Skip to main content

lacework vulnerability container show-assessment

Show results of a container vulnerability assessment


Show the vulnerability assessment results of the specified container.

Arguments: <sha256:hash> a sha256 hash of a container image (format: sha256:1ee...1d3b)

Note that the provided SHA is treated first as the image digest, but if no results are found, this commands tries to use the SHA as the image id.

To request an on-demand vulnerability scan:

lacework vulnerability container scan <registry> <repository> <tag|digest>

To see details for a single cve result in an assessment:

lacework vulnerability show-assessment <sha256:hash> [cve_id]
lacework vulnerability container show-assessment <sha256:hash> [cve_id] [flags]


      --csv                       output vulnerability assessment in CSV format
--details increase details of a vulnerability assessment
--fail_on_fixable fail if the assessed container has fixable vulnerabilities
--fail_on_severity string specify a severity threshold to fail if vulnerabilities are found (critical, high, medium, low, info)
--fixable only show fixable vulnerabilities
-h, --help help for show-assessment
--html generate a vulnerability assessment in HTML format
--packages show a list of packages with CVE count
--severity string filter vulnerability assessment by severity threshold (critical, high, medium, low, info)

Options inherited from parent commands

  -a, --account string      account subdomain of URL (i.e. <ACCOUNT>
-k, --api_key string access key id
-s, --api_secret string secret access key
--api_token string access token (replaces the use of api_key and api_secret)
--debug turn on debug logging
--json switch commands output from human-readable to json format
--nocache turn off caching
--nocolor turn off colors
--noninteractive turn off interactive mode (disable spinners, prompts, etc.)
--organization access organization level data sets (org admins only)
-p, --profile string switch between profiles configured at ~/.lacework.toml
--subaccount string sub-account name inside your organization (org admins only)