HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/current/help/man/man1/
Upload Files
File: //snap/google-cloud-cli/current/help/man/man1/gcloud_artifacts_vulnerabilities_load-vex.1
.TH "GCLOUD_ARTIFACTS_VULNERABILITIES_LOAD\-VEX" 1



.SH "NAME"
.HP
gcloud artifacts vulnerabilities load\-vex \- load VEX data from a CSAF file into Artifact Analysis



.SH "SYNOPSIS"
.HP
\f5gcloud artifacts vulnerabilities load\-vex\fR \fB\-\-source\fR=\fISOURCE\fR \fB\-\-uri\fR=\fIURI\fR [\fB\-\-location\fR=\fILOCATION\fR] [\fB\-\-project\fR=\fIPROJECT\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "DESCRIPTION"

Command loads VEX data from a Common Security Advisory Framework (CSAF) file
into Artifact Analysis as VulnerabilityAssessment Notes. VEX data tells Artifact
Analysis whether vulnerabilities are relevant and how.



.SH "EXAMPLES"

To load a CSAF security advisory file given an artifact in Artifact Registry and
the file on disk, run:

.RS 2m
$ gcloud artifacts vulnerabilities load\-vex \e
\-\-uri=us\-east1\-docker.pkg.dev/project123/repository123/\e
someimage@sha256:49765698074d6d7baa82f \-\-source=/path/to/vex/file
.RE

To load a CSAF security advisory file given an artifact with a tag and a file on
disk, run:

.RS 2m
$ gcloud artifacts vulnerabilities load\-vex \e
\-\-uri=us\-east1\-docker.pkg.dev/project123/repository123/\e
someimage:latest \-\-source=/path/to/vex/file
.RE



.SH "REQUIRED FLAGS"

.RS 2m
.TP 2m
\fB\-\-source\fR=\fISOURCE\fR

The path of the VEX file.

.TP 2m
\fB\-\-uri\fR=\fIURI\fR

The path of the artifact in Artifact Registry. A 'gcr.io' image can also be used
if redirection is enabled in Artifact Registry. Make sure
\'artifactregistry.projectsettings.get' permission is granted to the current
gcloud user to verify the redirection status.


.RE
.sp

.SH "OPTIONAL FLAGS"

.RS 2m
.TP 2m
\fB\-\-location\fR=\fILOCATION\fR

If specified, all requests to Artifact Analysis for occurrences will go to
location specified

.TP 2m
\fB\-\-project\fR=\fIPROJECT\fR

The parent project to load security advisory into.


.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.
@ Telegram