Edit

Share via

Defender for Cloud CLI Reference

The Defender for Cloud CLI provides commands to scan container images for security vulnerabilities and export results in standard formats. This article describes the syntax, parameters, and usage examples for the image and SBOM scan commands.

CLI Options

Option Required Type Description
--output-formats No String Option: HTML
--defender-output No String Sets the path to the output file [default: pwd]
--defender-break No Bool Exit with a non-zero code if critical issues are found

Image Scan

Use the defender scan image command to scan container images for vulnerabilities using Microsoft Defender Vulnerability Management (MDVM).

Usage

defender scan image <image-name> [--defender-output <path>]

Options

Name Required Type Description
<image-name> Yes String The container image reference (for example, my-image:latest, registry.azurecr.io/app:v1).

Examples

Scan a local image

defender scan image my-image:latest

Scan and export SARIF results

defender scan image my-image:latest --defender-output results.sarif

SBOM Scan

Use the defender scan sbom command to scan filesystem or container images to generate a Software Bill of Materials (SBOM). This command also identifies malicious packages.

Usage

defender scan sbom <target> [--sbom-format <format>]

Options

Name Required Type Description
<target> Yes String The container image reference or filesystem (for example, my-image:latest, /home/src/).
--sbom-format No String SBOM output format. Default: cyclonedx1.6-json
--output No String Output path for generated SBOM file (default: sbom-finding-<timestamp>.json)

Valid format options:

  • cyclonedx1.4-json, cyclonedx1.4-xml
  • cyclonedx1.5-json, cyclonedx1.5-xml
  • cyclonedx1.6-json, cyclonedx1.6-xml
  • spdx2.3-json

Examples

Create SBOM of a container image

defender scan sbom my-image:latest

Create SBOM from local filesystem

defender scan sbom /home/src --sbom-format cyclonedx1.6-xml
  • Last updated on