ROX-27689: provide example for non-delegated roxctl image scan

RTann · RTann · commit eba9dba79ca5 · 2025-01-15T14:23:16.000-08:00
diff --git a/cli/image-scanning-by-using-the-roxctl-cli.adoc b/cli/image-scanning-by-using-the-roxctl-cli.adoc
@@ -9,6 +9,58 @@ toc::[]
 [role="_abstract"]
 You can scan images stored in image registries, including cluster local registries such as the {ocp} integrated image registry by using the `roxctl` CLI.
 
+[id="scanning-images-by-using-a-remote-cluster_{context}"]
+== Scanning images by using the Central cluster
+
+The following outlines the procedure for scanning images via the StackRox Scanner or Scanner V4 installed in the Central cluster.
+
+.Procedure
+
+* Run the following command to scan the specified image:
++
+[source,terminal,subs="+quotes"]
+----
+$ roxctl image scan \
+  --image=_<image_registry>_/_<image_name>_[_<reference>_] \// <1>
+  [flags] <2>
+----
++
+--
+<1> For `<image_registry>`, specify the registry where the image is located, for example, `registry.redhat.io`.
+For `<image_name>`, specify the name of the image you want to scan, for example, `default/image`.
+<reference> may be:
+  * blank
+  * a tag preceded by a colon, for example, `:latest`
+  * a digest preceded by an at sign, for example, `@sha256:710ecc84318c54c9d1e08fe89d03e74cc09350909e5b12e5d07ac6941fd02b27`
+<2> Optional: For `[flags]`, you can specify parameters to modify the behavior of the command.
++
+For more information about optional parameters, see xref:../cli/image-scanning-by-using-the-roxctl-cli.adoc#roxctl-image-scan-command-options_image-scanning-by-using-the-roxctl-cli[roxctl image scan command options].
+--
++
+.Example output
++
+[source,text,subs=attributes+]
+----
+{
+  "Id": "sha256:3f439d7d71adb0a0c8e05257c091236ab00c6343bc44388d091450ff58664bf9", <1>
+  "name": { <2>
+    "registry": "registry.redhat.io", <3>
+    "remote": "default/image", <4>
+    "tag": "latest", <5>
+    "fullName": "registry.redhat.iodefault/image:latest" <6>
+  },
+[...]
+----
++
+--
+<1> A unique identifier for the image that serves as a fingerprint for the image. It helps ensure the integrity and authenticity of the image.
+<2> Contains specific details about the image.
+<3> The location of the image registry where the image is stored.
+<4> The remote path to the image.
+<5> The version or tag associated with this image.
+<6> The complete name of the image, combining the registry, remote path, and tag.
+--
+
 [id="scanning-images-by-using-a-remote-cluster_{context}"]
 == Scanning images by using a remote cluster
 
@@ -26,14 +78,18 @@ For more information about how to configure delegated image scanning, see xref:.
 [source,terminal,subs="+quotes"]
 ----
 $ roxctl image scan \
-  --image=_<image_registry>_/_<image_name>_ \// <1>
+  --image=_<image_registry>_/_<image_name>_[_<reference>_] \// <1>
   --cluster=_<cluster_detail>_ \// <2>
   [flags] <3>
 ----
 +
 --
-<1> For `<image_registry>`, specify the registry where the image is located, for example, `image-registry.openshift-image-registry.svc:5000/`.
-For `<image_name>`, specify the name of the image you want to scan, for example, `default/image-stream:latest`.
+<1> For `<image_registry>`, specify the registry where the image is located, for example, `registry.redhat.io`.
+For `<image_name>`, specify the name of the image you want to scan, for example, `default/image`.
+<reference> may be:
+  * blank
+  * a tag preceded by a colon, for example, `:latest`
+  * a digest preceded by an at sign, for example, `@sha256:710ecc84318c54c9d1e08fe89d03e74cc09350909e5b12e5d07ac6941fd02b27`
 <2> For `<cluster_detail>`, specify the name or ID of the remote cluster. For example, specify the name `remote`.
 <3> Optional: For `[flags]`, you can specify parameters to modify the behavior of the command.
 +
