- NAME
-
- gcloud artifacts vulnerabilities load-vex - load VEX data from a CSAF file into Artifact Analysis
- SYNOPSIS
-
-
gcloud artifacts vulnerabilities load-vex--source=SOURCE--uri=URI[--location=LOCATION] [--project=PROJECT] [GCLOUD_WIDE_FLAG …]
-
- DESCRIPTION
- Command loads VEX data from a Common Security Advisory Framework (CSAF) file into Artifact Analysis as VulnerabilityAssessment Notes. VEX data tells Artifact Analysis whether vulnerabilities are relevant and how.
- EXAMPLES
- To load a CSAF security advisory file given an artifact in Artifact Registry and
the file on disk, run:
gcloud artifacts vulnerabilities load-vex --uri = us-east1-docker.pkg.dev/project123/repository123/someimage@sha256:49765698074d6d7baa82f --source = /path/to/vex/fileTo load a CSAF security advisory file given an artifact with a tag and a file on disk, run:
gcloud artifacts vulnerabilities load-vex --uri = us-east1-docker.pkg.dev/project123/repository123/someimage:latest --source = /path/to/vex/file - REQUIRED FLAGS
-
-
--source=SOURCE - The path of the VEX file.
-
--uri=URI - The path of the artifact in Artifact Registry. A 'gcr.io' image can also be used if redirection is enabled in Artifact Registry. Make sure 'artifactregistry.projectsettings.get' permission is granted to the current gcloud user to verify the redirection status.
-
- OPTIONAL FLAGS
-
-
--location=LOCATION - If specified, all requests to Artifact Analysis for occurrences will go to location specified
-
--project=PROJECT - The parent project to load security advisory into.
-
- GCLOUD WIDE FLAGS
- These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$ gcloud helpfor details.
gcloud artifacts vulnerabilities load-vex
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-05-27 UTC.
