NAME
    gcloud artifacts sbom load - upload an SBOM file and create a reference
        occurrence

SYNOPSIS
    gcloud artifacts sbom load --source=SOURCE --uri=ARTIFACT_URI
        [--destination=DESTINATION] [--kms-key-version=KMS_KEY_VERSION]
        [--location=LOCATION] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION
    Upload an SBOM file and create a reference occurrence.

EXAMPLES
    To upload an SBOM file at /path/to/sbom.json for a Docker image in Artifact
    Registry:

        $ gcloud artifacts sbom load --source=/path/to/sbom.json \
            --uri=us-west1-docker.pkg.dev/my-project/my-repository/\
        busy-box@sha256:abcxyz

    To upload an SBOM file at /path/to/sbom.json for a Docker image with a KMS
    key version to sign the created SBOM reference:

        $ gcloud artifacts sbom load --source=/path/to/sbom.json \
            --uri=us-west1-docker.pkg.dev/my-project/my-repository/\
        busy-box@sha256:abcxyz \
            --kms-key-version=projects/my-project/locations/us-west1/\
        keyRings/my-key-ring/cryptoKeys/my-key/cryptoKeyVersions/1

    To upload an SBOM file at /path/to/sbom.json for a Docker image from a
    Docker registry:

        $ gcloud artifacts sbom load --source=/path/to/sbom.json \
            --uri=my-docker-registry/my-image@sha256:abcxyz \
            --destination=gs://my-cloud-storage-bucket

REQUIRED FLAGS
     --source=SOURCE
        The SBOM file for uploading.

     --uri=ARTIFACT_URI
        The URI of the artifact the SBOM is generated from. The URI can be a
        Docker image from any Docker registries. A URI provided with a tag
        (e.g. [IMAGE]:[TAG]) will be resolved into a URI with a digest
        ([IMAGE]@sha256:[DIGEST]). When passing an image which is not from
        Artifact Registry or Container Registry with a tag, only public images
        can be resolved. Also, when passing an image which is not from Artifact
        Registry or Container Registry, the --destination flag is required.

OPTIONAL FLAGS
     --destination=DESTINATION
        The storage path will be used to store the SBOM file. Currently only
        supports Cloud Storage paths start with 'gs://'.

     --kms-key-version=KMS_KEY_VERSION
        Cloud KMS key version to sign the SBOM reference. The key version
        provided should be the resource ID in the format of
        projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]/cryptoKeyVersions/[KEY_VERSION].

     --location=LOCATION
        If specified, all requests to Artifact Analysis for occurrences will go
        to location specified

GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file, --account,
    --billing-project, --configuration, --flags-file, --flatten, --format,
    --help, --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

    Run $ gcloud help for details.
