskMitigated"),
Stages: pulumi.StringArray{},
})
if err != nil {
return err
}
_, err = sysdig.NewSecureVulnerabilityAcceptRisk(ctx, "acceptResourceCvePackage", &sysdig.SecureVulnerabilityAcceptRiskArgs{
Cve: pulumi.String("CVE-2018-12345"),
Description: pulumi.String("Accept risk for OpenSSL package"),
ExpirationDate: pulumi.String("2025-01-02"),
PackageName: pulumi.String("openssl"),
Reason: pulumi.String("RiskOwned"),
Stages: pulumi.StringArray{
pulumi.String("pipeline"),
pulumi.String("runtime"),
},
})
if err != nil {
return err
}
_, err = sysdig.NewSecureVulnerabilityAcceptRisk(ctx, "acceptResourceCvePackageAndVersion", &sysdig.SecureVulnerabilityAcceptRiskArgs{
Cve: pulumi.String("CVE-2017-6543"),
Description: pulumi.String("Accept risk for glibc 2.17 package"),
ExpirationDate: pulumi.String("2025-01-02"),
PackageName: pulumi.String("glibc"),
PackageVersion: pulumi.String("2.17"),
Reason: pulumi.String("RiskAvoided"),
Stages: pulumi.StringArray{},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sysdig = Pulumi.Sysdig;
return await Deployment.RunAsync(() =>
{
var acceptResourceCveGlobally = new Sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCveGlobally", new()
{
Cve = "CVE-2021-44228",
Description = "Accept risk for CVE-2021-44228 globally",
ExpirationDate = "2025-01-02",
Reason = "RiskMitigated",
Stages = new[]
{
"runtime",
},
});
var acceptResourceCveImageExact = new Sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCveImageExact", new()
{
Cve = "CVE-2022-1234",
Description = "Accept risk for Python 3.9 image",
Image = "docker.io/library/python:3.9",
Reason = "RiskOwned",
Stages = new[]
{
"pipeline",
},
});
var acceptResourceCveImagePrefix = new Sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCveImagePrefix", new()
{
Cve = "CVE-2023-4567",
Description = "Accept risk for all frontend image versions",
ExpirationDate = "2025-01-02",
Image = "docker.io/company/frontend:*",
Reason = "RiskAvoided",
Stages = new[]
{
"runtime",
},
});
var acceptResourceCveImageSuffix = new Sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCveImageSuffix", new()
{
Cve = "CVE-2020-5678",
Description = "Accept risk for stable tag images",
ExpirationDate = "2025-01-02",
Image = "*:stable",
Reason = "RiskNotRelevant",
Stages = new[] {},
});
var acceptResourceCveImageContains = new Sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCveImageContains", new()
{
Cve = "CVE-2019-7890",
Description = "Accept risk for Go-based images",
ExpirationDate = "2025-01-02",
Image = "*golang*",
Reason = "Custom",
Stages = new[]
{
"pipeline",
},
});
var acceptResourceCveHostnameExact = new Sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCveHostnameExact", new()
{
Cve = "CVE-2022-8901",
Description = "Accept risk for production API server",
ExpirationDate = "2025-01-02",
Hostname = "api-prod-01.mydomain.com",
Reason = "RiskTransferred",
Stages = new[]
{
"runtime",
},
});
var acceptResourceCveHostnameContains = new Sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCveHostnameContains", new()
{
Cve = "CVE-2021-5678",
Description = "Accept risk for cache servers",
ExpirationDate = "2025-01-02",
HostnameContains = "cache",
Reason = "RiskMitigated",
Stages = new[] {},
});
var acceptResourceCvePackage = new Sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCvePackage", new()
{
Cve = "CVE-2018-12345",
Description = "Accept risk for OpenSSL package",
ExpirationDate = "2025-01-02",
PackageName = "openssl",
Reason = "RiskOwned",
Stages = new[]
{
"pipeline",
"runtime",
},
});
var acceptResourceCvePackageAndVersion = new Sysdig.SecureVulnerabilityAcceptRisk("acceptResourceCvePackageAndVersion", new()
{
Cve = "CVE-2017-6543",
Description = "Accept risk for glibc 2.17 package",
ExpirationDate = "2025-01-02",
PackageName = "glibc",
PackageVersion = "2.17",
Reason = "RiskAvoided",
Stages = new[] {},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sysdig.SecureVulnerabilityAcceptRisk;
import com.pulumi.sysdig.SecureVulnerabilityAcceptRiskArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var acceptResourceCveGlobally = new SecureVulnerabilityAcceptRisk("acceptResourceCveGlobally", SecureVulnerabilityAcceptRiskArgs.builder()
.cve("CVE-2021-44228")
.description("Accept risk for CVE-2021-44228 globally")
.expirationDate("2025-01-02")
.reason("RiskMitigated")
.stages("runtime")
.build());
var acceptResourceCveImageExact = new SecureVulnerabilityAcceptRisk("acceptResourceCveImageExact", SecureVulnerabilityAcceptRiskArgs.builder()
.cve("CVE-2022-1234")
.description("Accept risk for Python 3.9 image")
.image("docker.io/library/python:3.9")
.reason("RiskOwned")
.stages("pipeline")
.build());
var acceptResourceCveImagePrefix = new SecureVulnerabilityAcceptRisk("acceptResourceCveImagePrefix", SecureVulnerabilityAcceptRiskArgs.builder()
.cve("CVE-2023-4567")
.description("Accept risk for all frontend image versions")
.expirationDate("2025-01-02")
.image("docker.io/company/frontend:*")
.reason("RiskAvoided")
.stages("runtime")
.build());
var acceptResourceCveImageSuffix = new SecureVulnerabilityAcceptRisk("acceptResourceCveImageSuffix", SecureVulnerabilityAcceptRiskArgs.builder()
.cve("CVE-2020-5678")
.description("Accept risk for stable tag images")
.expirationDate("2025-01-02")
.image("*:stable")
.reason("RiskNotRelevant")
.stages()
.build());
var acceptResourceCveImageContains = new SecureVulnerabilityAcceptRisk("acceptResourceCveImageContains", SecureVulnerabilityAcceptRiskArgs.builder()
.cve("CVE-2019-7890")
.description("Accept risk for Go-based images")
.expirationDate("2025-01-02")
.image("*golang*")
.reason("Custom")
.stages("pipeline")
.build());
var acceptResourceCveHostnameExact = new SecureVulnerabilityAcceptRisk("acceptResourceCveHostnameExact", SecureVulnerabilityAcceptRiskArgs.builder()
.cve("CVE-2022-8901")
.description("Accept risk for production API server")
.expirationDate("2025-01-02")
.hostname("api-prod-01.mydomain.com")
.reason("RiskTransferred")
.stages("runtime")
.build());
var acceptResourceCveHostnameContains = new SecureVulnerabilityAcceptRisk("acceptResourceCveHostnameContains", SecureVulnerabilityAcceptRiskArgs.builder()
.cve("CVE-2021-5678")
.description("Accept risk for cache servers")
.expirationDate("2025-01-02")
.hostnameContains("cache")
.reason("RiskMitigated")
.stages()
.build());
var acceptResourceCvePackage = new SecureVulnerabilityAcceptRisk("acceptResourceCvePackage", SecureVulnerabilityAcceptRiskArgs.builder()
.cve("CVE-2018-12345")
.description("Accept risk for OpenSSL package")
.expirationDate("2025-01-02")
.packageName("openssl")
.reason("RiskOwned")
.stages(
"pipeline",
"runtime")
.build());
var acceptResourceCvePackageAndVersion = new SecureVulnerabilityAcceptRisk("acceptResourceCvePackageAndVersion", SecureVulnerabilityAcceptRiskArgs.builder()
.cve("CVE-2017-6543")
.description("Accept risk for glibc 2.17 package")
.expirationDate("2025-01-02")
.packageName("glibc")
.packageVersion("2.17")
.reason("RiskAvoided")
.stages()
.build());
}
}
resources:
acceptResourceCveGlobally:
type: sysdig:SecureVulnerabilityAcceptRisk
properties:
cve: CVE-2021-44228
description: Accept risk for CVE-2021-44228 globally
expirationDate: 2025-01-02
reason: RiskMitigated
stages:
- runtime
acceptResourceCveImageExact:
type: sysdig:SecureVulnerabilityAcceptRisk
properties:
cve: CVE-2022-1234
description: Accept risk for Python 3.9 image
image: docker.io/library/python:3.9
reason: RiskOwned
stages:
- pipeline
acceptResourceCveImagePrefix:
type: sysdig:SecureVulnerabilityAcceptRisk
properties:
cve: CVE-2023-4567
description: Accept risk for all frontend image versions
expirationDate: 2025-01-02
image: docker.io/company/frontend:*
reason: RiskAvoided
stages:
- runtime
acceptResourceCveImageSuffix:
type: sysdig:SecureVulnerabilityAcceptRisk
properties:
cve: CVE-2020-5678
description: Accept risk for stable tag images
expirationDate: 2025-01-02
image: '*:stable'
reason: RiskNotRelevant
stages: []
acceptResourceCveImageContains:
type: sysdig:SecureVulnerabilityAcceptRisk
properties:
cve: CVE-2019-7890
description: Accept risk for Go-based images
expirationDate: 2025-01-02
image: '*golang*'
reason: Custom
stages:
- pipeline
acceptResourceCveHostnameExact:
type: sysdig:SecureVulnerabilityAcceptRisk
properties:
cve: CVE-2022-8901
description: Accept risk for production API server
expirationDate: 2025-01-02
hostname: api-prod-01.mydomain.com
reason: RiskTransferred
stages:
- runtime
acceptResourceCveHostnameContains:
type: sysdig:SecureVulnerabilityAcceptRisk
properties:
cve: CVE-2021-5678
description: Accept risk for cache servers
expirationDate: 2025-01-02
hostnameContains: cache
reason: RiskMitigated
stages: []
acceptResourceCvePackage:
type: sysdig:SecureVulnerabilityAcceptRisk
properties:
cve: CVE-2018-12345
description: Accept risk for OpenSSL package
expirationDate: 2025-01-02
packageName: openssl
reason: RiskOwned
stages:
- pipeline
- runtime
acceptResourceCvePackageAndVersion:
type: sysdig:SecureVulnerabilityAcceptRisk
properties:
cve: CVE-2017-6543
description: Accept risk for glibc 2.17 package
expirationDate: 2025-01-02
packageName: glibc
packageVersion: '2.17'
reason: RiskAvoided
stages: []
Rule risk acceptance
import * as pulumi from "@pulumi/pulumi";
import * as sysdig from "@pulumi/sysdig";
const acceptResourceRuleGlobally = new sysdig.SecureVulnerabilityAcceptRisk("acceptResourceRuleGlobally", {
description: "Accept risk for rule globally",
expirationDate: "2025-01-02",
reason: "Custom",
ruleId: "12345",
stages: [
"pipeline",
"runtime",
],
});
const acceptResourceRuleImageExact = new sysdig.SecureVulnerabilityAcceptRisk("acceptResourceRuleImageExact", {
description: "Accept risk for MySQL 8.0 image",
image: "docker.io/library/mysql:8.0",
reason: "RiskAvoided",
ruleId: "12345",
stages: ["pipeline"],
});
const acceptResourceRuleImagePrefix = new sysdig.SecureVulnerabilityAcceptRisk("acceptResourceRuleImagePrefix", {
description: "Accept risk for backend images",
expirationDate: "2025-01-02",
image: "docker.io/company/backend:*",
reason: "RiskMitigated",
ruleId: "12345",
stages: ["runtime"],
});
const acceptResourceRuleImageSuffix = new sysdig.SecureVulnerabilityAcceptRisk("acceptResourceRuleImageSuffix", {
description: "Accept risk for images tagged as 'latest'",
expirationDate: "2025-01-02",
image: "*:latest",
reason: "RiskOwned",
ruleId: "12345",
stages: [],
});
const acceptResourceRuleImageContains = new sysdig.SecureVulnerabilityAcceptRisk("acceptResourceRuleImageContains", {
description: "Accept risk for Redis images",
expirationDate: "2025-01-02",
image: "*redis*",
reason: "RiskNotRelevant",
ruleId: "12345",
stages: ["pipeline"],
});
const acceptResourceRuleHostnameExact = new sysdig.SecureVulnerabilityAcceptRisk("acceptResourceRuleHostnameExact", {
description: "Accept risk for production database host",
expirationDate: "2025-01-02",
hostname: "db-prod-01.mydomain.com",
reason: "RiskTransferred",
ruleId: "12345",
stages: ["runtime"],
});
const acceptResourceRuleHostnameContains = new sysdig.SecureVulnerabilityAcceptRisk("acceptResourceRuleHostnameContains", {
description: "Accept risk for worker nodes",
expirationDate: "2025-01-02",
hostnameContains: "worker",
reason: "Custom",
ruleId: "12345",
stages: [],
});
import pulumi
import pulumi_sysdig as sysdig
accept_resource_rule_globally = sysdig.SecureVulnerabilityAcceptRisk("acceptResourceRuleGlobally",
description="Accept risk for rule globally",
expiration_date="2025-01-02",
reason="Custom",
rule_id="12345",
stages=[
"pipeline",
"runtime",
])
accept_resource_rule_image_exact = sysdig.SecureVulnerabilityAcceptRisk("acceptResourceRuleImageExact",
description="Accept risk for MySQL 8.0 image",
image="docker.io/library/mysql:8.0",
reason="RiskAvoided",
rule_id="12345",
stages=["pipeline"])
accept_resource_rule_image_prefix = sysdig.SecureVulnerabilityAcceptRisk("acceptResourceRuleImagePrefix",
description="Accept risk for backend images",
expiration_date="2025-01-02",
image="docker.io/company/backend:*",
reason="RiskMitigated",
rule_id="12345",
stages=["runtime"])
accept_resource_rule_image_suffix = sysdig.SecureVulnerabilityAcceptRisk("acceptResourceRuleImageSuffix",
description="Accept risk for images tagged as 'latest'",
expiration_date="2025-01-02",
image="*:latest",
reason="RiskOwned",
rule_id="12345",
stages=[])
accept_resource_rule_image_contains = sysdig.SecureVulnerabilityAcceptRisk("acceptResourceRuleImageContains",
description="Accept risk for Redis images",
expiration_date="2025-01-02",
image="*redis*",
reason="RiskNotRelevant",
rule_id="12345",
stages=["pipeline"])
accept_resource_rule_hostname_exact = sysdig.SecureVulnerabilityAcceptRisk("acceptResourceRuleHostnameExact",
description="Accept risk for production database host",
expiration_date="2025-01-02",
hostname="db-prod-01.mydomain.com",
reason="RiskTransferred",
rule_id="12345",
stages=["runtime"])
accept_resource_rule_hostname_contains = sysdig.SecureVulnerabilityAcceptRisk("acceptResourceRuleHostnameContains",
description="Accept risk for worker nodes",
expiration_date="2025-01-02",
hostname_contains="worker",
reason="Custom",
rule_id="12345",
stages=[])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/sysdig/sysdig"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sysdig.NewSecureVulnerabilityAcceptRisk(ctx, "acceptResourceRuleGlobally", &sysdig.SecureVulnerabilityAcceptRiskArgs{
Description: pulumi.String("Accept risk for rule globally"),
ExpirationDate: pulumi.String("2025-01-02"),
Reason: pulumi.String("Custom"),
RuleId: pulumi.String("12345"),
Stages: pulumi.StringArray{
pulumi.String("pipeline"),
pulumi.String("runtime"),
},
})
if err != nil {
return err
}
_, err = sysdig.NewSecureVulnerabilityAcceptRisk(ctx, "acceptResourceRuleImageExact", &sysdig.SecureVulnerabilityAcceptRiskArgs{
Description: pulumi.String("Accept risk for MySQL 8.0 image"),
Image: pulumi.String("docker.io/library/mysql:8.0"),
Reason: pulumi.String("RiskAvoided"),
RuleId: pulumi.String("12345"),
Stages: pulumi.StringArray{
pulumi.String("pipeline"),
},
})
if err != nil {
return err
}
_, err = sysdig.NewSecureVulnerabilityAcceptRisk(ctx, "acceptResourceRuleImagePrefix", &sysdig.SecureVulnerabilityAcceptRiskArgs{
Description: pulumi.String("Accept risk for backend images"),
ExpirationDate: pulumi.String("2025-01-02"),
Image: pulumi.String("docker.io/company/backend:*"),
Reason: pulumi.String("RiskMitigated"),
RuleId: pulumi.String("12345"),
Stages: pulumi.StringArray{
pulumi.String("runtime"),
},
})
if err != nil {
return err
}
_, err = sysdig.NewSecureVulnerabilityAcceptRisk(ctx, "acceptResourceRuleImageSuffix", &sysdig.SecureVulnerabilityAcceptRiskArgs{
Description: pulumi.String("Accept risk for images tagged as 'latest'"),
ExpirationDate: pulumi.String("2025-01-02"),
Image: pulumi.String("*:latest"),
Reason: pulumi.String("RiskOwned"),
RuleId: pulumi.String("12345"),
Stages: pulumi.StringArray{},
})
if err != nil {
return err
}
_, err = sysdig.NewSecureVulnerabilityAcceptRisk(ctx, "acceptResourceRuleImageContains", &sysdig.SecureVulnerabilityAcceptRiskArgs{
Description: pulumi.String("Accept risk for Redis images"),
ExpirationDate: pulumi.String("2025-01-02"),
Image: pulumi.String("*redis*"),
Reason: pulumi.String("RiskNotRelevant"),
RuleId: pulumi.String("12345"),
Stages: pulumi.StringArray{
pulumi.String("pipeline"),
},
})
if err != nil {
return err
}
_, err = sysdig.NewSecureVulnerabilityAcceptRisk(ctx, "acceptResourceRuleHostnameExact", &sysdig.SecureVulnerabilityAcceptRiskArgs{
Description: pulumi.String("Accept risk for production database host"),
ExpirationDate: pulumi.String("2025-01-02"),
Hostname: pulumi.String("db-prod-01.mydomain.com"),
Reason: pulumi.String("RiskTransferred"),
RuleId: pulumi.String("12345"),
Stages: pulumi.StringArray{
pulumi.String("runtime"),
},
})
if err != nil {
return err
}
_, err = sysdig.NewSecureVulnerabilityAcceptRisk(ctx, "acceptResourceRuleHostnameContains", &sysdig.SecureVulnerabilityAcceptRiskArgs{
Description: pulumi.String("Accept risk for worker nodes"),
ExpirationDate: pulumi.String("2025-01-02"),
HostnameContains: pulumi.String("worker"),
Reason: pulumi.String("Custom"),
RuleId: pulumi.String("12345"),
Stages: pulumi.StringArray{},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sysdig = Pulumi.Sysdig;
return await Deployment.RunAsync(() =>
{
var acceptResourceRuleGlobally = new Sysdig.SecureVulnerabilityAcceptRisk("acceptResourceRuleGlobally", new()
{
Description = "Accept risk for rule globally",
ExpirationDate = "2025-01-02",
Reason = "Custom",
RuleId = "12345",
Stages = new[]
{
"pipeline",
"runtime",
},
});
var acceptResourceRuleImageExact = new Sysdig.SecureVulnerabilityAcceptRisk("acceptResourceRuleImageExact", new()
{
Description = "Accept risk for MySQL 8.0 image",
Image = "docker.io/library/mysql:8.0",
Reason = "RiskAvoided",
RuleId = "12345",
Stages = new[]
{
"pipeline",
},
});
var acceptResourceRuleImagePrefix = new Sysdig.SecureVulnerabilityAcceptRisk("acceptResourceRuleImagePrefix", new()
{
Description = "Accept risk for backend images",
ExpirationDate = "2025-01-02",
Image = "docker.io/company/backend:*",
Reason = "RiskMitigated",
RuleId = "12345",
Stages = new[]
{
"runtime",
},
});
var acceptResourceRuleImageSuffix = new Sysdig.SecureVulnerabilityAcceptRisk("acceptResourceRuleImageSuffix", new()
{
Description = "Accept risk for images tagged as 'latest'",
ExpirationDate = "2025-01-02",
Image = "*:latest",
Reason = "RiskOwned",
RuleId = "12345",
Stages = new[] {},
});
var acceptResourceRuleImageContains = new Sysdig.SecureVulnerabilityAcceptRisk("acceptResourceRuleImageContains", new()
{
Description = "Accept risk for Redis images",
ExpirationDate = "2025-01-02",
Image = "*redis*",
Reason = "RiskNotRelevant",
RuleId = "12345",
Stages = new[]
{
"pipeline",
},
});
var acceptResourceRuleHostnameExact = new Sysdig.SecureVulnerabilityAcceptRisk("acceptResourceRuleHostnameExact", new()
{
Description = "Accept risk for production database host",
ExpirationDate = "2025-01-02",
Hostname = "db-prod-01.mydomain.com",
Reason = "RiskTransferred",
RuleId = "12345",
Stages = new[]
{
"runtime",
},
});
var acceptResourceRuleHostnameContains = new Sysdig.SecureVulnerabilityAcceptRisk("acceptResourceRuleHostnameContains", new()
{
Description = "Accept risk for worker nodes",
ExpirationDate = "2025-01-02",
HostnameContains = "worker",
Reason = "Custom",
RuleId = "12345",
Stages = new[] {},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sysdig.SecureVulnerabilityAcceptRisk;
import com.pulumi.sysdig.SecureVulnerabilityAcceptRiskArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var acceptResourceRuleGlobally = new SecureVulnerabilityAcceptRisk("acceptResourceRuleGlobally", SecureVulnerabilityAcceptRiskArgs.builder()
.description("Accept risk for rule globally")
.expirationDate("2025-01-02")
.reason("Custom")
.ruleId(12345)
.stages(
"pipeline",
"runtime")
.build());
var acceptResourceRuleImageExact = new SecureVulnerabilityAcceptRisk("acceptResourceRuleImageExact", SecureVulnerabilityAcceptRiskArgs.builder()
.description("Accept risk for MySQL 8.0 image")
.image("docker.io/library/mysql:8.0")
.reason("RiskAvoided")
.ruleId(12345)
.stages("pipeline")
.build());
var acceptResourceRuleImagePrefix = new SecureVulnerabilityAcceptRisk("acceptResourceRuleImagePrefix", SecureVulnerabilityAcceptRiskArgs.builder()
.description("Accept risk for backend images")
.expirationDate("2025-01-02")
.image("docker.io/company/backend:*")
.reason("RiskMitigated")
.ruleId(12345)
.stages("runtime")
.build());
var acceptResourceRuleImageSuffix = new SecureVulnerabilityAcceptRisk("acceptResourceRuleImageSuffix", SecureVulnerabilityAcceptRiskArgs.builder()
.description("Accept risk for images tagged as 'latest'")
.expirationDate("2025-01-02")
.image("*:latest")
.reason("RiskOwned")
.ruleId(12345)
.stages()
.build());
var acceptResourceRuleImageContains = new SecureVulnerabilityAcceptRisk("acceptResourceRuleImageContains", SecureVulnerabilityAcceptRiskArgs.builder()
.description("Accept risk for Redis images")
.expirationDate("2025-01-02")
.image("*redis*")
.reason("RiskNotRelevant")
.ruleId(12345)
.stages("pipeline")
.build());
var acceptResourceRuleHostnameExact = new SecureVulnerabilityAcceptRisk("acceptResourceRuleHostnameExact", SecureVulnerabilityAcceptRiskArgs.builder()
.description("Accept risk for production database host")
.expirationDate("2025-01-02")
.hostname("db-prod-01.mydomain.com")
.reason("RiskTransferred")
.ruleId(12345)
.stages("runtime")
.build());
var acceptResourceRuleHostnameContains = new SecureVulnerabilityAcceptRisk("acceptResourceRuleHostnameContains", SecureVulnerabilityAcceptRiskArgs.builder()
.description("Accept risk for worker nodes")
.expirationDate("2025-01-02")
.hostnameContains("worker")
.reason("Custom")
.ruleId(12345)
.stages()
.build());
}
}
resources:
acceptResourceRuleGlobally:
type: sysdig:SecureVulnerabilityAcceptRisk
properties:
description: Accept risk for rule globally
expirationDate: 2025-01-02
reason: Custom
ruleId: 12345
stages:
- pipeline
- runtime
acceptResourceRuleImageExact:
type: sysdig:SecureVulnerabilityAcceptRisk
properties:
description: Accept risk for MySQL 8.0 image
image: docker.io/library/mysql:8.0
reason: RiskAvoided
ruleId: 12345
stages:
- pipeline
acceptResourceRuleImagePrefix:
type: sysdig:SecureVulnerabilityAcceptRisk
properties:
description: Accept risk for backend images
expirationDate: 2025-01-02
image: docker.io/company/backend:*
reason: RiskMitigated
ruleId: 12345
stages:
- runtime
acceptResourceRuleImageSuffix:
type: sysdig:SecureVulnerabilityAcceptRisk
properties:
description: Accept risk for images tagged as 'latest'
expirationDate: 2025-01-02
image: '*:latest'
reason: RiskOwned
ruleId: 12345
stages: []
acceptResourceRuleImageContains:
type: sysdig:SecureVulnerabilityAcceptRisk
properties:
description: Accept risk for Redis images
expirationDate: 2025-01-02
image: '*redis*'
reason: RiskNotRelevant
ruleId: 12345
stages:
- pipeline
acceptResourceRuleHostnameExact:
type: sysdig:SecureVulnerabilityAcceptRisk
properties:
description: Accept risk for production database host
expirationDate: 2025-01-02
hostname: db-prod-01.mydomain.com
reason: RiskTransferred
ruleId: 12345
stages:
- runtime
acceptResourceRuleHostnameContains:
type: sysdig:SecureVulnerabilityAcceptRisk
properties:
description: Accept risk for worker nodes
expirationDate: 2025-01-02
hostnameContains: worker
reason: Custom
ruleId: 12345
stages: []
Create SecureVulnerabilityAcceptRisk Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecureVulnerabilityAcceptRisk(name: string, args: SecureVulnerabilityAcceptRiskArgs, opts?: CustomResourceOptions);@overload
def SecureVulnerabilityAcceptRisk(resource_name: str,
args: SecureVulnerabilityAcceptRiskArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SecureVulnerabilityAcceptRisk(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
reason: Optional[str] = None,
cve: Optional[str] = None,
expiration_date: Optional[str] = None,
hostname: Optional[str] = None,
hostname_contains: Optional[str] = None,
image: Optional[str] = None,
package_name: Optional[str] = None,
package_version: Optional[str] = None,
rule_id: Optional[str] = None,
secure_vulnerability_accept_risk_id: Optional[str] = None,
stages: Optional[Sequence[str]] = None)func NewSecureVulnerabilityAcceptRisk(ctx *Context, name string, args SecureVulnerabilityAcceptRiskArgs, opts ...ResourceOption) (*SecureVulnerabilityAcceptRisk, error)public SecureVulnerabilityAcceptRisk(string name, SecureVulnerabilityAcceptRiskArgs args, CustomResourceOptions? opts = null)
public SecureVulnerabilityAcceptRisk(String name, SecureVulnerabilityAcceptRiskArgs args)
public SecureVulnerabilityAcceptRisk(String name, SecureVulnerabilityAcceptRiskArgs args, CustomResourceOptions options)
type: sysdig:SecureVulnerabilityAcceptRisk
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecureVulnerabilityAcceptRiskArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecureVulnerabilityAcceptRiskArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecureVulnerabilityAcceptRiskArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecureVulnerabilityAcceptRiskArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecureVulnerabilityAcceptRiskArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var secureVulnerabilityAcceptRiskResource = new Sysdig.SecureVulnerabilityAcceptRisk("secureVulnerabilityAcceptRiskResource", new()
{
Description = "string",
Reason = "string",
Cve = "string",
ExpirationDate = "string",
Hostname = "string",
HostnameContains = "string",
Image = "string",
PackageName = "string",
PackageVersion = "string",
RuleId = "string",
SecureVulnerabilityAcceptRiskId = "string",
Stages = new[]
{
"string",
},
});
example, err := sysdig.NewSecureVulnerabilityAcceptRisk(ctx, "secureVulnerabilityAcceptRiskResource", &sysdig.SecureVulnerabilityAcceptRiskArgs{
Description: pulumi.String("string"),
Reason: pulumi.String("string"),
Cve: pulumi.String("string"),
ExpirationDate: pulumi.String("string"),
Hostname: pulumi.String("string"),
HostnameContains: pulumi.String("string"),
Image: pulumi.String("string"),
PackageName: pulumi.String("string"),
PackageVersion: pulumi.String("string"),
RuleId: pulumi.String("string"),
SecureVulnerabilityAcceptRiskId: pulumi.String("string"),
Stages: pulumi.StringArray{
pulumi.String("string"),
},
})
var secureVulnerabilityAcceptRiskResource = new SecureVulnerabilityAcceptRisk("secureVulnerabilityAcceptRiskResource", SecureVulnerabilityAcceptRiskArgs.builder()
.description("string")
.reason("string")
.cve("string")
.expirationDate("string")
.hostname("string")
.hostnameContains("string")
.image("string")
.packageName("string")
.packageVersion("string")
.ruleId("string")
.secureVulnerabilityAcceptRiskId("string")
.stages("string")
.build());
secure_vulnerability_accept_risk_resource = sysdig.SecureVulnerabilityAcceptRisk("secureVulnerabilityAcceptRiskResource",
description="string",
reason="string",
cve="string",
expiration_date="string",
hostname="string",
hostname_contains="string",
image="string",
package_name="string",
package_version="string",
rule_id="string",
secure_vulnerability_accept_risk_id="string",
stages=["string"])
const secureVulnerabilityAcceptRiskResource = new sysdig.SecureVulnerabilityAcceptRisk("secureVulnerabilityAcceptRiskResource", {
description: "string",
reason: "string",
cve: "string",
expirationDate: "string",
hostname: "string",
hostnameContains: "string",
image: "string",
packageName: "string",
packageVersion: "string",
ruleId: "string",
secureVulnerabilityAcceptRiskId: "string",
stages: ["string"],
});
type: sysdig:SecureVulnerabilityAcceptRisk
properties:
cve: string
description: string
expirationDate: string
hostname: string
hostnameContains: string
image: string
packageName: string
packageVersion: string
reason: string
ruleId: string
secureVulnerabilityAcceptRiskId: string
stages:
- string
SecureVulnerabilityAcceptRisk Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SecureVulnerabilityAcceptRisk resource accepts the following input properties:
- Description string
- Reason string
- Cve string
- Expiration
Date string - Hostname string
- Hostname
Contains string - Image string
- Package
Name string - Package
Version string - Rule
Id string - Secure
Vulnerability stringAccept Risk Id - (Computed) The ID of the Accept Risk.
- Stages List<string>
- Description string
- Reason string
- Cve string
- Expiration
Date string - Hostname string
- Hostname
Contains string - Image string
- Package
Name string - Package
Version string - Rule
Id string - Secure
Vulnerability stringAccept Risk Id - (Computed) The ID of the Accept Risk.
- Stages []string
- description String
- reason String
- cve String
- expiration
Date String - hostname String
- hostname
Contains String - image String
- package
Name String - package
Version String - rule
Id String - secure
Vulnerability StringAccept Risk Id - (Computed) The ID of the Accept Risk.
- stages List<String>
- description string
- reason string
- cve string
- expiration
Date string - hostname string
- hostname
Contains string - image string
- package
Name string - package
Version string - rule
Id string - secure
Vulnerability stringAccept Risk Id - (Computed) The ID of the Accept Risk.
- stages string[]
- description str
- reason str
- cve str
- expiration_
date str - hostname str
- hostname_
contains str - image str
- package_
name str - package_
version str - rule_
id str - secure_
vulnerability_ straccept_ risk_ id - (Computed) The ID of the Accept Risk.
- stages Sequence[str]
- description String
- reason String
- cve String
- expiration
Date String - hostname String
- hostname
Contains String - image String
- package
Name String - package
Version String - rule
Id String - secure
Vulnerability StringAccept Risk Id - (Computed) The ID of the Accept Risk.
- stages List<String>
Outputs
All input properties are implicitly available as output properties. Additionally, the SecureVulnerabilityAcceptRisk resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing SecureVulnerabilityAcceptRisk Resource
Get an existing SecureVulnerabilityAcceptRisk resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecureVulnerabilityAcceptRiskState, opts?: CustomResourceOptions): SecureVulnerabilityAcceptRisk@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
cve: Optional[str] = None,
description: Optional[str] = None,
expiration_date: Optional[str] = None,
hostname: Optional[str] = None,
hostname_contains: Optional[str] = None,
image: Optional[str] = None,
package_name: Optional[str] = None,
package_version: Optional[str] = None,
reason: Optional[str] = None,
rule_id: Optional[str] = None,
secure_vulnerability_accept_risk_id: Optional[str] = None,
stages: Optional[Sequence[str]] = None) -> SecureVulnerabilityAcceptRiskfunc GetSecureVulnerabilityAcceptRisk(ctx *Context, name string, id IDInput, state *SecureVulnerabilityAcceptRiskState, opts ...ResourceOption) (*SecureVulnerabilityAcceptRisk, error)public static SecureVulnerabilityAcceptRisk Get(string name, Input<string> id, SecureVulnerabilityAcceptRiskState? state, CustomResourceOptions? opts = null)public static SecureVulnerabilityAcceptRisk get(String name, Output<String> id, SecureVulnerabilityAcceptRiskState state, CustomResourceOptions options)resources: _: type: sysdig:SecureVulnerabilityAcceptRisk get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Cve string
- Description string
- Expiration
Date string - Hostname string
- Hostname
Contains string - Image string
- Package
Name string - Package
Version string - Reason string
- Rule
Id string - Secure
Vulnerability stringAccept Risk Id - (Computed) The ID of the Accept Risk.
- Stages List<string>
- Cve string
- Description string
- Expiration
Date string - Hostname string
- Hostname
Contains string - Image string
- Package
Name string - Package
Version string - Reason string
- Rule
Id string - Secure
Vulnerability stringAccept Risk Id - (Computed) The ID of the Accept Risk.
- Stages []string
- cve String
- description String
- expiration
Date String - hostname String
- hostname
Contains String - image String
- package
Name String - package
Version String - reason String
- rule
Id String - secure
Vulnerability StringAccept Risk Id - (Computed) The ID of the Accept Risk.
- stages List<String>
- cve string
- description string
- expiration
Date string - hostname string
- hostname
Contains string - image string
- package
Name string - package
Version string - reason string
- rule
Id string - secure
Vulnerability stringAccept Risk Id - (Computed) The ID of the Accept Risk.
- stages string[]
- cve str
- description str
- expiration_
date str - hostname str
- hostname_
contains str - image str
- package_
name str - package_
version str - reason str
- rule_
id str - secure_
vulnerability_ straccept_ risk_ id - (Computed) The ID of the Accept Risk.
- stages Sequence[str]
- cve String
- description String
- expiration
Date String - hostname String
- hostname
Contains String - image String
- package
Name String - package
Version String - reason String
- rule
Id String - secure
Vulnerability StringAccept Risk Id - (Computed) The ID of the Accept Risk.
- stages List<String>
Import
The vulnerability accept risk can be imported using the ID, e.g.
$ pulumi import sysdig:index/secureVulnerabilityAcceptRisk:SecureVulnerabilityAcceptRisk example 12345
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- sysdig sysdiglabs/terraform-provider-sysdig
- License
- Notes
- This Pulumi package is based on the
sysdigTerraform Provider.
sysdig 1.53.0 published on Thursday, Apr 17, 2025 by sysdiglabs