Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Defender for Cloud CLI provides commands to scan container images for security vulnerabilities and export results in standard formats. This article describes the syntax, parameters, and usage examples for the image scan command.
Image scan
Command Group
defender scan image
Scan container images for vulnerabilities by using Microsoft Defender Vulnerability Management (MDVM).
Syntax
defender scan image <image-name> [--defender-output <path>]
Options
| Name | Required | Type | Description |
|---|---|---|---|
| <image-name> | Yes | String | The container image reference (for example, my-image:latest, registry.azurecr.io/app:v1). |
| --defender-output | No | String | Path to write aggregated SARIF output file. |
Examples
Scan a local image
defender scan image my-image:latest
Scan and export SARIF results
defender scan image my-image:latest --defender-output results.sarif