HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/current/help/man/man1/
Upload Files
File: //snap/google-cloud-cli/current/help/man/man1/gcloud_artifacts_sbom_load.1
.TH "GCLOUD_ARTIFACTS_SBOM_LOAD" 1



.SH "NAME"
.HP
gcloud artifacts sbom load \- upload an SBOM file and create a reference occurrence



.SH "SYNOPSIS"
.HP
\f5gcloud artifacts sbom load\fR \fB\-\-source\fR=\fISOURCE\fR \fB\-\-uri\fR=\fIARTIFACT_URI\fR [\fB\-\-destination\fR=\fIDESTINATION\fR] [\fB\-\-kms\-key\-version\fR=\fIKMS_KEY_VERSION\fR] [\fB\-\-location\fR=\fILOCATION\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "DESCRIPTION"

Upload an SBOM file and create a reference occurrence.



.SH "EXAMPLES"

To upload an SBOM file at /path/to/sbom.json for a Docker image in Artifact
Registry:

.RS 2m
$ gcloud artifacts sbom load \-\-source=/path/to/sbom.json \e
    \-\-uri=us\-west1\-docker.pkg.dev/my\-project/my\-repository/\e
busy\-box@sha256:abcxyz
.RE

To upload an SBOM file at /path/to/sbom.json for a Docker image with a KMS key
version to sign the created SBOM reference:

.RS 2m
$ gcloud artifacts sbom load \-\-source=/path/to/sbom.json \e
    \-\-uri=us\-west1\-docker.pkg.dev/my\-project/my\-repository/\e
busy\-box@sha256:abcxyz \e
    \-\-kms\-key\-version=projects/my\-project/locations/us\-west1/\e
keyRings/my\-key\-ring/cryptoKeys/my\-key/cryptoKeyVersions/1
.RE

To upload an SBOM file at /path/to/sbom.json for a Docker image from a Docker
registry:

.RS 2m
$ gcloud artifacts sbom load \-\-source=/path/to/sbom.json \e
    \-\-uri=my\-docker\-registry/my\-image@sha256:abcxyz \e
    \-\-destination=gs://my\-cloud\-storage\-bucket
.RE



.SH "REQUIRED FLAGS"

.RS 2m
.TP 2m
\fB\-\-source\fR=\fISOURCE\fR

The SBOM file for uploading.

.TP 2m
\fB\-\-uri\fR=\fIARTIFACT_URI\fR

The URI of the artifact the SBOM is generated from. The URI can be a Docker
image from any Docker registries. A URI provided with a tag (e.g.
\f5[IMAGE]:[TAG]\fR) will be resolved into a URI with a digest
(\f5[IMAGE]@sha256:[DIGEST]\fR). When passing an image which is not from
Artifact Registry or Container Registry with a tag, only public images can be
resolved. Also, when passing an image which is not from Artifact Registry or
Container Registry, the \f5\-\-destination\fR flag is required.


.RE
.sp

.SH "OPTIONAL FLAGS"

.RS 2m
.TP 2m
\fB\-\-destination\fR=\fIDESTINATION\fR

The storage path will be used to store the SBOM file. Currently only supports
Cloud Storage paths start with 'gs://'.

.TP 2m
\fB\-\-kms\-key\-version\fR=\fIKMS_KEY_VERSION\fR

Cloud KMS key version to sign the SBOM reference. The key version provided
should be the resource ID in the format of
\f5projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]/cryptoKeyVersions/[KEY_VERSION]\fR.

.TP 2m
\fB\-\-location\fR=\fILOCATION\fR

If specified, all requests to Artifact Analysis for occurrences will go to
location specified


.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.
@ Telegram