mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-10 03:16:46 +00:00
133 lines
4.2 KiB
Text
133 lines
4.2 KiB
Text
NAME
|
|
gcloud beta artifacts docker images scan - perform a vulnerability scan on
|
|
a container image
|
|
|
|
SYNOPSIS
|
|
gcloud beta artifacts docker images scan RESOURCE_URI
|
|
[--additional-package-types=[ADDITIONAL_PACKAGE_TYPES,...]] [--async]
|
|
[--location=LOCATION; default="us"] [--remote]
|
|
[--skip-package-types=[SKIP_PACKAGE_TYPES,...]] [GCLOUD_WIDE_FLAG ...]
|
|
|
|
DESCRIPTION
|
|
(BETA) You can scan a container image in a Google Cloud registry (Artifact
|
|
Registry or Container Registry), or a local container image.
|
|
|
|
Reference an image by tag or digest using any of the formats:
|
|
|
|
Artifact Registry:
|
|
LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY-ID/IMAGE[:tag]
|
|
LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY-ID/IMAGE@sha256:digest
|
|
|
|
Container Registry:
|
|
[LOCATION.]gcr.io/PROJECT-ID/REPOSITORY-ID/IMAGE[:tag]
|
|
[LOCATION.]gcr.io/PROJECT-ID/REPOSITORY-ID/IMAGE@sha256:digest
|
|
|
|
Local:
|
|
IMAGE[:tag]
|
|
|
|
EXAMPLES
|
|
Start a scan of a container image stored in Artifact Registry:
|
|
|
|
$ gcloud beta artifacts docker images scan \
|
|
us-west1-docker.pkg.dev/my-project/my-repository/\
|
|
busy-box@sha256:abcxyz --remote
|
|
|
|
Start a scan of a container image stored in the Container Registry, and
|
|
perform the analysis in Europe:
|
|
|
|
$ gcloud beta artifacts docker images scan \
|
|
eu.gcr.io/my-project/my-repository/my-image:latest --remote \
|
|
--location=europe
|
|
|
|
Start a scan of a container image stored locally, and perform the analysis
|
|
in Asia:
|
|
|
|
$ gcloud beta artifacts docker images scan ubuntu:latest \
|
|
--location=asia
|
|
|
|
POSITIONAL ARGUMENTS
|
|
RESOURCE_URI
|
|
A container image in a Google Cloud registry (Artifact Registry or
|
|
Container Registry), or a local container image.
|
|
|
|
FLAGS
|
|
--additional-package-types=[ADDITIONAL_PACKAGE_TYPES,...]
|
|
(DEPRECATED) A comma-separated list of package types to scan in
|
|
addition to OS packages.
|
|
|
|
This flag is deprecated as scanning for all package types is now the
|
|
default. To skip scanning for specific package types, use
|
|
--skip-package-types. ADDITIONAL_PACKAGE_TYPES must be one of:
|
|
|
|
COMPOSER
|
|
PHP Composer package.
|
|
GO
|
|
Go standard library and third party packages.
|
|
MAVEN
|
|
Maven package.
|
|
NPM
|
|
NPM package.
|
|
NUGET
|
|
NuGet package.
|
|
PYTHON
|
|
Python package.
|
|
RUBYGEMS
|
|
RubyGems package.
|
|
RUST
|
|
Rust package.
|
|
|
|
--async
|
|
Return immediately, without waiting for the operation in progress to
|
|
complete.
|
|
|
|
--location=LOCATION; default="us"
|
|
The API location in which to perform package analysis. Consider
|
|
choosing a location closest to where you are located. Proximity to the
|
|
container image does not affect response time. LOCATION must be one of:
|
|
|
|
asia
|
|
Perform analysis in Asia
|
|
europe
|
|
Perform analysis in Europe
|
|
us
|
|
Perform analysis in the US
|
|
|
|
--remote
|
|
Whether the container image is located remotely or on your local
|
|
machine.
|
|
|
|
--skip-package-types=[SKIP_PACKAGE_TYPES,...]
|
|
A comma-separated list of package types to skip when scanning.
|
|
SKIP_PACKAGE_TYPES must be one of:
|
|
|
|
COMPOSER
|
|
PHP Composer package.
|
|
GO
|
|
Go standard library and third party packages.
|
|
MAVEN
|
|
Maven package.
|
|
NPM
|
|
NPM package.
|
|
NUGET
|
|
NuGet package.
|
|
PYTHON
|
|
Python package.
|
|
RUBYGEMS
|
|
RubyGems package.
|
|
RUST
|
|
Rust package.
|
|
|
|
GCLOUD WIDE FLAGS
|
|
These flags are available to all commands: --access-token-file, --account,
|
|
--billing-project, --configuration, --flags-file, --flatten, --format,
|
|
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
|
--trace-token, --user-output-enabled, --verbosity.
|
|
|
|
Run $ gcloud help for details.
|
|
|
|
NOTES
|
|
This command is currently in beta and might change without notice. This
|
|
variant is also available:
|
|
|
|
$ gcloud artifacts docker images scan
|
|
|