NAME

gcloud alpha web-security-scanner scan-configs update - update a Web Security Scanner ScanConfig

SYNOPSIS

gcloud alpha web-security-scanner scan-configs update SCAN_CONFIG [--blacklist-patterns=[BLACKLIST_PATTERNS,...]] [--display-name=DISPLAY_NAME] [--no-export-to-security-center] [--max-qps=MAX_QPS] [--risk-level=RISK_LEVEL; default="normal"] [--schedule-interval-days=SCHEDULE_INTERVAL_DAYS] [--schedule-next-start=SCHEDULE_NEXT_START] [--starting-urls=[STARTING_URLS,...]] [--target-platforms=[TARGET_PLATFORMS,...]; default="app_engine,compute"] [--user-agent=USER_AGENT] [--auth-password=AUTH_PASSWORD --auth-type=AUTH_TYPE --auth-url=AUTH_URL --auth-user=AUTH_USER] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

(ALPHA) Updates a Web Security Scanner ScanConfig.

EXAMPLES

The following commands update the attributes of the specified scan config:

$ gcloud alpha web-security-scanner scan-configs update \ SCAN_CONFIG --user-agent=CHROME_ANDROID

$ gcloud alpha web-security-scanner scan-configs update \ SCAN_CONFIG --auth-type=google --auth-user=username@gmail.com \ --auth-password=password

$ gcloud alpha web-security-scanner scan-configs update \ SCAN_CONFIG --auth-type=custom --auth-user=username \ --auth-password=password --auth-url=http://example.com/login

POSITIONAL ARGUMENTS

Scan config resource - Scan config to update. This represents a Cloud resource.

(NOTE) Some attributes are not given arguments in this group but can be set in other ways. To set the project attribute:

provide the argument scan_config on the command line with a fully specified name;

set the property core/project;

provide the argument --project on the command line.

This must be specified.

SCAN_CONFIG

ID of the scan config or fully qualified identifier for the scan config. To set the scan_config attribute:

  • provide the argument scan_config on the command line.

FLAGS

--blacklist-patterns=[BLACKLIST_PATTERNS,...]

List of blacklist URL patterns as described online: https://cloud.google.com/security-scanner/docs/excluded-urls

--display-name=DISPLAY_NAME

A human-readable name for the scan config.

--export-to-security-center

If True, the scanner will export scan results to Cloud Security Command Center. Defaults to true. Enabled by default, use --no-export-to-security-center to disable.

--max-qps=MAX_QPS

Maximum queries per second (QPS) of the scanners. Defaults to 15, with a maximum of 20.

--risk-level=RISK_LEVEL; default="normal"

The risk level selected for the scan. Defaults to normal scanning. RISK_LEVEL must be one of: low, normal.

--schedule-interval-days=SCHEDULE_INTERVAL_DAYS

How frequently the scan should be run automatically (in days). If not set, there is no automatic scheduling of this scan.

--schedule-next-start=SCHEDULE_NEXT_START

When the next automatic scheduled scan should start. Requires --schedule-interval-days to be set. See $ gcloud topic datetimes for information on time formats.

--starting-urls=[STARTING_URLS,...]

URLs the scan starts scanning from. These URLs must be 'owned' by the project in some way (resolve to a reserved IP address, or be the default https://<PROJECT-ID>.<REGION-ID>.r.appspot.com).

--target-platforms=[TARGET_PLATFORMS,...]; default="app_engine,compute"

List of platforms the site is running on. Defaults to 'app_engine,compute'. TARGET_PLATFORMS must be one of: app-engine, cloud-functions, cloud-run, compute, target-platform-unspecified.

--user-agent=USER_AGENT

List of user agents to use when crawling. Defaults to 'chrome_linux'. USER_AGENT must be one of: chrome-android, chrome-linux, safari-iphone, user-agent-unspecified.

--auth-password=AUTH_PASSWORD

Password for the test user. Required if --auth-type is not 'none'.

--auth-type=AUTH_TYPE

Type of authentication to use. AUTH_TYPE must be one of:

custom

Authentication with a custom account.

google

Authentication with a Google account.

none

Disables Authentication.

--auth-url=AUTH_URL

URL of the login page for your site. Required if --auth-type is 'custom'. Otherwise, it should not be set.

--auth-user=AUTH_USER

The test user to log in as. Required if --auth-type is not 'none'. 'google' login requires a full email address. Cannot be your own account.

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

API REFERENCE

This command uses the websecurityscanner/v1beta API. The full documentation for this API can be found at: https://cloud.google.com/security-command-center/docs/concepts-web-security-scanner-overview/

NOTES

This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist.