- NAME
-
- gcloud alpha scc artifact-guard images scan - scan an image with Artifact Guard
- SYNOPSIS
-
-
gcloud alpha scc artifact-guard images scanRESOURCE_URI--parent=PARENT--scan-type=SCAN_TYPE[--async] [--connector-id=CONNECTOR_ID] [--remote] [[--cloud-build-id=CLOUD_BUILD_ID--cloud-build-project-id=CLOUD_BUILD_PROJECT_ID:--cloud-build-trigger-id=CLOUD_BUILD_TRIGGER_ID] | [--github-run-id=GITHUB_RUN_ID:--github-repository=GITHUB_REPOSITORY--github-workflow=GITHUB_WORKFLOW] |--jenkins-build-id=JENKINS_BUILD_ID--jenkins-build-tag=JENKINS_BUILD_TAG] [GCLOUD_WIDE_FLAG …]
-
- DESCRIPTION
-
(ALPHA)Scan a container image with Artifact Guard. - EXAMPLES
-
To scan an image:
gcloud alpha scc artifact-guard images scan my-image:tag --parent=organizations/123/locations/global --scan-type=pipeline --connector-id=my-connector --jenkins-build-tag=t --jenkins-build-id=i - POSITIONAL ARGUMENTS
-
RESOURCE_URI-
URI of the image to scan (e.g.,
my-image:tagormy-image@digest).
- REQUIRED FLAGS
-
--parent=PARENT-
Parent resource for artifact guard, e.g.,
organizations/123/locations/global. --scan-type=SCAN_TYPE-
Type of scan to perform.
SCAN_TYPEmust be (only one value is supported):pipeline.
- OPTIONAL FLAGS
-
--async- Return immediately, without waiting for the operation in progress to complete.
--connector-id=CONNECTOR_ID- The ID of the pipeline connector. Required for pipeline scans.
--remote- If true, treat resource_uri as a remote image. If false, treats it as a local tarball or daemon image.
-
CI/CD pipeline context. Required for pipeline scans.
At most one of these can be specified:
- Google Cloud Build context flags.
--cloud-build-id=CLOUD_BUILD_ID-
Cloud Build ID.
This flag argument must be specified if any of the other arguments in this group are specified.
--cloud-build-project-id=CLOUD_BUILD_PROJECT_ID-
Cloud Build project ID.
This flag argument must be specified if any of the other arguments in this group are specified.
--cloud-build-trigger-id=CLOUD_BUILD_TRIGGER_ID- Cloud Build trigger ID.
- GitHub Actions workflow context flags.
--github-run-id=GITHUB_RUN_ID-
GitHub run ID.
This flag argument must be specified if any of the other arguments in this group are specified.
--github-repository=GITHUB_REPOSITORY- GitHub repository.
--github-workflow=GITHUB_WORKFLOW- GitHub workflow.
- Jenkins CI Pipeline context flags.
--jenkins-build-id=JENKINS_BUILD_ID-
Jenkins build ID.
This flag argument must be specified if any of the other arguments in this group are specified.
--jenkins-build-tag=JENKINS_BUILD_TAG-
Jenkins build tag.
This flag argument must be specified if any of the other arguments in this group are specified.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$ gcloud helpfor details. - NOTES
- This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist.
gcloud alpha scc artifact-guard images scan
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-05-19 UTC.