1
0
Fork 0
mirror of https://github.com/imjasonh/gcloud-help synced 2026-07-18 14:56:05 +00:00

gcloud: Wed Aug 9 11:23:49 UTC 2023

This commit is contained in:
Automated 2023-08-09 11:23:49 +00:00
parent 678b9afba9
commit 19bfacfbed
148 changed files with 2955 additions and 379 deletions

View file

@ -42,6 +42,9 @@ GROUPS
repositories
Manage Artifact Registry repositories.
sbom
Manage Artifact SBOMs.
settings
Manage Artifact Registry project settings.
@ -55,6 +58,9 @@ GROUPS
Manage Artifact Registry VPC Service Controls configuration for remote
repositories.
vulnerabilities
Manage Artifact Vulnerabilities.
yum
Manage Artifact Registry RPM packages.

View file

@ -12,6 +12,7 @@ SYNOPSIS
[--remote-python-repo=REMOTE_PYTHON_REPO]
[--remote-repo-config-desc=REMOTE_REPO_CONFIG_DESC]
[--upstream-policy-file=FILE] [--version-policy=VERSION_POLICY]
[--allow-sbom-generation | --disable-sbom-generation]
[GCLOUD_WIDE_FLAG ...]
DESCRIPTION
@ -171,6 +172,14 @@ OPTIONAL FLAGS
snapshot
(Maven only) The repository accepts snapshot versions only.
At most one of these can be specified:
--allow-sbom-generation
Allow SBOM generation on the repository.
--disable-sbom-generation
Disable SBOM generation on the repository.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,

View file

@ -6,6 +6,7 @@ SYNOPSIS
gcloud artifacts repositories update (REPOSITORY : --location=LOCATION)
[--description=DESCRIPTION] [--immutable-tags]
[--update-labels=[KEY=VALUE,...]] [--upstream-policy-file=FILE]
[--allow-sbom-generation | --disable-sbom-generation]
[--clear-labels | --remove-labels=[KEY,...]] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
@ -82,6 +83,14 @@ FLAGS
"priority": 1 }, { "id": "test2", "repository":
"projects/p2/locations/us-west2/repository/repo2", "priority": 2 } ]
At most one of these can be specified:
--allow-sbom-generation
Allow SBOM generation on the repository.
--disable-sbom-generation
Disable SBOM generation on the repository.
At most one of these can be specified:
--clear-labels

View file

@ -0,0 +1,28 @@
NAME
gcloud artifacts sbom export - export SBOM files
SYNOPSIS
gcloud artifacts sbom export --uri=URI [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
Export SBOM files.
EXAMPLES
To export an SBOM file for the Artifact Registry image with URI
"us-west1-docker.pkg.dev/my-project/my-repository/busy-box@sha256:abcxyz":
$ gcloud artifacts sbom export \
--uri=us-west1-docker.pkg.dev/my-project/my-repository/\
busy-box@sha256:abcxyz
REQUIRED FLAGS
--uri=URI
The URI of the Artifact Registry image the SBOM is exported for.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.

View file

@ -0,0 +1,25 @@
NAME
gcloud artifacts sbom - manage Artifact SBOMs
SYNOPSIS
gcloud artifacts sbom COMMAND [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
Manage Artifact SBOMs.
GCLOUD WIDE FLAGS
These flags are available to all commands: --help.
Run $ gcloud help for details.
COMMANDS
COMMAND is one of the following:
export
Export SBOM files.
list
List SBOM file references.
load
Upload an SBOM file and create a reference occurrence.

View file

@ -0,0 +1,93 @@
NAME
gcloud artifacts sbom list - list SBOM file references
SYNOPSIS
gcloud artifacts sbom list
[--dependency=DEPENDENCY | --resource=RESOURCE
| --resource-prefix=RESOURCE_PREFIX] [--filter=EXPRESSION]
[--limit=LIMIT] [--page-size=PAGE_SIZE]
[--sort-by=[FIELD,...]; default="occ.create_time"]
[GCLOUD_WIDE_FLAG ...]
DESCRIPTION
List SBOM file references.
EXAMPLES
To list SBOM file references:
$ gcloud artifacts sbom list
To list SBOM file references related to the image with the tag
"us-east1-docker.pkg.dev/project/repo/my-image:1.0":
$ gcloud artifacts sbom list \
--resource="us-east1-docker.pkg.dev/project/repo/my-image:1.0"
To list SBOM file references related to the image with the digest
"us-east1-docker.pkg.dev/project/repo/my-image@sha256:88b205d7995332e10e836514fbfd59ecaf8976fc15060cd66e85cdcebe7fb356":
$ gcloud artifacts sbom list \
--resource="us-east1-docker.pkg.dev/project/repo/my-image@sha256\
:88b205d7995332e10e836514fbfd59ecaf8976fc15060cd66e85cdcebe7fb356"
To list SBOM file references related to the images with the resource path
prefix "us-east1-docker.pkg.dev/project/repo":
$ gcloud artifacts sbom list \
--resource-prefix="us-east1-docker.pkg.dev/project/repo"
To list SBOM file references generated when the images were pushed to
Artifact Registry and related to the installed package dependency "perl":
$ gcloud artifacts sbom list --dependency="perl"
FLAGS
At most one of these can be specified:
--dependency=DEPENDENCY
List SBOM file references generated when the images were pushed to
Artifact Registry and related to the installed package dependency.
See https://cloud.google.com/container-analysis/docs/scanning-types
for supported packages.
--resource=RESOURCE
List SBOM file references related to the image resource uri.
--resource-prefix=RESOURCE_PREFIX
List SBOM file references related to the resource uri with the
resource path prefix.
LIST COMMAND FLAGS
--filter=EXPRESSION
Apply a Boolean filter EXPRESSION to each resource item to be listed.
If the expression evaluates True, then that item is listed. For more
details and examples of filter expressions, run $ gcloud topic filters.
This flag interacts with other flags that are applied in this order:
--flatten, --sort-by, --filter, --limit.
--limit=LIMIT
Maximum number of resources to list. The default is unlimited. This
flag interacts with other flags that are applied in this order:
--flatten, --sort-by, --filter, --limit.
--page-size=PAGE_SIZE
Some services group resource list output into pages. This flag
specifies the maximum number of resources per page. The default is
determined by the service if it supports paging, otherwise it is
unlimited (no paging). Paging may be applied before or after --filter
and --limit depending on the service.
--sort-by=[FIELD,...]; default="occ.create_time"
Comma-separated list of resource field key names to sort by. The
default order is ascending. Prefix a field with ``~'' for descending
order on that field. This flag interacts with other flags that are
applied in this order: --flatten, --sort-by, --filter, --limit. The
default is occ.create_time.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.

View file

@ -0,0 +1,66 @@
NAME
gcloud artifacts sbom load - upload an SBOM file and create a reference
occurrence
SYNOPSIS
gcloud artifacts sbom load --source=SOURCE --uri=ARTIFACT_URI
[--destination=DESTINATION] [--kms-key-version=KMS_KEY_VERSION]
[GCLOUD_WIDE_FLAG ...]
DESCRIPTION
Upload an SBOM file and create a reference occurrence.
EXAMPLES
To upload an SBOM file at /path/to/sbom.json for a Docker image in Artifact
Registry:
$ gcloud artifacts sbom load --source=/path/to/sbom.json \
--uri=us-west1-docker.pkg.dev/my-project/my-repository/\
busy-box@sha256:abcxyz
To upload an SBOM file at /path/to/sbom.json for a Docker image with a KMS
key version to sign the created SBOM reference:
$ gcloud artifacts sbom load --source=/path/to/sbom.json \
--uri=us-west1-docker.pkg.dev/my-project/my-repository/\
busy-box@sha256:abcxyz \
--kms-key-version=projects/my-project/locations/us-west1/\
keyRings/my-key-ring/cryptoKeys/my-key/cryptoKeyVersions/1
To upload an SBOM file at /path/to/sbom.json for a Docker image from a
Docker registry:
$ gcloud artifacts sbom load --source=/path/to/sbom.json \
--uri=my-docker-registry/my-image@sha256:abcxyz \
--destination=gs://my-cloud-storage-bucket
REQUIRED FLAGS
--source=SOURCE
The SBOM file for uploading.
--uri=ARTIFACT_URI
The URI of the artifact the SBOM is generated from. The URI can be a
Docker image from any Docker registries. A URI provided with a tag
(e.g. [IMAGE]:[TAG]) will be resolved into a URI with a digest
([IMAGE]@sha256:[DIGEST]). When passing an image which is not from
Artifact Registry or Container Registry with a tag, only public images
can be resolved. Also, when passing an image which is not from Artifact
Registry or Container Registry, the --destination flag is required.
OPTIONAL FLAGS
--destination=DESTINATION
The storage path will be used to store the SBOM file. Currently only
supports Cloud Storage paths start with 'gs://'.
--kms-key-version=KMS_KEY_VERSION
Cloud KMS key version to sign the SBOM reference. The key version
provided should be the resource ID in the format of
projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]/cryptoKeyVersions/[KEY_VERSION].
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.

View file

@ -0,0 +1,23 @@
NAME
gcloud artifacts vulnerabilities - manage Artifact Vulnerabilities
SYNOPSIS
gcloud artifacts vulnerabilities COMMAND [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
Manage Artifact Vulnerabilities.
GCLOUD WIDE FLAGS
These flags are available to all commands: --help.
Run $ gcloud help for details.
COMMANDS
COMMAND is one of the following:
list
Command for listing vulnerabilities. To see all fields, use
--format=json.
load-vex
Load VEX data from a file.

View file

@ -0,0 +1,70 @@
NAME
gcloud artifacts vulnerabilities list - command for listing
vulnerabilities. To see all fields, use --format=json
SYNOPSIS
gcloud artifacts vulnerabilities list URI
[--occurrence-filter=OCCURRENCE_FILTER] [--filter=EXPRESSION]
[--limit=LIMIT] [--page-size=PAGE_SIZE] [--sort-by=[FIELD,...]] [--uri]
[GCLOUD_WIDE_FLAG ...]
DESCRIPTION
Command for listing vulnerabilities. To see all fields, use --format=json.
EXAMPLES
To list vulnerabilities for an artifact, run:
$ gcloud artifacts vulnerabilities list \
us-east1-docker.pkg.dev/project123/repository123/\
someimage@sha256:49765698074d6d7baa82f
POSITIONAL ARGUMENTS
URI
An URI identifying a container image or package in Artifact Registry or
Google Cloud Registry.
FLAGS
--occurrence-filter=OCCURRENCE_FILTER
A filter for the occurrences which will be summarized. See link for
officially supported filters:
https://cloud.google.com/container-analysis/docs/os-scanning-automatically#filtering
LIST COMMAND FLAGS
--filter=EXPRESSION
Apply a Boolean filter EXPRESSION to each resource item to be listed.
If the expression evaluates True, then that item is listed. For more
details and examples of filter expressions, run $ gcloud topic filters.
This flag interacts with other flags that are applied in this order:
--flatten, --sort-by, --filter, --limit.
--limit=LIMIT
Maximum number of resources to list. The default is unlimited. This
flag interacts with other flags that are applied in this order:
--flatten, --sort-by, --filter, --limit.
--page-size=PAGE_SIZE
Some services group resource list output into pages. This flag
specifies the maximum number of resources per page. The default is
determined by the service if it supports paging, otherwise it is
unlimited (no paging). Paging may be applied before or after --filter
and --limit depending on the service.
--sort-by=[FIELD,...]
Comma-separated list of resource field key names to sort by. The
default order is ascending. Prefix a field with ``~'' for descending
order on that field. This flag interacts with other flags that are
applied in this order: --flatten, --sort-by, --filter, --limit.
--uri
Print a list of resource URIs instead of the default output, and change
the command output to a list of URIs. If this flag is used with
--format, the formatting is applied on this URI list. To display URIs
alongside other keys instead, use the uri() transform.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.

View file

@ -0,0 +1,43 @@
NAME
gcloud artifacts vulnerabilities load-vex - load VEX data from a file
SYNOPSIS
gcloud artifacts vulnerabilities load-vex --source=SOURCE --uri=URI
[--project=PROJECT] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
Load VEX data from a file.
EXAMPLES
To load a CSAF security advisory file given an artifact in Artifact
Registry and the file on disk, run:
$ gcloud artifacts vulnerabilities load-vex \
--uri=us-east1-docker.pkg.dev/project123/repository123/\
someimage@sha256:49765698074d6d7baa82f --source=/path/to/vex/file
To load a CSAF security advisory file given an artifact with a tag and a
file on disk, run:
$ gcloud artifacts vulnerabilities load-vex \
--uri=us-east1-docker.pkg.dev/project123/repository123/\
someimage:latest --source=/path/to/vex/file
REQUIRED FLAGS
--source=SOURCE
The path of the VEX file.
--uri=URI
The path of the artifact in Artifact Registry.
OPTIONAL FLAGS
--project=PROJECT
The parent project to load security advisory into.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.