gcloud artifacts docker images scan

NAME
gcloud artifacts docker images scan - perform a vulnerability scan on a container image
SYNOPSIS
gcloud artifacts docker images scan RESOURCE_URI [--additional-package-types=[ADDITIONAL_PACKAGE_TYPES,…]] [--async] [--location=LOCATION; default="us"] [--remote] [--skip-package-types=[SKIP_PACKAGE_TYPES,…]] [GCLOUD_WIDE_FLAG]
DESCRIPTION
You can scan a container image in a Google Cloud registry (Artifact Registry or Container Registry), or a local container image.

Reference an image by tag or digest using any of the formats:

Artifact Registry:
  LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY-ID/IMAGE[:tag]
  LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY-ID/IMAGE@sha256:digest
Container Registry:
  [LOCATION.]gcr.io/PROJECT-ID/REPOSITORY-ID/IMAGE[:tag]
  [LOCATION.]gcr.io/PROJECT-ID/REPOSITORY-ID/IMAGE@sha256:digest
Local:
  IMAGE[:tag]
EXAMPLES
Start a scan of a container image stored in Artifact Registry:
gcloud artifacts docker images scan us-west1-docker.pkg.dev/my-project/my-repository/busy-box@sha256:abcxyz --remote

Start a scan of a container image stored in the Container Registry, and perform the analysis in Europe:

gcloud artifacts docker images scan eu.gcr.io/my-project/my-repository/my-image:latest --remote --location=europe

Start a scan of a container image stored locally, and perform the analysis in Asia:

gcloud artifacts docker images scan ubuntu:latest --location=asia
POSITIONAL ARGUMENTS
RESOURCE_URI
A container image in a Google Cloud registry (Artifact Registry or Container Registry), or a local container image.
FLAGS
--additional-package-types=[ADDITIONAL_PACKAGE_TYPES,…]
(DEPRECATED) A comma-separated list of package types to scan in addition to OS packages.

This flag is deprecated as scanning for all package types is now the default. To skip scanning for specific package types, use --skip-package-types. ADDITIONAL_PACKAGE_TYPES must be one of:

COMPOSER
PHP Composer package.
GO
Go standard library and third party packages.
MAVEN
Maven package.
NPM
NPM package.
NUGET
NuGet package.
PYTHON
Python package.
RUBYGEMS
RubyGems package.
RUST
Rust package.
--async
Return immediately, without waiting for the operation in progress to complete.
--location=LOCATION; default="us"
The API location in which to perform package analysis. Consider choosing a location closest to where you are located. Proximity to the container image does not affect response time. LOCATION must be one of:
asia
Perform analysis in Asia
europe
Perform analysis in Europe
us
Perform analysis in the US
--remote
Whether the container image is located remotely or on your local machine.
--skip-package-types=[SKIP_PACKAGE_TYPES,…]
A comma-separated list of package types to skip when scanning. SKIP_PACKAGE_TYPES must be one of:
COMPOSER
PHP Composer package.
GO
Go standard library and third party packages.
MAVEN
Maven package.
NPM
NPM package.
NUGET
NuGet package.
PYTHON
Python package.
RUBYGEMS
RubyGems package.
RUST
Rust package.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES
This variant is also available:
gcloud beta artifacts docker images scan