HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/394/help/man/man1/
Upload Files
File: //snap/google-cloud-cli/394/help/man/man1/gcloud_alpha_container_binauthz_policy_evaluate.1
.TH "GCLOUD_ALPHA_CONTAINER_BINAUTHZ_POLICY_EVALUATE" 1



.SH "NAME"
.HP
gcloud alpha container binauthz policy evaluate \- evaluate a Binary Authorization platform policy



.SH "SYNOPSIS"
.HP
\f5gcloud alpha container binauthz policy evaluate\fR (\fIPOLICY_RESOURCE_NAME\fR\ :\ \fB\-\-platform\fR=\fIPLATFORM\fR) (\fB\-\-image\fR=\fIIMAGE\fR\ |\ \fB\-\-resource\fR=\fIRESOURCE\fR) [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "EXAMPLES"

To evaluate a policy using its resource name:

.RS 2m
$ gcloud alpha container binauthz policy evaluate \e
    projects/my\-proj/platforms/gke/policies/my\-policy \e
    \-\-resource=$KUBERNETES_RESOURCE
.RE

To evaluate the same policy using flags against an image:

.RS 2m
$ gcloud alpha container binauthz policy evaluate my\-policy \e
    \-\-platform=gke \-\-project=my\-proj \-\-image=$IMAGE
.RE



.SH "POSITIONAL ARGUMENTS"

.RS 2m
.TP 2m

Policy resource \- The resource name of the policy to evaluate. The arguments in
this group can be used to specify the attributes of this resource. (NOTE) Some
attributes are not given arguments in this group but can be set in other ways.

To set the \f5project\fR attribute:
.RS 2m
.IP "\(em" 2m
provide the argument \f5policy_resource_name\fR on the command line with a fully
specified name;
.IP "\(em" 2m
provide the argument \f5\-\-project\fR on the command line;
.IP "\(em" 2m
set the property \f5core/project\fR.
.RE
.sp

This must be specified.


.RS 2m
.TP 2m
\fIPOLICY_RESOURCE_NAME\fR

ID of the policy or fully qualified identifier for the policy.

To set the \f5policy\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5policy_resource_name\fR on the command line.
.RE
.sp

This positional argument must be specified if any of the other arguments in this
group are specified.

.TP 2m
\fB\-\-platform\fR=\fIPLATFORM\fR

The platform that the policy belongs to. PLATFORM must be one of the following:
cloudRun, gke.

To set the \f5platform\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5policy_resource_name\fR on the command line with a fully
specified name;
.IP "\(bu" 2m
provide the argument \f5\-\-platform\fR on the command line.
.RE
.sp


.RE
.RE
.sp

.SH "REQUIRED FLAGS"

.RS 2m
.TP 2m

Exactly one of these must be specified:


.RS 2m
.TP 2m
\fB\-\-image\fR=\fIIMAGE\fR

The image to evaluate. If the policy being evaluated has scoped checksets, this
mode of evaluation will always use the default (unscoped) checkset.

.TP 2m
\fB\-\-resource\fR=\fIRESOURCE\fR

The JSON or YAML file containing the Kubernetes resource to evaluate.


.RE
.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.



.SH "NOTES"

This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation\-only early access
allowlist. This variant is also available:

.RS 2m
$ gcloud beta container binauthz policy evaluate
.RE
@ Telegram