1## cosign download sbom
2
3DEPRECATED: Download SBOMs from the supplied container image
4
5### Synopsis
6
7Download SBOMs from the supplied container image
8
9WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations.
10
11```
12cosign download sbom [flags]
13```
14
15### Examples
16
17```
18 cosign download sbom <image uri>
19```
20
21### Options
22
23```
24 --allow-http-registry whether to allow using HTTP protocol while connecting to registries. Don't use this for anything but testing
25 --allow-insecure-registry whether to allow insecure connections to registries (e.g., with expired or self-signed TLS certificates). Don't use this for anything but testing
26 --attachment-tag-prefix [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] optional custom prefix to use for attached image tags. Attachment images are tagged as: [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName]
27 -h, --help help for sbom
28 --k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity).
29 --platform string download SBOM for a specific platform image
30 --registry-password string registry basic auth password
31 --registry-token string registry bearer auth token
32 --registry-username string registry basic auth username
33```
34
35### Options inherited from parent commands
36
37```
38 --output-file string log output to a file
39 -t, --timeout duration timeout for commands (default 3m0s)
40 -d, --verbose log debug output
41```
42
43### SEE ALSO
44
45* [cosign download](cosign_download.md) - Provides utilities for downloading artifacts and attached artifacts in a registry
46
View as plain text