Skip to content

CloudforceOneScanConfig

Source: src/Cloudflare/CloudforceOne/ScanConfig.ts

A Cloudforce One attack-surface scan configuration.

Cloudforce One (Cloudflare’s threat-intelligence product) can periodically port-scan IP addresses you own to map your attack surface. A scan config declares which IPs to scan, on which ports, and how often. Scan results are read back via the scan-results API; the config itself is the only declarative piece.

Requires the cfone.port_scan entitlement (Cloudforce One subscription) — accounts without it receive an Unauthorized error for every scan-config operation.

Creating a Scan Config

Section titled “Creating a Scan Config”

One-off scan of a single address

const scan = yield* Cloudflare.CloudforceOneScanConfig("edge-scan", {
  ips: ["203.0.113.7/32"],
  frequency: 0,
});

Weekly scan of a CIDR block on specific ports

const scan = yield* Cloudflare.CloudforceOneScanConfig("perimeter", {
  ips: ["203.0.113.0/24"],
  frequency: 7,
  ports: ["1-80", "443"],
});

Updating

Section titled “Updating”
const scan = yield* Cloudflare.CloudforceOneScanConfig("perimeter", {
  ips: ["203.0.113.0/24"],
  frequency: 30,
  ports: ["all"],
});