mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-18 14:56:05 +00:00
gcloud: Wed Aug 9 11:23:49 UTC 2023
This commit is contained in:
parent
678b9afba9
commit
19bfacfbed
148 changed files with 2955 additions and 379 deletions
|
|
@ -42,6 +42,9 @@ GROUPS
|
|||
repositories
|
||||
Manage Artifact Registry repositories.
|
||||
|
||||
sbom
|
||||
Manage Artifact SBOMs.
|
||||
|
||||
settings
|
||||
Manage Artifact Registry project settings.
|
||||
|
||||
|
|
@ -55,6 +58,9 @@ GROUPS
|
|||
Manage Artifact Registry VPC Service Controls configuration for remote
|
||||
repositories.
|
||||
|
||||
vulnerabilities
|
||||
Manage Artifact Vulnerabilities.
|
||||
|
||||
yum
|
||||
Manage Artifact Registry RPM packages.
|
||||
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ SYNOPSIS
|
|||
[--remote-python-repo=REMOTE_PYTHON_REPO]
|
||||
[--remote-repo-config-desc=REMOTE_REPO_CONFIG_DESC]
|
||||
[--upstream-policy-file=FILE] [--version-policy=VERSION_POLICY]
|
||||
[--allow-sbom-generation | --disable-sbom-generation]
|
||||
[GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
|
|
@ -171,6 +172,14 @@ OPTIONAL FLAGS
|
|||
snapshot
|
||||
(Maven only) The repository accepts snapshot versions only.
|
||||
|
||||
At most one of these can be specified:
|
||||
|
||||
--allow-sbom-generation
|
||||
Allow SBOM generation on the repository.
|
||||
|
||||
--disable-sbom-generation
|
||||
Disable SBOM generation on the repository.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
--billing-project, --configuration, --flags-file, --flatten, --format,
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ SYNOPSIS
|
|||
gcloud artifacts repositories update (REPOSITORY : --location=LOCATION)
|
||||
[--description=DESCRIPTION] [--immutable-tags]
|
||||
[--update-labels=[KEY=VALUE,...]] [--upstream-policy-file=FILE]
|
||||
[--allow-sbom-generation | --disable-sbom-generation]
|
||||
[--clear-labels | --remove-labels=[KEY,...]] [GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
|
|
@ -82,6 +83,14 @@ FLAGS
|
|||
"priority": 1 }, { "id": "test2", "repository":
|
||||
"projects/p2/locations/us-west2/repository/repo2", "priority": 2 } ]
|
||||
|
||||
At most one of these can be specified:
|
||||
|
||||
--allow-sbom-generation
|
||||
Allow SBOM generation on the repository.
|
||||
|
||||
--disable-sbom-generation
|
||||
Disable SBOM generation on the repository.
|
||||
|
||||
At most one of these can be specified:
|
||||
|
||||
--clear-labels
|
||||
|
|
|
|||
28
gcloud/artifacts/sbom/export
Normal file
28
gcloud/artifacts/sbom/export
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
NAME
|
||||
gcloud artifacts sbom export - export SBOM files
|
||||
|
||||
SYNOPSIS
|
||||
gcloud artifacts sbom export --uri=URI [GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
Export SBOM files.
|
||||
|
||||
EXAMPLES
|
||||
To export an SBOM file for the Artifact Registry image with URI
|
||||
"us-west1-docker.pkg.dev/my-project/my-repository/busy-box@sha256:abcxyz":
|
||||
|
||||
$ gcloud artifacts sbom export \
|
||||
--uri=us-west1-docker.pkg.dev/my-project/my-repository/\
|
||||
busy-box@sha256:abcxyz
|
||||
|
||||
REQUIRED FLAGS
|
||||
--uri=URI
|
||||
The URI of the Artifact Registry image the SBOM is exported for.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
--billing-project, --configuration, --flags-file, --flatten, --format,
|
||||
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
||||
--trace-token, --user-output-enabled, --verbosity.
|
||||
|
||||
Run $ gcloud help for details.
|
||||
25
gcloud/artifacts/sbom/help
Normal file
25
gcloud/artifacts/sbom/help
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
NAME
|
||||
gcloud artifacts sbom - manage Artifact SBOMs
|
||||
|
||||
SYNOPSIS
|
||||
gcloud artifacts sbom COMMAND [GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
Manage Artifact SBOMs.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --help.
|
||||
|
||||
Run $ gcloud help for details.
|
||||
|
||||
COMMANDS
|
||||
COMMAND is one of the following:
|
||||
|
||||
export
|
||||
Export SBOM files.
|
||||
|
||||
list
|
||||
List SBOM file references.
|
||||
|
||||
load
|
||||
Upload an SBOM file and create a reference occurrence.
|
||||
93
gcloud/artifacts/sbom/list
Normal file
93
gcloud/artifacts/sbom/list
Normal file
|
|
@ -0,0 +1,93 @@
|
|||
NAME
|
||||
gcloud artifacts sbom list - list SBOM file references
|
||||
|
||||
SYNOPSIS
|
||||
gcloud artifacts sbom list
|
||||
[--dependency=DEPENDENCY | --resource=RESOURCE
|
||||
| --resource-prefix=RESOURCE_PREFIX] [--filter=EXPRESSION]
|
||||
[--limit=LIMIT] [--page-size=PAGE_SIZE]
|
||||
[--sort-by=[FIELD,...]; default="occ.create_time"]
|
||||
[GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
List SBOM file references.
|
||||
|
||||
EXAMPLES
|
||||
To list SBOM file references:
|
||||
|
||||
$ gcloud artifacts sbom list
|
||||
|
||||
To list SBOM file references related to the image with the tag
|
||||
"us-east1-docker.pkg.dev/project/repo/my-image:1.0":
|
||||
|
||||
$ gcloud artifacts sbom list \
|
||||
--resource="us-east1-docker.pkg.dev/project/repo/my-image:1.0"
|
||||
|
||||
To list SBOM file references related to the image with the digest
|
||||
"us-east1-docker.pkg.dev/project/repo/my-image@sha256:88b205d7995332e10e836514fbfd59ecaf8976fc15060cd66e85cdcebe7fb356":
|
||||
|
||||
$ gcloud artifacts sbom list \
|
||||
--resource="us-east1-docker.pkg.dev/project/repo/my-image@sha256\
|
||||
:88b205d7995332e10e836514fbfd59ecaf8976fc15060cd66e85cdcebe7fb356"
|
||||
|
||||
To list SBOM file references related to the images with the resource path
|
||||
prefix "us-east1-docker.pkg.dev/project/repo":
|
||||
|
||||
$ gcloud artifacts sbom list \
|
||||
--resource-prefix="us-east1-docker.pkg.dev/project/repo"
|
||||
|
||||
To list SBOM file references generated when the images were pushed to
|
||||
Artifact Registry and related to the installed package dependency "perl":
|
||||
|
||||
$ gcloud artifacts sbom list --dependency="perl"
|
||||
|
||||
FLAGS
|
||||
At most one of these can be specified:
|
||||
|
||||
--dependency=DEPENDENCY
|
||||
List SBOM file references generated when the images were pushed to
|
||||
Artifact Registry and related to the installed package dependency.
|
||||
See https://cloud.google.com/container-analysis/docs/scanning-types
|
||||
for supported packages.
|
||||
|
||||
--resource=RESOURCE
|
||||
List SBOM file references related to the image resource uri.
|
||||
|
||||
--resource-prefix=RESOURCE_PREFIX
|
||||
List SBOM file references related to the resource uri with the
|
||||
resource path prefix.
|
||||
|
||||
LIST COMMAND FLAGS
|
||||
--filter=EXPRESSION
|
||||
Apply a Boolean filter EXPRESSION to each resource item to be listed.
|
||||
If the expression evaluates True, then that item is listed. For more
|
||||
details and examples of filter expressions, run $ gcloud topic filters.
|
||||
This flag interacts with other flags that are applied in this order:
|
||||
--flatten, --sort-by, --filter, --limit.
|
||||
|
||||
--limit=LIMIT
|
||||
Maximum number of resources to list. The default is unlimited. This
|
||||
flag interacts with other flags that are applied in this order:
|
||||
--flatten, --sort-by, --filter, --limit.
|
||||
|
||||
--page-size=PAGE_SIZE
|
||||
Some services group resource list output into pages. This flag
|
||||
specifies the maximum number of resources per page. The default is
|
||||
determined by the service if it supports paging, otherwise it is
|
||||
unlimited (no paging). Paging may be applied before or after --filter
|
||||
and --limit depending on the service.
|
||||
|
||||
--sort-by=[FIELD,...]; default="occ.create_time"
|
||||
Comma-separated list of resource field key names to sort by. The
|
||||
default order is ascending. Prefix a field with ``~'' for descending
|
||||
order on that field. This flag interacts with other flags that are
|
||||
applied in this order: --flatten, --sort-by, --filter, --limit. The
|
||||
default is occ.create_time.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
--billing-project, --configuration, --flags-file, --flatten, --format,
|
||||
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
||||
--trace-token, --user-output-enabled, --verbosity.
|
||||
|
||||
Run $ gcloud help for details.
|
||||
66
gcloud/artifacts/sbom/load
Normal file
66
gcloud/artifacts/sbom/load
Normal file
|
|
@ -0,0 +1,66 @@
|
|||
NAME
|
||||
gcloud artifacts sbom load - upload an SBOM file and create a reference
|
||||
occurrence
|
||||
|
||||
SYNOPSIS
|
||||
gcloud artifacts sbom load --source=SOURCE --uri=ARTIFACT_URI
|
||||
[--destination=DESTINATION] [--kms-key-version=KMS_KEY_VERSION]
|
||||
[GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
Upload an SBOM file and create a reference occurrence.
|
||||
|
||||
EXAMPLES
|
||||
To upload an SBOM file at /path/to/sbom.json for a Docker image in Artifact
|
||||
Registry:
|
||||
|
||||
$ gcloud artifacts sbom load --source=/path/to/sbom.json \
|
||||
--uri=us-west1-docker.pkg.dev/my-project/my-repository/\
|
||||
busy-box@sha256:abcxyz
|
||||
|
||||
To upload an SBOM file at /path/to/sbom.json for a Docker image with a KMS
|
||||
key version to sign the created SBOM reference:
|
||||
|
||||
$ gcloud artifacts sbom load --source=/path/to/sbom.json \
|
||||
--uri=us-west1-docker.pkg.dev/my-project/my-repository/\
|
||||
busy-box@sha256:abcxyz \
|
||||
--kms-key-version=projects/my-project/locations/us-west1/\
|
||||
keyRings/my-key-ring/cryptoKeys/my-key/cryptoKeyVersions/1
|
||||
|
||||
To upload an SBOM file at /path/to/sbom.json for a Docker image from a
|
||||
Docker registry:
|
||||
|
||||
$ gcloud artifacts sbom load --source=/path/to/sbom.json \
|
||||
--uri=my-docker-registry/my-image@sha256:abcxyz \
|
||||
--destination=gs://my-cloud-storage-bucket
|
||||
|
||||
REQUIRED FLAGS
|
||||
--source=SOURCE
|
||||
The SBOM file for uploading.
|
||||
|
||||
--uri=ARTIFACT_URI
|
||||
The URI of the artifact the SBOM is generated from. The URI can be a
|
||||
Docker image from any Docker registries. A URI provided with a tag
|
||||
(e.g. [IMAGE]:[TAG]) will be resolved into a URI with a digest
|
||||
([IMAGE]@sha256:[DIGEST]). When passing an image which is not from
|
||||
Artifact Registry or Container Registry with a tag, only public images
|
||||
can be resolved. Also, when passing an image which is not from Artifact
|
||||
Registry or Container Registry, the --destination flag is required.
|
||||
|
||||
OPTIONAL FLAGS
|
||||
--destination=DESTINATION
|
||||
The storage path will be used to store the SBOM file. Currently only
|
||||
supports Cloud Storage paths start with 'gs://'.
|
||||
|
||||
--kms-key-version=KMS_KEY_VERSION
|
||||
Cloud KMS key version to sign the SBOM reference. The key version
|
||||
provided should be the resource ID in the format of
|
||||
projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]/cryptoKeyVersions/[KEY_VERSION].
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
--billing-project, --configuration, --flags-file, --flatten, --format,
|
||||
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
||||
--trace-token, --user-output-enabled, --verbosity.
|
||||
|
||||
Run $ gcloud help for details.
|
||||
23
gcloud/artifacts/vulnerabilities/help
Normal file
23
gcloud/artifacts/vulnerabilities/help
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
NAME
|
||||
gcloud artifacts vulnerabilities - manage Artifact Vulnerabilities
|
||||
|
||||
SYNOPSIS
|
||||
gcloud artifacts vulnerabilities COMMAND [GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
Manage Artifact Vulnerabilities.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --help.
|
||||
|
||||
Run $ gcloud help for details.
|
||||
|
||||
COMMANDS
|
||||
COMMAND is one of the following:
|
||||
|
||||
list
|
||||
Command for listing vulnerabilities. To see all fields, use
|
||||
--format=json.
|
||||
|
||||
load-vex
|
||||
Load VEX data from a file.
|
||||
70
gcloud/artifacts/vulnerabilities/list
Normal file
70
gcloud/artifacts/vulnerabilities/list
Normal file
|
|
@ -0,0 +1,70 @@
|
|||
NAME
|
||||
gcloud artifacts vulnerabilities list - command for listing
|
||||
vulnerabilities. To see all fields, use --format=json
|
||||
|
||||
SYNOPSIS
|
||||
gcloud artifacts vulnerabilities list URI
|
||||
[--occurrence-filter=OCCURRENCE_FILTER] [--filter=EXPRESSION]
|
||||
[--limit=LIMIT] [--page-size=PAGE_SIZE] [--sort-by=[FIELD,...]] [--uri]
|
||||
[GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
Command for listing vulnerabilities. To see all fields, use --format=json.
|
||||
|
||||
EXAMPLES
|
||||
To list vulnerabilities for an artifact, run:
|
||||
|
||||
$ gcloud artifacts vulnerabilities list \
|
||||
us-east1-docker.pkg.dev/project123/repository123/\
|
||||
someimage@sha256:49765698074d6d7baa82f
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
URI
|
||||
An URI identifying a container image or package in Artifact Registry or
|
||||
Google Cloud Registry.
|
||||
|
||||
FLAGS
|
||||
--occurrence-filter=OCCURRENCE_FILTER
|
||||
A filter for the occurrences which will be summarized. See link for
|
||||
officially supported filters:
|
||||
https://cloud.google.com/container-analysis/docs/os-scanning-automatically#filtering
|
||||
|
||||
LIST COMMAND FLAGS
|
||||
--filter=EXPRESSION
|
||||
Apply a Boolean filter EXPRESSION to each resource item to be listed.
|
||||
If the expression evaluates True, then that item is listed. For more
|
||||
details and examples of filter expressions, run $ gcloud topic filters.
|
||||
This flag interacts with other flags that are applied in this order:
|
||||
--flatten, --sort-by, --filter, --limit.
|
||||
|
||||
--limit=LIMIT
|
||||
Maximum number of resources to list. The default is unlimited. This
|
||||
flag interacts with other flags that are applied in this order:
|
||||
--flatten, --sort-by, --filter, --limit.
|
||||
|
||||
--page-size=PAGE_SIZE
|
||||
Some services group resource list output into pages. This flag
|
||||
specifies the maximum number of resources per page. The default is
|
||||
determined by the service if it supports paging, otherwise it is
|
||||
unlimited (no paging). Paging may be applied before or after --filter
|
||||
and --limit depending on the service.
|
||||
|
||||
--sort-by=[FIELD,...]
|
||||
Comma-separated list of resource field key names to sort by. The
|
||||
default order is ascending. Prefix a field with ``~'' for descending
|
||||
order on that field. This flag interacts with other flags that are
|
||||
applied in this order: --flatten, --sort-by, --filter, --limit.
|
||||
|
||||
--uri
|
||||
Print a list of resource URIs instead of the default output, and change
|
||||
the command output to a list of URIs. If this flag is used with
|
||||
--format, the formatting is applied on this URI list. To display URIs
|
||||
alongside other keys instead, use the uri() transform.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
--billing-project, --configuration, --flags-file, --flatten, --format,
|
||||
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
||||
--trace-token, --user-output-enabled, --verbosity.
|
||||
|
||||
Run $ gcloud help for details.
|
||||
43
gcloud/artifacts/vulnerabilities/load-vex
Normal file
43
gcloud/artifacts/vulnerabilities/load-vex
Normal file
|
|
@ -0,0 +1,43 @@
|
|||
NAME
|
||||
gcloud artifacts vulnerabilities load-vex - load VEX data from a file
|
||||
|
||||
SYNOPSIS
|
||||
gcloud artifacts vulnerabilities load-vex --source=SOURCE --uri=URI
|
||||
[--project=PROJECT] [GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
Load VEX data from a file.
|
||||
|
||||
EXAMPLES
|
||||
To load a CSAF security advisory file given an artifact in Artifact
|
||||
Registry and the file on disk, run:
|
||||
|
||||
$ gcloud artifacts vulnerabilities load-vex \
|
||||
--uri=us-east1-docker.pkg.dev/project123/repository123/\
|
||||
someimage@sha256:49765698074d6d7baa82f --source=/path/to/vex/file
|
||||
|
||||
To load a CSAF security advisory file given an artifact with a tag and a
|
||||
file on disk, run:
|
||||
|
||||
$ gcloud artifacts vulnerabilities load-vex \
|
||||
--uri=us-east1-docker.pkg.dev/project123/repository123/\
|
||||
someimage:latest --source=/path/to/vex/file
|
||||
|
||||
REQUIRED FLAGS
|
||||
--source=SOURCE
|
||||
The path of the VEX file.
|
||||
|
||||
--uri=URI
|
||||
The path of the artifact in Artifact Registry.
|
||||
|
||||
OPTIONAL FLAGS
|
||||
--project=PROJECT
|
||||
The parent project to load security advisory into.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
--billing-project, --configuration, --flags-file, --flatten, --format,
|
||||
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
||||
--trace-token, --user-output-enabled, --verbosity.
|
||||
|
||||
Run $ gcloud help for details.
|
||||
Loading…
Add table
Add a link
Reference in a new issue