Does this tool connect to my OCI account?

No. This tool runs entirely in your browser and generates configuration JSON that you can copy and paste into your infrastructure-as-code templates, CLI commands, or cloud console. It never connects to any cloud account or sends data externally.

Are the generated configurations production-ready?

The tool produces syntactically valid configurations based on current OCI service specifications. Always review generated configs against your organization security policies and test in a non-production environment before deploying.

OCI Scanning Config Builder

IAM & SecurityOCI

Build VSS vulnerability scanning configurations for host, port, and container image scans.

Last verified: May 2026

OCI Vulnerability Scanning Configuration

Build VSS vulnerability scanning configurations for host, port, and container image scans.

Required Fields

compartmentIddisplayNamescanRecipe.scanTypescanTargets

{
  "compartmentId": "ocid1.compartment.oc1..aaaaaaaexample",
  "displayName": "prod-vulnerability-scan",
  "description": "Weekly vulnerability scanning for production compute instances",
  "scanRecipe": {
    "scanType": "HOST",
    "portScanLevel": "STANDARD",
    "agentConfiguration": {
      "vendor": "OCI",
      "cisLevel": "STRICT",
      "shouldRunBenchmarks": true
    },
    "applicationScanSettings": {
      "isEnabled": true,
      "folders": ["/opt/app", "/var/www"],
      "scanLevel": "STANDARD"
    },
    "schedule": {
      "type": "WEEKLY",
      "dayOfWeek": "SUNDAY",
      "timeOfDay": "02:00"
    }
  },
  "scanTargets": [
    {
      "displayName": "prod-web-servers",
      "targetCompartmentId": "ocid1.compartment.oc1..aaaaaaaexample-prod",
      "instanceIds": [
        "ocid1.instance.oc1.iad.aaaaaaaexample1",
        "ocid1.instance.oc1.iad.aaaaaaaexample2"
      ]
    },
    {
      "displayName": "prod-app-servers",
      "targetCompartmentId": "ocid1.compartment.oc1..aaaaaaaexample-prod",
      "instanceIds": [
        "ocid1.instance.oc1.iad.aaaaaaaexample3"
      ]
    }
  ],
  "containerScanRecipe": {
    "scanType": "CONTAINER_IMAGE",
    "imageScanSettings": {
      "scanLevel": "STANDARD",
      "shouldScanOnPush": true
    },
    "registryId": "ocid1.containerrepo.oc1.iad.aaaaaaaexample",
    "repositories": ["prod-app", "prod-api"]
  },
  "freeformTags": {
    "compliance": "pci-dss",
    "team": "security"
  }
}

Generated Output

Output will appear here...

About This Tool

Build VSS vulnerability scanning configurations for host, port, and container image scans. This tool helps OCI engineers generate valid configurations quickly without consulting documentation, reducing errors and accelerating infrastructure deployment. All processing runs in your browser with no data sent to external servers.

Real-World Scenario

Your security team needs continuous vulnerability detection across the OCI fleet. The builder generates: host scan recipe (CVE detection on installed packages), port scan recipe (TCP+UDP, all common ports), schedule weekly scans on all production compartments, results forward to Cloud Guard. Within the first scan cycle, the team discovers 3 VMs with unpatched OpenSSL vulnerabilities (CVE-XXXX) and 2 VMs with unintentionally exposed databases. Patches deployed within 24 hours; without VSS, these would have been undetected until exploited.

When to Use This Tool

•Generating oci scanning configurations for new infrastructure deployments.
•Validating existing configurations against best practices before applying changes.
•Learning OCI service configuration patterns through interactive examples.
•Accelerating infrastructure-as-code development by producing correct JSON/YAML starting points.

Pro Tips

TIP

OCI VSS host scanning is FREE for OCI Compute instances — a major cost advantage over AWS Inspector ($0.09/scan). Enable host scanning on every production VM with no cost concern; Vulnerabilities are reported into Cloud Guard for centralized risk management.

TIP

Container image scanning catches vulnerabilities BEFORE deployment. Configure scanning on Container Registry repositories so every new image is automatically scanned. Combine with Binary Authorization to prevent deploying images with critical vulnerabilities.

TIP

Port scanning identifies unintended exposed services. Run weekly port scans across your VCN; the report surfaces 'this VM has 3306 open to the internet' findings that often slip past security reviews. The cost is negligible; the security value is enormous.

How It Works Under the Hood

The builder constructs OCI VSS scanning configurations: scan recipes (host scan recipe with vulnerability database, port scan recipe with port range and protocol selection, agent-based vs agentless scanning mode), target compartments (which compartments to scan), scan schedule (recurring or one-time), and report destination (Cloud Guard integration for centralized risk view). Output is generated as oci vulnerability-scanning commands and Terraform oci_vulnerability_scanning_* resources.

Frequently Asked Questions

Does this tool connect to my OCI account?: No. This tool runs entirely in your browser and generates configuration JSON that you can copy and paste into your infrastructure-as-code templates, CLI commands, or cloud console. It never connects to any cloud account or sends data externally.
Are the generated configurations production-ready?: The tool produces syntactically valid configurations based on current OCI service specifications. Always review generated configs against your organization security policies and test in a non-production environment before deploying.

Related Learning Guides

OCI IAM, Compartments & Policies22 min read
OCI Security Best Practices24 min read

Was this tool helpful?

Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.

OCI Scanning Config Builder

IAM & SecurityOCI

Build VSS vulnerability scanning configurations for host, port, and container image scans.

Last verified: May 2026

OCI Vulnerability Scanning Configuration

Build VSS vulnerability scanning configurations for host, port, and container image scans.

Required Fields

compartmentIddisplayNamescanRecipe.scanTypescanTargets

Generated Output

Output will appear here...

About This Tool

Real-World Scenario

When to Use This Tool

•Generating oci scanning configurations for new infrastructure deployments.
•Validating existing configurations against best practices before applying changes.
•Learning OCI service configuration patterns through interactive examples.
•Accelerating infrastructure-as-code development by producing correct JSON/YAML starting points.

Pro Tips

TIP

How It Works Under the Hood

Frequently Asked Questions

Does this tool connect to my OCI account?: No. This tool runs entirely in your browser and generates configuration JSON that you can copy and paste into your infrastructure-as-code templates, CLI commands, or cloud console. It never connects to any cloud account or sends data externally.
Are the generated configurations production-ready?: The tool produces syntactically valid configurations based on current OCI service specifications. Always review generated configs against your organization security policies and test in a non-production environment before deploying.

Related Learning Guides

OCI IAM, Compartments & Policies22 min read
OCI Security Best Practices24 min read

Was this tool helpful?