NAME
    gcloud beta container binauthz policy evaluate - evaluate a Binary
        Authorization platform policy

SYNOPSIS
    gcloud beta container binauthz policy evaluate
        (POLICY_RESOURCE_NAME : --platform=PLATFORM)
        (--image=IMAGE | --resource=RESOURCE) [GCLOUD_WIDE_FLAG ...]

EXAMPLES
    To evaluate a policy using its resource name:

        $ gcloud beta container binauthz policy evaluate \
            projects/my-proj/platforms/gke/policies/my-policy \
            --resource=$KUBERNETES_RESOURCE

    To evaluate the same policy using flags against an image:

        $ gcloud beta container binauthz policy evaluate my-policy \
            --platform=gke --project=my-proj --image=$IMAGE

POSITIONAL ARGUMENTS
     Policy resource - The resource name of the policy to evaluate. The
     arguments in this group can be used to specify the attributes of this
     resource. (NOTE) Some attributes are not given arguments in this group but
     can be set in other ways.

     To set the project attribute:
      ◆ provide the argument policy_resource_name on the command line with a
        fully specified name;
      ◆ provide the argument --project on the command line;
      ◆ set the property core/project.

     This must be specified.

       POLICY_RESOURCE_NAME
          ID of the policy or fully qualified identifier for the policy.

          To set the policy attribute:
          ▸ provide the argument policy_resource_name on the command line.

          This positional argument must be specified if any of the other
          arguments in this group are specified.

       --platform=PLATFORM
          The platform that the policy belongs to. PLATFORM must be one of the
          following: cloudRun, gke.

          To set the platform attribute:
          ▸ provide the argument policy_resource_name on the command line
            with a fully specified name;
          ▸ provide the argument --platform on the command line.

REQUIRED FLAGS
     Exactly one of these must be specified:

       --image=IMAGE
          The image to evaluate. If the policy being evaluated has scoped
          checksets, this mode of evaluation will always use the default
          (unscoped) checkset.

       --resource=RESOURCE
          The JSON or YAML file containing the Kubernetes resource to evaluate.

GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file, --account,
    --billing-project, --configuration, --flags-file, --flatten, --format,
    --help, --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

    Run $ gcloud help for details.

NOTES
    This command is currently in beta and might change without notice. This
    variant is also available:

        $ gcloud alpha container binauthz policy evaluate

