1## cosign attach sbom
2
3DEPRECATED: Attach sbom to the supplied container image
4
5### Synopsis
6
7Attach sbom to the supplied container image
8
9WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations.
10
11```
12cosign attach sbom [flags]
13```
14
15### Examples
16
17```
18 cosign attach sbom <image uri>
19```
20
21### Options
22
23```
24 --allow-http-registry whether to allow using HTTP protocol while connecting to registries. Don't use this for anything but testing
25 --allow-insecure-registry whether to allow insecure connections to registries (e.g., with expired or self-signed TLS certificates). Don't use this for anything but testing
26 --attachment-tag-prefix [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] optional custom prefix to use for attached image tags. Attachment images are tagged as: [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName]
27 -h, --help help for sbom
28 --input-format string type of sbom input format (json|xml|text)
29 --k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity).
30 --registry-password string registry basic auth password
31 --registry-referrers-mode registryReferrersMode mode for fetching references from the registry. allowed: legacy, oci-1-1
32 --registry-token string registry bearer auth token
33 --registry-username string registry basic auth username
34 --sbom string path to the sbom, or {-} for stdin
35 --type string type of sbom (spdx|cyclonedx|syft) (default "spdx")
36```
37
38### Options inherited from parent commands
39
40```
41 --output-file string log output to a file
42 -t, --timeout duration timeout for commands (default 3m0s)
43 -d, --verbose log debug output
44```
45
46### SEE ALSO
47
48* [cosign attach](cosign_attach.md) - Provides utilities for attaching artifacts to other artifacts in a registry
49
View as plain text