HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/396/help/man/man1/
Upload Files
File: //snap/google-cloud-cli/396/help/man/man1/gcloud_artifacts_docker_images_scan.1
.TH "GCLOUD_ARTIFACTS_DOCKER_IMAGES_SCAN" 1



.SH "NAME"
.HP
gcloud artifacts docker images scan \- perform a vulnerability scan on a container image



.SH "SYNOPSIS"
.HP
\f5gcloud artifacts docker images scan\fR \fIRESOURCE_URI\fR [\fB\-\-additional\-package\-types\fR=[\fIADDITIONAL_PACKAGE_TYPES\fR,...]] [\fB\-\-async\fR] [\fB\-\-location\fR=\fILOCATION\fR;\ default="us"] [\fB\-\-remote\fR] [\fB\-\-skip\-package\-types\fR=[\fISKIP_PACKAGE_TYPES\fR,...]] [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "DESCRIPTION"

You can scan a container image in a Google Cloud registry (Artifact Registry or
Container Registry), or a local container image.

Reference an image by tag or digest using any of the formats:

.RS 2m
Artifact Registry:
  LOCATION\-docker.pkg.dev/PROJECT\-ID/REPOSITORY\-ID/IMAGE[:tag]
  LOCATION\-docker.pkg.dev/PROJECT\-ID/REPOSITORY\-ID/IMAGE@sha256:digest
.RE

.RS 2m
Container Registry:
  [LOCATION.]gcr.io/PROJECT\-ID/REPOSITORY\-ID/IMAGE[:tag]
  [LOCATION.]gcr.io/PROJECT\-ID/REPOSITORY\-ID/IMAGE@sha256:digest
.RE

.RS 2m
Local:
  IMAGE[:tag]
.RE



.SH "EXAMPLES"

Start a scan of a container image stored in Artifact Registry:

.RS 2m
$ gcloud artifacts docker images scan \e
  us\-west1\-docker.pkg.dev/my\-project/my\-repository/\e
busy\-box@sha256:abcxyz \-\-remote
.RE

Start a scan of a container image stored in the Container Registry, and perform
the analysis in Europe:

.RS 2m
$ gcloud artifacts docker images scan \e
  eu.gcr.io/my\-project/my\-repository/my\-image:latest \-\-remote \e
  \-\-location=europe
.RE

Start a scan of a container image stored locally, and perform the analysis in
Asia:

.RS 2m
$ gcloud artifacts docker images scan ubuntu:latest \-\-location=asia
.RE



.SH "POSITIONAL ARGUMENTS"

.RS 2m
.TP 2m
\fIRESOURCE_URI\fR

A container image in a Google Cloud registry (Artifact Registry or Container
Registry), or a local container image.


.RE
.sp

.SH "FLAGS"

.RS 2m
.TP 2m
\fB\-\-additional\-package\-types\fR=[\fIADDITIONAL_PACKAGE_TYPES\fR,...]

(DEPRECATED) A comma\-separated list of package types to scan in addition to OS
packages.

This flag is deprecated as scanning for all package types is now the default. To
skip scanning for specific package types, use \-\-skip\-package\-types.
\fIADDITIONAL_PACKAGE_TYPES\fR must be one of:

.RS 2m
.TP 2m
\fBCOMPOSER\fR
PHP Composer package.
.TP 2m
\fBGO\fR
Go standard library and third party packages.
.TP 2m
\fBMAVEN\fR
Maven package.
.TP 2m
\fBNPM\fR
NPM package.
.TP 2m
\fBNUGET\fR
NuGet package.
.TP 2m
\fBPYTHON\fR
Python package.
.TP 2m
\fBRUBYGEMS\fR
RubyGems package.
.TP 2m
\fBRUST\fR
Rust package.
.RE
.sp


.TP 2m
\fB\-\-async\fR

Return immediately, without waiting for the operation in progress to complete.

.TP 2m
\fB\-\-location\fR=\fILOCATION\fR; default="us"

The API location in which to perform package analysis. Consider choosing a
location closest to where you are located. Proximity to the container image does
not affect response time. \fILOCATION\fR must be one of:

.RS 2m
.TP 2m
\fBasia\fR
Perform analysis in Asia
.TP 2m
\fBeurope\fR
Perform analysis in Europe
.TP 2m
\fBus\fR
Perform analysis in the US
.RE
.sp


.TP 2m
\fB\-\-remote\fR

Whether the container image is located remotely or on your local machine.

.TP 2m
\fB\-\-skip\-package\-types\fR=[\fISKIP_PACKAGE_TYPES\fR,...]

A comma\-separated list of package types to skip when scanning.
\fISKIP_PACKAGE_TYPES\fR must be one of:

.RS 2m
.TP 2m
\fBCOMPOSER\fR
PHP Composer package.
.TP 2m
\fBGO\fR
Go standard library and third party packages.
.TP 2m
\fBMAVEN\fR
Maven package.
.TP 2m
\fBNPM\fR
NPM package.
.TP 2m
\fBNUGET\fR
NuGet package.
.TP 2m
\fBPYTHON\fR
Python package.
.TP 2m
\fBRUBYGEMS\fR
RubyGems package.
.TP 2m
\fBRUST\fR
Rust package.
.RE
.sp



.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.



.SH "NOTES"

This variant is also available:

.RS 2m
$ gcloud beta artifacts docker images scan
.RE
@ Telegram