Modules/ScubaConfig/ScubaConfigDefaults.json
|
{
"metadata": { "version": "1.7.0", "_comment": "ScubaGear default configuration values", "lastUpdated": "2026-01-12", "compatibleOpaVersions": ["1.1.0","1.2.0","1.3.0","1.4.0","1.5.0","1.6.0","1.7.1","1.8.0","1.9.0","1.10.1","1.11.1","1.12.2","1.13.2","1.14.1"] }, "defaults": { "OPAPath": "~/.scubagear/Tools", "OPAExecutable": { "Windows": "opa_windows_amd64.exe", "MacOS": "opa_darwin_amd64", "Linux": "opa_linux_amd64_static" }, "ProductNames": ["aad", "defender", "exo", "sharepoint", "teams"], "AllProductNames": ["aad", "defender", "exo", "powerplatform", "sharepoint", "teams"], "M365Environment": "commercial", "LogIn": true, "DisconnectOnExit": false, "OutPath": ".", "OutFolderName": "M365BaselineConformance", "OutProviderFileName": "ProviderSettingsExport", "OutRegoFileName": "TestResults", "OutReportName": "BaselineReports", "OutJsonFileName": "ScubaResults", "OutCsvFileName": "ScubaResults", "OutActionPlanFileName": "ActionPlan", "NumberOfUUIDCharactersToTruncate": 18, "OPAVersion": "1.15.2", "PreferredDnsResolvers": [], "SkipDoH": false }, "minRequired": [ "OrgName", "ProductNames" ], "privilegedRoles": [ "Global Administrator", "Privileged Role Administrator", "User Administrator", "SharePoint Administrator", "Exchange Administrator", "Hybrid Identity Administrator", "Application Administrator", "Cloud Application Administrator" ], "validation": { "_comment": [ "policyIdPattern: Regular expression pattern that policy IDs must match. This enforces a consistent naming convention for policies.", "policyIdPatternExample: An example format for policy IDs that matches the specified pattern. This displayed in validation error messages to guide users on the expected format.", "policyIdPatternExampleWithProduct: An example format for policy IDs that includes a product placeholder, demonstrating how to incorporate the product name into the policy ID.", "supportedFileExtensions: List of file extensions that are allowed for configuration files.", "maxFileSizeBytes: Maximum allowed file size for configuration files, in bytes.", "ignoreAnchorsInYaml: When true, ignores YAML anchors and aliases during validation to prevent issues with duplicate keys. This allows users to use anchors for reuse without causing validation errors.", "requireProductInPolicy: When true, enforces that the product name must be included in the policy ID.", "errorCaseSensitive: When true, found case sensitive properties will error during validation. If false, warnings messages are shown instead.", "allowOPAFallback: When true, allows runtime fallback if OPAPath doesn't exist. Fallback chain: 1) If $env:USERPROFILE is not set, defaults to current directory (.). 2) Expands ~ to user profile. 3) If expanded path doesn't exist, falls back to current directory (.). This matches the legacy DefaultOPAPath behavior: try {Join-Path $env:USERPROFILE '.scubagear\\Tools'} catch {'.'}. When false, requires OPAPath to exist at validation time." ], "policyIdPattern": "^[Mm][Ss]\\.[a-zA-Z]+\\.[0-9]+\\.[0-9]+[Vv][0-9]+$", "policyIdPatternExample": "MS.<PRODUCT>.#.#v#", "policyIdPatternExampleWithProduct": "MS.{PRODUCT}.#.#v#", "supportedFileExtensions": [".yaml", ".yml", ".json"], "maxFileSizeBytes": 1048576, "ignoreAnchorsInYaml": true, "requireProductInPolicy": false, "errorCaseSensitive": false, "allowOPAFallback": true }, "outputSettings": { "_comment": [ "Settings related to output from ScubaConfig. The order if errorCategories and warningCategories matters, as the first matching pattern will be used to categorize an error or warning.", "debugMode: When true, includes additional debug information in the output to assist with troubleshooting.", "fileNameMaxLength: Maximum length for generated file names to ensure compatibility with various file systems.", "supportedFormats: List of output formats that are supported for reports and results.", "defaultEncoding: The default character encoding to use for output files.", "errorCategories: A list of error categories with associated regex patterns to classify errors in the output. The first pattern that matches an error message will determine its category.", "warningCategories: A list of warning categories with associated regex patterns to classify warnings in the output, following the same logic as errorCategories.", "recommendedActionMessage: A formated message providing guidance on recommended actions, such as using the ScubaGear Configuration Editor for building configuration files." ], "debugMode": true, "fileNameMaxLength": 100, "supportedFormats": ["html", "json", "csv"], "defaultEncoding": "UTF-8", "errorCategories": [ { "name": "Property errors", "pattern": "^Required\\s+property\\s+|^Property\\s+'(?!Aad|Defender|Exo|AnnotatePolicy|OmitPolicy)", "actionMessageRef": "default" }, { "name": "Aad exclusion errors", "pattern": "^(Aad|AAD)\\s+exclusion\\s+error:|^Property\\s+'Aad'", "actionMessageRef": "default" }, { "name": "Defender exclusion errors", "pattern": "^(Defender|DEFENDER)\\s+exclusion\\s+error:|^Property\\s+'Defender'", "actionMessageRef": "default" }, { "name": "Exo exclusion errors", "pattern": "^(Exo|EXO)\\s+exclusion\\s+error:|^Property\\s+'Exo'", "actionMessageRef": "default" }, { "name": "Annotate Policy errors", "pattern": "^AnnotatePolicy|^Annotated\\s+Policy\\s+ID:|^Property\\s+'AnnotatePolicy'", "actionMessageRef": "default" }, { "name": "Omit Policy errors", "pattern": "^OmitPolicy|^Omitted\\s+Policy\\s+ID:|^Property\\s+'OmitPolicy'", "actionMessageRef": "default" }, { "name": "OPA errors", "pattern": "^OPA\\s+executable|^Property\\s+'OPAPath'", "actionMessageRef": "opaPath" }, { "name": "Other errors", "pattern": "", "actionMessageRef": "default" } ], "warningCategories": [ { "name": "Property warnings", "pattern": "^Unknown\\s+property\\s+|^Property\\s+'(?!Aad|Defender|Exo|AnnotatePolicy|OmitPolicy)", "actionMessageRef": "default" }, { "name": "Aad exclusion warnings", "pattern": "^(Aad|AAD)\\s+exclusion\\s+(warning|info):|^Property\\s+'Aad'", "actionMessageRef": "default" }, { "name": "Defender exclusion warnings", "pattern": "^(Defender|DEFENDER)\\s+exclusion\\s+(warning|info):|^Property\\s+'Defender'", "actionMessageRef": "default" }, { "name": "Exo exclusion warnings", "pattern": "^(Exo|EXO)\\s+exclusion\\s+(warning|info):|^Property\\s+'Exo'", "actionMessageRef": "default" }, { "name": "Annotate Policy warnings", "pattern": "^AnnotatePolicy|^Annotated\\s+Policy\\s+ID:|^Property\\s+'AnnotatePolicy'", "actionMessageRef": "default" }, { "name": "Omit Policy warnings", "pattern": "^OmitPolicy|^Omitted\\s+Policy\\s+ID:|^Property\\s+'OmitPolicy'", "actionMessageRef": "default" }, { "name": "Other warnings", "pattern": "", "actionMessageRef": "default" } ], "recommendedActionMessages": { "default": [ "It is recommended to use the new ScubaGear Configuration Editor to build a configuration file via a graphical user interface.", "Run: 'Start-ScubaConfigApp' to launch the configuration application and get started.", "Refer to the documentation [docs\\configuration\\scubaconfigapp.md] for guidance on using this application." ], "opaPath": [ "Please install OPA using 'Install-OPAforSCuBA' or place the executable in one of the following locations above." ] } } } |