- NAME
-
- gcloud artifacts sbom load - upload an SBOM file and create a reference occurrence
- SYNOPSIS
-
-
gcloud artifacts sbom load--source=SOURCE--uri=ARTIFACT_URI[--destination=DESTINATION] [--kms-key-version=KMS_KEY_VERSION] [--location=LOCATION] [GCLOUD_WIDE_FLAG …]
-
- DESCRIPTION
- Upload an SBOM file and create a reference occurrence.
- EXAMPLES
-
To upload an SBOM file at /path/to/sbom.json for a Docker image in Artifact
Registry:
gcloud artifacts sbom load --source=/path/to/sbom.json --uri=us-west1-docker.pkg.dev/my-project/my-repository/busy-box@sha256:abcxyzTo upload an SBOM file at /path/to/sbom.json for a Docker image with a KMS key version to sign the created SBOM reference:
gcloud artifacts sbom load --source=/path/to/sbom.json --uri=us-west1-docker.pkg.dev/my-project/my-repository/busy-box@sha256:abcxyz --kms-key-version=projects/my-project/locations/us-west1/keyRings/my-key-ring/cryptoKeys/my-key/cryptoKeyVersions/1To upload an SBOM file at /path/to/sbom.json for a Docker image from a Docker registry:
gcloud artifacts sbom load --source=/path/to/sbom.json --uri=my-docker-registry/my-image@sha256:abcxyz --destination=gs://my-cloud-storage-bucket - REQUIRED FLAGS
-
--source=SOURCE- The SBOM file for uploading.
--uri=ARTIFACT_URI-
The URI of the artifact the SBOM is generated from. The URI can be a Docker
image from any Docker registries. A URI provided with a tag (e.g.
[IMAGE]:[TAG]) will be resolved into a URI with a digest ([IMAGE]@sha256:[DIGEST]). When passing an image which is not from Artifact Registry or Container Registry with a tag, only public images can be resolved. Also, when passing an image which is not from Artifact Registry or Container Registry, the--destinationflag is required.
- OPTIONAL FLAGS
-
--destination=DESTINATION- The storage path will be used to store the SBOM file. Currently only supports Cloud Storage paths start with 'gs://'.
--kms-key-version=KMS_KEY_VERSION-
Cloud KMS key version to sign the SBOM reference. The key version provided
should be the resource ID in the format of
projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]/cryptoKeyVersions/[KEY_VERSION]. --location=LOCATION- If specified, all requests to Artifact Analysis for occurrences will go to location specified
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$ gcloud helpfor details.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-10-01 UTC.