gcloud alpha scc findings update

NAME
gcloud alpha scc findings update - update a Security Command Center finding
SYNOPSIS
gcloud alpha scc findings updateFINDING[--event-time=EVENT_TIME][--external-uri=EXTERNAL_URI][--location=LOCATION; default="global"][--source=SOURCE; default="-"][--source-properties=[KEY=VALUE,…]][--state=STATE][--update-mask=UPDATE_MASK][--folder=FOLDER    |--organization=ORGANIZATION    |--project=PROJECT][GCLOUD_WIDE_FLAG]
DESCRIPTION
(ALPHA) Update a Security Command Center finding.
EXAMPLES
Update testFinding's state fromACTIVE toINACTIVE:
gcloudalphasccfindingsupdate`testFinding`--organization=123456--source=5678--state=INACTIVE

Update testFinding's state fromACTIVE toINACTIVEusing project name for example-project:

gcloudalphasccfindingsupdateprojects/example-project/sources/5678/findings/testFinding--state=INACTIVE

Update testFinding's state fromACTIVE toINACTIVEusing folder name456:

gcloudalphasccfindingsupdatefolders/456/sources/5678/findings/testFinding--state=INACTIVE

Override all source properties ontestFinding:

gcloudalphasccfindingsupdate`testFinding`--organization=123456--source=5678--source-properties="propKey1=propVal1,propKey2=propVal2"

Selectively update a specific source property ontestFinding:

gcloudalphasccfindingsupdate`testFinding`--organization=123456--source=5678--source-properties="propKey1=propVal1,propKey2=propVal2"--update-mask="source_properties.propKey1"

Update findingtestFinding withlocation=eu, statefromACTIVE toINACTIVE:

gcloudalphasccfindingsupdate`testFinding`--organization=123456--source=5678--state=INACTIVE--location=eu
POSITIONAL ARGUMENTS
FINDING
ID of the finding or fully qualified identifier for the finding.
FLAGS
--event-time=EVENT_TIME
Time at which the event took place. For example, if the finding represents anopen firewall it would capture the time the open firewall was detected. Ifevent-time is not provided, it will default to UTC version of NOW. See$gcloud topicdatetimes for information on supported time formats.
--external-uri=EXTERNAL_URI
URI that, if available, points to a web page outside of Cloud SCC (SecurityCommand Center) where additional information about the finding can be found.This field is guaranteed to be either empty or a well formed URL.
--location=LOCATION; default="global"
When data residency controls are enabled, this attribute specifies the locationin which the resource is located and applicable. Thelocationattribute can be provided as part of the fully specified resource name or withthe--location argument on the command line. The default locationisglobal.

NOTE: If you override the endpoint to aregionalendpoint you must specify the correctdatalocation using this flag. The default location on this command is unrelatedto the default location that is specified when data residency controls areenabled for Security Command Center.

NOTE: If no location is specified, the default location isglobalAND the request will be routed to the SCC V1 API. To use the SCC V2 API - pleaseexplicitly specify the flag.

--source=SOURCE; default="-"
Source id. Defaults to all sources.
--source-properties=[KEY=VALUE,…]
Source specific properties. These properties are managed by the source thatwrites the finding. The key names in the source_properties map must be between 1and 255 characters, and must start with a letter and contain alphanumericcharacters or underscores only. For example "key1=val1,key2=val2"
--state=STATE
State is one of: [ACTIVE, INACTIVE].STATE must be oneof:active,inactive,state-unspecified.
--update-mask=UPDATE_MASK
Optional: If left unspecified (default), an update-mask is automatically createdusing the flags specified in the command and only those values are updated. Forexample: --external-uri='<some-uri>' --event-time='<some-time>'would automatically generate --update-mask='external_uri,event_time'. Note thatas a result, only external-uri and event-time are updated for the given findingand everything else remains untouched. If you want to deleteattributes/properties (that are not being changed in the update command) use anempty update-mask (''). That will delete all the mutable properties/attributesthat aren't specified as flags in the update command. In the above example itwould delete source-properties. State can be toggled from ACTIVE to INACTIVE andvice-versa but it cannot be deleted.
At most one of these can be specified:
--folder=FOLDER
The folder ID (e.g., 456) that contains the finding.
--organization=ORGANIZATION
The organization ID (e.g., 123) that contains the finding.
--project=PROJECT
The project ID (e.g., example-project) that contains the finding.
GCLOUD WIDE FLAGS
These flags are available to all commands:--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.

Run$gcloud help for details.

API REFERENCE
This command uses the Security Command Center API. For more information, seeSecurityCommand Center API.
NOTES
This command is currently in alpha and might change without notice. If thiscommand fails with API permission errors despite specifying the correct project,you might be trying to access an API with an invitation-only early accessallowlist. These variants are also available:
gcloudsccfindingsupdate
gcloudbetasccfindingsupdate

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-10-21 UTC.