gcloud beta artifacts docker images scan
- NAME
- gcloud beta artifacts docker images scan - perform a vulnerability scan on a container image
- SYNOPSIS
gcloud beta artifacts docker images scanRESOURCE_URI[--additional-package-types=[ADDITIONAL_PACKAGE_TYPES,…]][--async][--location=LOCATION; default="us"][--remote][--skip-package-types=[SKIP_PACKAGE_TYPES,…]][GCLOUD_WIDE_FLAG …]
- DESCRIPTION
(BETA)You can scan a container image in a Google Cloud registry(Artifact Registry or Container Registry), or a local container image.Reference an image by tag or digest using any of the formats:
ArtifactRegistry:LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY-ID/IMAGE[:tag]LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY-ID/IMAGE@sha256:digest
ContainerRegistry:[LOCATION.]gcr.io/PROJECT-ID/REPOSITORY-ID/IMAGE[:tag][LOCATION.]gcr.io/PROJECT-ID/REPOSITORY-ID/IMAGE@sha256:digest
Local:IMAGE[:tag]
- EXAMPLES
- Start a scan of a container image stored in Artifact Registry:
gcloudbetaartifactsdockerimagesscanus-west1-docker.pkg.dev/my-project/my-repository/busy-box@sha256:abcxyz--remoteStart a scan of a container image stored in the Container Registry, and performthe analysis in Europe:
gcloudbetaartifactsdockerimagesscaneu.gcr.io/my-project/my-repository/my-image:latest--remote--location=europeStart a scan of a container image stored locally, and perform the analysis inAsia:
gcloudbetaartifactsdockerimagesscanubuntu:latest--location=asia - POSITIONAL ARGUMENTS
RESOURCE_URI- A container image in a Google Cloud registry (Artifact Registry or ContainerRegistry), or a local container image.
- FLAGS
--additional-package-types=[ADDITIONAL_PACKAGE_TYPES,…]- (DEPRECATED) A comma-separated list of package types to scan in addition to OSpackages.
This flag is deprecated as scanning for all package types is now the default. Toskip scanning for specific package types, use --skip-package-types.
ADDITIONAL_PACKAGE_TYPESmust be one of:COMPOSER- PHP Composer package.
GO- Go standard library and third party packages.
MAVEN- Maven package.
NPM- NPM package.
NUGET- NuGet package.
PYTHON- Python package.
RUBYGEMS- RubyGems package.
RUST- Rust package.
--async- Return immediately, without waiting for the operation in progress to complete.
--location=LOCATION; default="us"- The API location in which to perform package analysis. Consider choosing alocation closest to where you are located. Proximity to the container image doesnot affect response time.
LOCATIONmust be one of:asia- Perform analysis in Asia
europe- Perform analysis in Europe
us- Perform analysis in the US
--remote- Whether the container image is located remotely or on your local machine.
--skip-package-types=[SKIP_PACKAGE_TYPES,…]- A comma-separated list of package types to skip when scanning.
SKIP_PACKAGE_TYPESmust be one of:COMPOSER- PHP Composer package.
GO- Go standard library and third party packages.
MAVEN- Maven package.
NPM- NPM package.
NUGET- NuGet package.
PYTHON- Python package.
RUBYGEMS- RubyGems package.
RUST- Rust package.
- GCLOUD WIDE FLAGS
- These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$gcloud helpfor details. - NOTES
- This command is currently in beta and might change without notice. This variantis also available:
gcloudartifactsdockerimagesscan
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-07-22 UTC.