- NAME
-
- gcloud scc manage services describe - get the details of a Security Command Center service
- SYNOPSIS
-
-
gcloud scc manage services describeSERVICE_NAME(--folder=FOLDER_ID|--organization=ORGANIZATION_ID|--parent=PARENT|--project=PROJECT_ID_OR_NUMBER) [--filter-modules=FILTER_MODULES] [GCLOUD_WIDE_FLAG …]
-
- DESCRIPTION
- Get the details of a Security Command Center service. It resolves INHERITED enablement states to ENABLED or DISABLED for services at ancestor levels. For example, if the service is enabled at the ancestor level, services for all child resources will have the enablement state set to ENABLED.
- EXAMPLES
- To get the details of a Security Command Center service with name
shafor organization123, run:gcloud scc manage services describe sha --organization = 123To get the details of a Security Command Center service with name
shafor folder456, run:gcloud scc manage services describe sha --folder = 456To get the details of a Security Command Center service with ID
shafor project789, run:gcloud scc manage services describe sha --project = 789You can also specify the parent more generally:
gcloud scc manage services describe sha --parent = organizations/123To get the details of modules,
[ABC, DEF]of a Security Command Center service with nameshafor organization123, run:gcloud scc manage services describe sha --module-list =[ ABC, DEF ] --organization = 123 - POSITIONAL ARGUMENTS
-
-
SERVICE_NAME - The service name, provided either in lowercase hyphenated form (e.g.
security-health-analytics), or in abbreviated form (e.g. sha) if applicable.
The list of supported services is:
- security-health-analytics (can be abbreviated as sha)
- event-threat-detection (can be abbreviated as etd)
- container-threat-detection (can be abbreviated as ctd)
- vm-threat-detection (can be abbreviated as vmtd)
- web-security-scanner (can be abbreviated as wss)
- vm-threat-detection-aws (can be abbreviated as vmtd-aws)
- cloud-run-threat-detection (can be abbreviated as crtd)
- vm-manager (can be abbreviated as vmm)
- ec2-vulnerability-assessment (can be abbreviated as ec2-va)
- gce-vulnerability-assessment (can be abbreviated as gce-va)
- azure-vulnerability-assessment (can be abbreviated as azure-va)
- notebook-security-scanner (can be abbreviated as nss)
- agent-engine-threat-detection (can be abbreviated as aetd)
-
- REQUIRED FLAGS
-
- Exactly one of these must be specified:
-
--folder=FOLDER_ID - Folder associated with the custom module.
-
--organization=ORGANIZATION_ID - Organization associated with the custom module.
-
--parent=PARENT - Parent associated with the custom module. Can be one of organizations/<id>, projects/<id or name>, folders/<id>
-
--project=PROJECT_ID_OR_NUMBER - Project associated with the custom module.
-
- Exactly one of these must be specified:
- OPTIONAL FLAGS
-
-
--filter-modules=FILTER_MODULES - If provided, only prints module information for modules specified in the list. Provided as a comma separated list of module names in SCREAMING_SNAKE_CASE format (e.g. WEB_UI_ENABLED, API_KEY_NOT_ROTATED). A single module name is also valid.
-
- GCLOUD WIDE FLAGS
- These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$ gcloud helpfor details. - NOTES
- This variant is also available:
gcloud alpha scc manage services describe
gcloud scc manage services describe
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-05-27 UTC.
