gcloud artifacts sbom load

NAME: gcloud artifacts sbom load - upload an SBOM file and create a reference occurrence
SYNOPSIS: gcloud artifacts sbom load--source=SOURCE--uri=ARTIFACT_URI[--destination=DESTINATION][--kms-key-version=KMS_KEY_VERSION][--location=LOCATION][GCLOUD_WIDE_FLAG …]
DESCRIPTION: Upload an SBOM file and create a reference occurrence.
EXAMPLES: To upload an SBOM file at /path/to/sbom.json for a Docker image in ArtifactRegistry:
gcloudartifactssbomload--source=/path/to/sbom.json--uri=us-west1-docker.pkg.dev/my-project/my-repository/busy-box@sha256:abcxyz
To upload an SBOM file at /path/to/sbom.json for a Docker image with a KMS keyversion to sign the created SBOM reference:
gcloudartifactssbomload--source=/path/to/sbom.json--uri=us-west1-docker.pkg.dev/my-project/my-repository/busy-box@sha256:abcxyz--kms-key-version=projects/my-project/locations/us-west1/keyRings/my-key-ring/cryptoKeys/my-key/cryptoKeyVersions/1
To upload an SBOM file at /path/to/sbom.json for a Docker image from a Dockerregistry:
gcloudartifactssbomload--source=/path/to/sbom.json--uri=my-docker-registry/my-image@sha256:abcxyz--destination=gs://my-cloud-storage-bucket
REQUIRED FLAGS: --source=SOURCE
The SBOM file for uploading.
--uri=ARTIFACT_URI
The URI of the artifact the SBOM is generated from. The URI can be a Dockerimage from any Docker registries. A URI provided with a tag (e.g.[IMAGE]:[TAG]) will be resolved into a URI with a digest([IMAGE]@sha256:[DIGEST]). When passing an image which is not fromArtifact Registry or Container Registry with a tag, only public images can beresolved. Also, when passing an image which is not from Artifact Registry orContainer Registry, the--destination flag is required.
OPTIONAL FLAGS: --destination=DESTINATION
The storage path will be used to store the SBOM file. Currently only supportsCloud Storage paths start with 'gs://'.
--kms-key-version=KMS_KEY_VERSION
Cloud KMS key version to sign the SBOM reference. The key version providedshould be the resource ID in the format ofprojects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]/cryptoKeyVersions/[KEY_VERSION].
--location=LOCATION
If specified, all requests to Artifact Analysis for occurrences will go tolocation specified
GCLOUD WIDE FLAGS: These flags are available to all commands:--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.
Run$gcloud help for details.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-05-07 UTC.

Movatterモバイル変換

gcloud artifacts sbom load Stay organized with collections Save and categorize content based on your preferences.

gcloud artifacts sbom load