mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-08 10:35:03 +00:00
53 lines
2 KiB
Text
53 lines
2 KiB
Text
NAME
|
|
gcloud artifacts vulnerabilities load-vex - load VEX data from a CSAF file
|
|
into Artifact Analysis
|
|
|
|
SYNOPSIS
|
|
gcloud artifacts vulnerabilities load-vex --source=SOURCE --uri=URI
|
|
[--location=LOCATION] [--project=PROJECT] [GCLOUD_WIDE_FLAG ...]
|
|
|
|
DESCRIPTION
|
|
Command loads VEX data from a Common Security Advisory Framework (CSAF)
|
|
file into Artifact Analysis as VulnerabilityAssessment Notes. VEX data
|
|
tells Artifact Analysis whether vulnerabilities are relevant and how.
|
|
|
|
EXAMPLES
|
|
To load a CSAF security advisory file given an artifact in Artifact
|
|
Registry and the file on disk, run:
|
|
|
|
$ gcloud artifacts vulnerabilities load-vex \
|
|
--uri=us-east1-docker.pkg.dev/project123/repository123/\
|
|
someimage@sha256:49765698074d6d7baa82f --source=/path/to/vex/file
|
|
|
|
To load a CSAF security advisory file given an artifact with a tag and a
|
|
file on disk, run:
|
|
|
|
$ gcloud artifacts vulnerabilities load-vex \
|
|
--uri=us-east1-docker.pkg.dev/project123/repository123/\
|
|
someimage:latest --source=/path/to/vex/file
|
|
|
|
REQUIRED FLAGS
|
|
--source=SOURCE
|
|
The path of the VEX file.
|
|
|
|
--uri=URI
|
|
The path of the artifact in Artifact Registry. A 'gcr.io' image can
|
|
also be used if redirection is enabled in Artifact Registry. Make sure
|
|
'artifactregistry.projectsettings.get' permission is granted to the
|
|
current gcloud user to verify the redirection status.
|
|
|
|
OPTIONAL FLAGS
|
|
--location=LOCATION
|
|
If specified, all requests to Artifact Analysis for occurrences will go
|
|
to location specified
|
|
|
|
--project=PROJECT
|
|
The parent project to load security advisory into.
|
|
|
|
GCLOUD WIDE FLAGS
|
|
These flags are available to all commands: --access-token-file, --account,
|
|
--billing-project, --configuration, --flags-file, --flatten, --format,
|
|
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
|
--trace-token, --user-output-enabled, --verbosity.
|
|
|
|
Run $ gcloud help for details.
|