Posture Control (ZPC)

Supported IaC Templates and Functions

The Zscaler IaC Scan tool can scan various types of IaC templates and parse specific functions for each template type.

Supported Templates

The Zscaler IaC Scan supports the following IaC templates and versions:

AWS Cloud Formation (JSON, YAML): All versions
Kubernetes: All versions
Azure Resource Manager (ARM): All versions

ZPC provides support for linked templates. If an ARM template is linked to a remote template, then ZPC downloads the remote template, performs the scan on the remote template, and also reports violations that are detected in the linked templates. To learn more about linked and nested templates, see the Microsoft Azure documentation.

Helm: Version 3 and above
Terraform: Version 0.14 and above
Terraform Plan: Versions 0.x and 1.x

Terraform Plan supports all CI/CD Pipelines, except for Jenkins in Pipeline mode only. Also, some alert properties are not captured for Terraform Plan templates. To learn more, see About Alerts.

Supported Functions

The Zscaler IaC Scan supports various functions for the following templates:

CloudFormation Template
- Fn::And
- Fn::Base64
- Fn::Equals
- Fn::FindInMap
- Fn::GetAZs
- Fn::If
- Fn::Join
- Fn::Not
- Fn::Or
- Fn::Select
- Fn::Split
- Fn::Sub
- Ref
Close
Terraform Template
- Collection Functions
  - alltrue
  - anytrue
  - chunklist
  - coalesce
  - coalescelist
  - compact
  - concat
  - contains
  - contains
  - distinct
  - element
  - flatten
  - index
  - keys
  - length
  - lookup
  - merge
  - one
  - range
  - reverse
  - setintersection
  - setproduct
  - setsubtract
  - setunion
  - slice
  - sort
  - sum
  - transpose
  - values
  - zipmap
  Close
- Date Function
  
  Formatdate
  Close
- Encoding Functions
  - base64decode
  - base64encode
  - csvdecode
  - jsondecode
  - jsonencode
  - textdecodebase64
  - textencodebase64
  - urlencode
  - yamldecode
  - yamlencode
  Close
- File System Functions
  - abspath
  - dirname
  - pathexpand
  - basename
  - file
  - fileexists
  - fileset
  - filebase64
  - templatefile
  Close
- Hash and Crypto Functions
  - base64sha256
  - base64sha512
  - bcrypt
  - md5
  - rsadecrypt
  - sha1
  - sha256
  - sha512
  - uuid
  - uuidv5
  Close
- IP Network Functions
  - cidrhost
  - cidrnetmask
  - cidrsubnet
  - cidrsubnets
  Close
- Numeric Functions
  - abs
  - ceil
  - floor
  - log
  - max
  - min
  - parseint
  - pow
  - signum
  Close
- String Functions
  - chomp
  - format
  - formatlist
  - indent
  - join
  - lower
  - regex
  - regexall
  - replace
  - split
  - strrev
  - substr
  - title
  - trim
  - trimprefix
  - trimspace
  - trimsuffix
  - upper
  Close
- Time Functions
  - Timeadd
  - Timestamp
  Close
- Type Conversion Functions
  - tobool
  - tolist
  - tomap
  - tomap
  - tonumber
  - toset
  - tostring
  Close
Close
ARM Template
- Array Functions
  - concat
  - contains
  Close
- Comparison Functions
  - equals
  - less
  - lessOrEquals
  - greater
  - greaterOrEquals
  Close
- Date Functions
  - dateTimeAdd
  - dateTimeFromEpoch
  - dateTimeToEpoch
  - utcNow
  Close
- Logical Functions
  - and
  - bool
  - false
  - if
  - not
  - or
  - true
  Close
- Numeric Functions
  - float
  - int
  - max
  - min
  - mod
  - mul
  - sub
  Close
- Object Functions
  - contains
  - length
  Close
- String Functions
  - base64
  - base64ToString
  - format
  - guid
  - newGuid
  - length
  - concat
  - contains
  - split
  - toLower
  - trim
  - uniqueString
  - uri
  - uriComponent
  - uriComponentToString
  Close
Close

Posture Control (ZPC)

Supported IaC Templates and Functions

Supported Templates

Supported Functions

Was this article helpful? Click an icon below to submit feedback.

Related Articles