pod: gh-test-custom-branch-yzhzel-on-pull-request-8cs4j-init-pod | init container: prepare 2026/07/08 15:49:38 Entrypoint initialization pod: gh-test-custom-branch-yzhzel-on-pull-request-8cs4j-init-pod | container step-init: time="2026-07-08T15:49:41Z" level=info msg="[param] enable: false" time="2026-07-08T15:49:41Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-07-08T15:49:41Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-07-08T15:49:41Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-07-08T15:49:41Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-07-08T15:49:41Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-07-08T15:49:41Z" level=info msg="Cache proxy is disabled via param" time="2026-07-08T15:49:41Z" level=info msg="[result] HTTP PROXY: " time="2026-07-08T15:49:41Z" level=info msg="[result] NO PROXY: " pod: gh-test-custom-branch-yzhzel-on-pull-request-8cs4j-tpa-scan-pod | init container: prepare 2026/07/08 15:53:02 Entrypoint initialization pod: gh-test-custom-branch-yzhzel-on-pull-request-8cs4j-tpa-scan-pod | init container: place-scripts 2026/07/08 15:53:05 Decoded script /tekton/scripts/script-0-nv5c5 2026/07/08 15:53:05 Decoded script /tekton/scripts/script-1-nq4t4 2026/07/08 15:53:05 Decoded script /tekton/scripts/script-2-f77jq pod: gh-test-custom-branch-yzhzel-on-pull-request-8cs4j-tpa-scan-pod | container step-get-vulnerabilities: Inspecting raw image manifest quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel@sha256:5c8ce96fafdb79a2c0915e217fad1cc1ce68d1562dad468fa55580c6d1c0e7be. Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Downloading SBOMs this way does not ensure its authenticity. If you want to ensure a tamper-proof SBOM, download it using 'cosign download attestation '. Found SBOM of media type: text/spdx+json Running TPA scan on amd64 image manifest... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 112k 0 0 100 112k 0 92518 0:00:01 0:00:01 --:--:-- 92518 100 112k 0 0 100 112k 0 51321 0:00:02 0:00:02 --:--:-- 51321 100 118k 0 5780 100 112k 2486 49621 0:00:02 0:00:02 --:--:-- 52107 { "scanned" : { "total" : 78, "direct" : 27, "transitive" : 51 }, "providers" : { "rhtpa" : { "status" : { "ok" : true, "name" : "rhtpa", "code" : 200, "message" : "OK", "warnings" : { } }, "sources" : { }, "recommendations" : { } } }, "licenses" : [ { "status" : { "ok" : true, "name" : "deps.dev", "code" : 200, "message" : "OK", "warnings" : { } }, "summary" : { "total" : 0, "concluded" : 61, "permissive" : 0, "weakCopyleft" : 0, "strongCopyleft" : 0, "unknown" : 0, "deprecated" : 0, "osiApproved" : 0, "fsfLibre" : 0 }, "packages" : { "pkg:apk/alpine/aom-libs@3.14.1-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/alpine-release@3.23.4-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/pcre@8.45-r4" : { "evidence" : [ ] }, "pkg:apk/alpine/libexpat@2.7.5-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/busybox-binsh@1.37.0-r30" : { "evidence" : [ ] }, "pkg:apk/alpine/libx11@1.8.12-r1" : { "evidence" : [ ] }, "pkg:apk/alpine/ssl_client@1.37.0-r30" : { "evidence" : [ ] }, "pkg:apk/alpine/brotli-libs@1.2.0-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/tiff@4.7.1-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libice@1.1.2-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libxslt@1.1.43-r3" : { "evidence" : [ ] }, "pkg:apk/alpine/.runtime-deps@20260617.203708" : { "evidence" : [ ] }, "pkg:apk/alpine/fontconfig@2.17.1-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libgcc@15.2.0-r2" : { "evidence" : [ ] }, "pkg:apk/alpine/libyuv@0.0.1887.20251502-r1" : { "evidence" : [ ] }, "pkg:apk/alpine/libsm@1.2.6-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libxml2@2.13.9-r1" : { "evidence" : [ ] }, "pkg:apk/alpine/libcrypto3@3.5.7-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libgd@2.3.3-r10" : { "evidence" : [ ] }, "pkg:apk/alpine/libuuid@2.41.4-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libmd@1.1.0-r0" : { "evidence" : [ ] }, "pkg:generic/nginx@1.31.2" : { "evidence" : [ ] }, "pkg:apk/alpine/ca-certificates-bundle@20260413-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libbz2@1.0.8-r6" : { "evidence" : [ ] }, "pkg:apk/alpine/libapk@3.0.6-r0" : { "evidence" : [ ] }, "pkg:oci/gh-test-custom-branch-yzhzel@sha256%3A5c8ce96fafdb79a2c0915e217fad1cc1ce68d1562dad468fa55580c6d1c0e7be" : { "evidence" : [ ] }, "pkg:apk/alpine/libstdc%2B%2B@15.2.0-r2" : { "evidence" : [ ] }, "pkg:apk/alpine/libbsd@0.12.2-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/gd@2.3.3-r10" : { "evidence" : [ ] }, "pkg:apk/alpine/libssl3@3.5.7-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libxext@1.3.6-r2" : { "evidence" : [ ] }, "pkg:apk/alpine/apk-tools@3.0.6-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/scanelf@1.3.8-r2" : { "evidence" : [ ] }, "pkg:oci/nginx@sha256%3Aded37838a58bf767acced3030f102a0ca25b98a5766598f5879c11cd1d5683d1" : { "evidence" : [ ] }, "pkg:apk/alpine/musl-utils@1.2.5-r23" : { "evidence" : [ ] }, "pkg:apk/alpine/ca-certificates@20260413-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libdav1d@1.5.2-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/zlib@1.3.2-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/xz-libs@5.8.3-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libxcb@1.17.0-r1" : { "evidence" : [ ] }, "pkg:apk/alpine/libxau@1.0.12-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/geoip@1.6.12-r6" : { "evidence" : [ ] }, "pkg:apk/alpine/zstd-libs@1.5.7-r2" : { "evidence" : [ ] }, "pkg:apk/alpine/libavif@1.3.0-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libpng@1.6.58-r1" : { "evidence" : [ ] }, "pkg:apk/alpine/perl@5.42.2-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libwebp@1.6.0-r0" : { "evidence" : [ ] }, "pkg:github/actions/checkout@v4" : { "evidence" : [ ] }, "pkg:apk/alpine/freetype@2.14.1-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/alpine-baselayout-data@3.7.2-r0" : { "evidence" : [ ] }, "pkg:github/beatlabs/delete-old-branches-action@v0.0.10" : { "evidence" : [ ] }, "pkg:apk/alpine/libjpeg-turbo@3.1.2-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/busybox@1.37.0-r30" : { "evidence" : [ ] }, "pkg:apk/alpine/libxt@1.3.1-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/openssl@3.5.7-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/alpine-keys@2.6-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libxdmcp@1.1.5-r1" : { "evidence" : [ ] }, "pkg:apk/alpine/libsharpyuv@1.6.0-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/alpine-baselayout@3.7.2-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/musl@1.2.5-r23" : { "evidence" : [ ] }, "pkg:apk/alpine/libxpm@3.5.19-r0" : { "evidence" : [ ] } } } ] } pod: gh-test-custom-branch-yzhzel-on-pull-request-8cs4j-tpa-scan-pod | container step-oci-attach-report: Using token for quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel Attaching tpa-report-amd64.json to quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel@sha256:5c8ce96fafdb79a2c0915e217fad1cc1ce68d1562dad468fa55580c6d1c0e7be [retry] executing: oras attach --no-tty --format go-template=\{\{.digest\}\} --registry-config /tmp/auth/config.json --artifact-type application/vnd.redhat.tpa-report+json quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel@sha256:5c8ce96fafdb79a2c0915e217fad1cc1ce68d1562dad468fa55580c6d1c0e7be tpa-report-amd64.json:application/vnd.redhat.tpa-report+json pod: gh-test-custom-branch-yzhzel-on-pull-request-8cs4j-tpa-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/tpa-report-amd64.json", "namespace": "required_checks", "successes": 8 } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel:on-pr-6a4ec9f093bea9a86aaf086bff2c48723d1e4a9f", "digests": ["sha256:5c8ce96fafdb79a2c0915e217fad1cc1ce68d1562dad468fa55580c6d1c0e7be"]}} {"result":"SUCCESS","timestamp":"2026-07-08T15:53:29+00:00","note":"Task tpa-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by TPA.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: gh-test-custom-branch-yzhzel-on-pull-request-n56td-init-pod | init container: prepare 2026/07/08 15:54:24 Entrypoint initialization pod: gh-test-custom-branch-yzhzel-on-pull-request-n56td-init-pod | container step-init: time="2026-07-08T15:54:27Z" level=info msg="[param] enable: false" time="2026-07-08T15:54:27Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-07-08T15:54:27Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-07-08T15:54:27Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-07-08T15:54:27Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-07-08T15:54:27Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-07-08T15:54:27Z" level=info msg="Cache proxy is disabled via param" time="2026-07-08T15:54:27Z" level=info msg="[result] HTTP PROXY: " time="2026-07-08T15:54:27Z" level=info msg="[result] NO PROXY: " pod: gh-test-custom-branch-yzhzel-on-pull-request-n56td-tpa-scan-pod | init container: prepare 2026/07/08 15:57:35 Entrypoint initialization pod: gh-test-custom-branch-yzhzel-on-pull-request-n56td-tpa-scan-pod | init container: place-scripts 2026/07/08 15:57:36 Decoded script /tekton/scripts/script-0-gxm9x 2026/07/08 15:57:36 Decoded script /tekton/scripts/script-1-smxjt 2026/07/08 15:57:36 Decoded script /tekton/scripts/script-2-cbpbk pod: gh-test-custom-branch-yzhzel-on-pull-request-n56td-tpa-scan-pod | container step-get-vulnerabilities: Inspecting raw image manifest quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel@sha256:a31b6120b39f74d9059d620812399a93cf49a21372787ac0ed30ed08d61423a5. Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Downloading SBOMs this way does not ensure its authenticity. If you want to ensure a tamper-proof SBOM, download it using 'cosign download attestation '. Found SBOM of media type: text/spdx+json Running TPA scan on amd64 image manifest... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 112k 0 0 100 112k 0 89365 0:00:01 0:00:01 --:--:-- 89365 100 112k 0 0 100 112k 0 50336 0:00:02 0:00:02 --:--:-- 50336 100 118k 0 5780 100 112k 2360 47109 0:00:02 0:00:02 --:--:-- 49469 { "scanned" : { "total" : 78, "direct" : 27, "transitive" : 51 }, "providers" : { "rhtpa" : { "status" : { "ok" : true, "name" : "rhtpa", "code" : 200, "message" : "OK", "warnings" : { } }, "sources" : { }, "recommendations" : { } } }, "licenses" : [ { "status" : { "ok" : true, "name" : "deps.dev", "code" : 200, "message" : "OK", "warnings" : { } }, "summary" : { "total" : 0, "concluded" : 61, "permissive" : 0, "weakCopyleft" : 0, "strongCopyleft" : 0, "unknown" : 0, "deprecated" : 0, "osiApproved" : 0, "fsfLibre" : 0 }, "packages" : { "pkg:apk/alpine/aom-libs@3.14.1-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/alpine-release@3.23.4-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/pcre@8.45-r4" : { "evidence" : [ ] }, "pkg:apk/alpine/libexpat@2.7.5-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/busybox-binsh@1.37.0-r30" : { "evidence" : [ ] }, "pkg:apk/alpine/libx11@1.8.12-r1" : { "evidence" : [ ] }, "pkg:apk/alpine/ssl_client@1.37.0-r30" : { "evidence" : [ ] }, "pkg:apk/alpine/brotli-libs@1.2.0-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/tiff@4.7.1-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libice@1.1.2-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libxslt@1.1.43-r3" : { "evidence" : [ ] }, "pkg:apk/alpine/.runtime-deps@20260617.203708" : { "evidence" : [ ] }, "pkg:apk/alpine/fontconfig@2.17.1-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libgcc@15.2.0-r2" : { "evidence" : [ ] }, "pkg:apk/alpine/libyuv@0.0.1887.20251502-r1" : { "evidence" : [ ] }, "pkg:apk/alpine/libsm@1.2.6-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libxml2@2.13.9-r1" : { "evidence" : [ ] }, "pkg:apk/alpine/libcrypto3@3.5.7-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libgd@2.3.3-r10" : { "evidence" : [ ] }, "pkg:apk/alpine/libuuid@2.41.4-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libmd@1.1.0-r0" : { "evidence" : [ ] }, "pkg:generic/nginx@1.31.2" : { "evidence" : [ ] }, "pkg:apk/alpine/ca-certificates-bundle@20260413-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libbz2@1.0.8-r6" : { "evidence" : [ ] }, "pkg:apk/alpine/libapk@3.0.6-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libstdc%2B%2B@15.2.0-r2" : { "evidence" : [ ] }, "pkg:apk/alpine/libbsd@0.12.2-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/gd@2.3.3-r10" : { "evidence" : [ ] }, "pkg:apk/alpine/libssl3@3.5.7-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libxext@1.3.6-r2" : { "evidence" : [ ] }, "pkg:apk/alpine/apk-tools@3.0.6-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/scanelf@1.3.8-r2" : { "evidence" : [ ] }, "pkg:oci/nginx@sha256%3Aded37838a58bf767acced3030f102a0ca25b98a5766598f5879c11cd1d5683d1" : { "evidence" : [ ] }, "pkg:apk/alpine/musl-utils@1.2.5-r23" : { "evidence" : [ ] }, "pkg:apk/alpine/ca-certificates@20260413-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libdav1d@1.5.2-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/zlib@1.3.2-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/xz-libs@5.8.3-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libxcb@1.17.0-r1" : { "evidence" : [ ] }, "pkg:apk/alpine/libxau@1.0.12-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/geoip@1.6.12-r6" : { "evidence" : [ ] }, "pkg:apk/alpine/zstd-libs@1.5.7-r2" : { "evidence" : [ ] }, "pkg:oci/gh-test-custom-branch-yzhzel@sha256%3Aa31b6120b39f74d9059d620812399a93cf49a21372787ac0ed30ed08d61423a5" : { "evidence" : [ ] }, "pkg:apk/alpine/libavif@1.3.0-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libpng@1.6.58-r1" : { "evidence" : [ ] }, "pkg:apk/alpine/perl@5.42.2-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libwebp@1.6.0-r0" : { "evidence" : [ ] }, "pkg:github/actions/checkout@v4" : { "evidence" : [ ] }, "pkg:apk/alpine/freetype@2.14.1-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/alpine-baselayout-data@3.7.2-r0" : { "evidence" : [ ] }, "pkg:github/beatlabs/delete-old-branches-action@v0.0.10" : { "evidence" : [ ] }, "pkg:apk/alpine/libjpeg-turbo@3.1.2-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/busybox@1.37.0-r30" : { "evidence" : [ ] }, "pkg:apk/alpine/libxt@1.3.1-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/openssl@3.5.7-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/alpine-keys@2.6-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/libxdmcp@1.1.5-r1" : { "evidence" : [ ] }, "pkg:apk/alpine/libsharpyuv@1.6.0-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/alpine-baselayout@3.7.2-r0" : { "evidence" : [ ] }, "pkg:apk/alpine/musl@1.2.5-r23" : { "evidence" : [ ] }, "pkg:apk/alpine/libxpm@3.5.19-r0" : { "evidence" : [ ] } } } ] } pod: gh-test-custom-branch-yzhzel-on-pull-request-n56td-tpa-scan-pod | container step-oci-attach-report: Using token for quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel Attaching tpa-report-amd64.json to quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel@sha256:a31b6120b39f74d9059d620812399a93cf49a21372787ac0ed30ed08d61423a5 [retry] executing: oras attach --no-tty --format go-template=\{\{.digest\}\} --registry-config /tmp/auth/config.json --artifact-type application/vnd.redhat.tpa-report+json quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel@sha256:a31b6120b39f74d9059d620812399a93cf49a21372787ac0ed30ed08d61423a5 tpa-report-amd64.json:application/vnd.redhat.tpa-report+json pod: gh-test-custom-branch-yzhzel-on-pull-request-n56td-tpa-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/tpa-report-amd64.json", "namespace": "required_checks", "successes": 8 } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel:on-pr-29b60f8b8e34c29bb8a5c7bee5840da58f3b09d6", "digests": ["sha256:a31b6120b39f74d9059d620812399a93cf49a21372787ac0ed30ed08d61423a5"]}} {"result":"SUCCESS","timestamp":"2026-07-08T15:57:52+00:00","note":"Task tpa-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by TPA.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: gh-test-custom-branch-yzhzel-on-push-x42fn-build-container-pod | init container: prepare 2026/07/08 16:00:03 Entrypoint initialization pod: gh-test-custom-branch-yzhzel-on-push-x42fn-build-container-pod | init container: place-scripts 2026/07/08 16:00:04 Decoded script /tekton/scripts/script-1-5npbs 2026/07/08 16:00:04 Decoded script /tekton/scripts/script-2-5w9tx 2026/07/08 16:00:04 Decoded script /tekton/scripts/script-3-4mgft 2026/07/08 16:00:04 Decoded script /tekton/scripts/script-4-8lxrn 2026/07/08 16:00:04 Decoded script /tekton/scripts/script-5-2kt8h pod: gh-test-custom-branch-yzhzel-on-push-x42fn-build-container-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel Executing: oras blob fetch --registry-config /tmp/use-oci.sh.LJzNBZ/auth-UVuCN6.json quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel@sha256:c4268d98c245ef6dfaa917b19b280796c36528688d493367fadbf396b8e2c3fe --output - Restored artifact quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel@sha256:c4268d98c245ef6dfaa917b19b280796c36528688d493367fadbf396b8e2c3fe to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: gh-test-custom-branch-yzhzel-on-push-x42fn-build-container-pod | container step-build: [2026-07-08T16:00:09,055922509+00:00] Validate context path [2026-07-08T16:00:09,059490426+00:00] Update CA trust [2026-07-08T16:00:09,060488007+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-07-08T16:00:12,903880495+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-07-08T16:00:12,910480671+00:00] Prepare system (architecture: x86_64) [2026-07-08T16:00:12,924497251+00:00] Setup prefetched Trying to pull quay.io/jitesoft/nginx:latest... Getting image source signatures Copying blob sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1 Copying blob sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb Copying blob sha256:4081b01e3ee87137f6bb66bae8bb45f3d2757070790f021b4ad16276cce78d44 Copying blob sha256:5358b7a82908daa068e7d9d6d1e7949b2d8a9bd1d2e0f1347100ea5f84dab9b8 Copying config sha256:7656d80b49508e78f7faa9f30df28ab7f320efe9099880e78f1a699374ee0b61 Writing manifest to image destination [2026-07-08T16:00:17,836486375+00:00] Unsetting proxy { "com.jitesoft.app.alpine.version": "3.23.4", "com.jitesoft.app.nginx.version": "1.31.2", "com.jitesoft.build.arch": "amd64", "com.jitesoft.build.platform": "linux/amd64", "com.jitesoft.project.registry.uri": "registry.gitlab.com/jitesoft/dockerfiles/nginx", "com.jitesoft.project.repo.issues": "https://gitlab.com/jitesoft/dockerfiles/nginx/issues", "com.jitesoft.project.repo.type": "git", "com.jitesoft.project.repo.uri": "https://gitlab.com/jitesoft/dockerfiles/nginx", "io.artifacthub.package.alternative-locations": "oci://index.docker.io/jitesoft/nginx,oci://ghcr.io/jitesoft/nginx,oci://registry.gitlab.com/jitesoft/dockerfiles/nginx", "io.artifacthub.package.logo-url": "https://jitesoft.com/favicon-96x96.png", "io.artifacthub.package.readme-url": "https://gitlab.com/jitesoft/dockerfiles/nginx/-/raw/master/README.md", "maintainer": "Johannes Tegnér ", "maintainer.org": "Jitesoft", "maintainer.org.uri": "https://jitesoft.com", "org.opencontainers.image.created": "2026-07-08T16:00:12Z", "org.opencontainers.image.description": "Nginx on Alpine linux", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/devfile-sample-hello-world-bwbcqf", "org.opencontainers.image.vendor": "Jitesoft", "org.opencontainers.image.version": "1.31.2", "architecture": "x86_64", "vcs-type": "git", "vcs-ref": "4354766858fc03a50a198f27de04c472d879e70b", "org.opencontainers.image.revision": "4354766858fc03a50a198f27de04c472d879e70b", "build-date": "2026-07-08T16:00:12Z", "io.buildah.version": "1.42.2", "konflux.additional-tags": "test-tag1, test-tag2" } [2026-07-08T16:00:17,891764819+00:00] Register sub-man Adding the entitlement to the build [2026-07-08T16:00:17,894851308+00:00] Add secrets [2026-07-08T16:00:17,907666376+00:00] Run buildah build [2026-07-08T16:00:17,908742632+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=4354766858fc03a50a198f27de04c472d879e70b --label org.opencontainers.image.revision=4354766858fc03a50a198f27de04c472d879e70b --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/devfile-sample-hello-world-bwbcqf --label build-date=2026-07-08T16:00:12Z --label org.opencontainers.image.created=2026-07-08T16:00:12Z --annotation org.opencontainers.image.revision=4354766858fc03a50a198f27de04c472d879e70b --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/devfile-sample-hello-world-bwbcqf --annotation org.opencontainers.image.created=2026-07-08T16:00:12Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.boByCy -t quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel:4354766858fc03a50a198f27de04c472d879e70b . STEP 1/6: FROM quay.io/jitesoft/nginx:latest STEP 2/6: ENV PORT="8080" STEP 3/6: LABEL konflux.additional-tags="test-tag1, test-tag2" STEP 4/6: COPY labels.json /usr/share/buildinfo/labels.json STEP 5/6: COPY labels.json /root/buildinfo/labels.json STEP 6/6: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="4354766858fc03a50a198f27de04c472d879e70b" "org.opencontainers.image.revision"="4354766858fc03a50a198f27de04c472d879e70b" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/devfile-sample-hello-world-bwbcqf" "build-date"="2026-07-08T16:00:12Z" "org.opencontainers.image.created"="2026-07-08T16:00:12Z" COMMIT quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel:4354766858fc03a50a198f27de04c472d879e70b time="2026-07-08T16:00:18Z" level=warning msg="HEALTHCHECK is not supported for OCI image format and will be ignored. Must use `docker` format" --> 8781ea62d959 Successfully tagged quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel:4354766858fc03a50a198f27de04c472d879e70b 8781ea62d959d1f3eec1ba13828f52b5ba4b86a912f6a2ac95e7b20c287854c9 [2026-07-08T16:00:19,088263984+00:00] Unsetting proxy [2026-07-08T16:00:19,089695038+00:00] Add metadata Recording base image digests used quay.io/jitesoft/nginx:latest quay.io/jitesoft/nginx:latest@sha256:ded37838a58bf767acced3030f102a0ca25b98a5766598f5879c11cd1d5683d1 Getting image source signatures Copying blob sha256:92f683d2a6579601c6428704170754d0c3529a55bb6147cbff3f10fb4b229224 Copying blob sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1 Copying blob sha256:6c2e89a5218b291f880e8a13c6b71a79bf3c69e22655599f76311afee14e4abe Copying blob sha256:76335936023d155688d0d6c8dfa28f1a44a5b1ed8cc930329ad83ab20f7100f1 Copying blob sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef Copying config sha256:8781ea62d959d1f3eec1ba13828f52b5ba4b86a912f6a2ac95e7b20c287854c9 Writing manifest to image destination [2026-07-08T16:00:21,711204407+00:00] End build pod: gh-test-custom-branch-yzhzel-on-push-x42fn-build-container-pod | container step-push: [2026-07-08T16:00:22,496244551+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-07-08T16:00:42,976444354+00:00] Convert image [2026-07-08T16:00:42,977768164+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel:gh-test-custom-branch-yzhzel-on-push-x42fn-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel:4354766858fc03a50a198f27de04c472d879e70b docker://quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel:gh-test-custom-branch-yzhzel-on-push-x42fn-build-container Getting image source signatures Copying blob sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1 Copying blob sha256:76335936023d155688d0d6c8dfa28f1a44a5b1ed8cc930329ad83ab20f7100f1 Copying blob sha256:6c2e89a5218b291f880e8a13c6b71a79bf3c69e22655599f76311afee14e4abe Copying blob sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef Copying blob sha256:92f683d2a6579601c6428704170754d0c3529a55bb6147cbff3f10fb4b229224 Copying config sha256:8781ea62d959d1f3eec1ba13828f52b5ba4b86a912f6a2ac95e7b20c287854c9 Writing manifest to image destination [2026-07-08T16:00:49,485171114+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel:4354766858fc03a50a198f27de04c472d879e70b [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /var/workdir/image-digest quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel:4354766858fc03a50a198f27de04c472d879e70b docker://quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel:4354766858fc03a50a198f27de04c472d879e70b Getting image source signatures Copying blob sha256:92f683d2a6579601c6428704170754d0c3529a55bb6147cbff3f10fb4b229224 Copying blob sha256:6c2e89a5218b291f880e8a13c6b71a79bf3c69e22655599f76311afee14e4abe Copying blob sha256:76335936023d155688d0d6c8dfa28f1a44a5b1ed8cc930329ad83ab20f7100f1 Copying blob sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef Copying blob sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1 Copying config sha256:8781ea62d959d1f3eec1ba13828f52b5ba4b86a912f6a2ac95e7b20c287854c9 Writing manifest to image destination sha256:11ef2dbdef99e81eeab4da752a9269f5ab6ad82fc05edc012f62a92052ffcc6aquay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel:4354766858fc03a50a198f27de04c472d879e70b [retry] executing: kubectl get configmap cluster-config -n konflux-info -o json Keyless signing is disabled (none of rekorInternalUrl, fulcioInternalUrl, defaultOIDCIssuer, tufInternalUrl are configured in the konflux-info/cluster-config configmap) [2026-07-08T16:00:53,679445874+00:00] End push pod: gh-test-custom-branch-yzhzel-on-push-x42fn-build-container-pod | container step-sbom-syft-generate: [2026-07-08T16:00:54,677555058+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-07-08T16:01:06,030559283+00:00] End sbom-syft-generate pod: gh-test-custom-branch-yzhzel-on-push-x42fn-build-container-pod | container step-prepare-sboms: [2026-07-08T16:01:06,286409659+00:00] Prepare SBOM [2026-07-08T16:01:06,301570355+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-07-08 16:01:15,498 [INFO] mobster.log: Logging level set to 20 2026-07-08 16:01:15,804 [INFO] mobster.oci: Fetching manifest for quay.io/jitesoft/nginx@sha256:ded37838a58bf767acced3030f102a0ca25b98a5766598f5879c11cd1d5683d1 2026-07-08 16:01:18,577 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for quay.io/jitesoft/nginx@sha256:c9318c69e6dabcd1e6825b2e24432a30289a25390b9492f506ef74185ff4a6b5 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-07-08 16:01:20,105 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for quay.io/jitesoft/nginx@sha256:c9318c69e6dabcd1e6825b2e24432a30289a25390b9492f506ef74185ff4a6b5 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-07-08 16:01:22,213 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for quay.io/jitesoft/nginx@sha256:c9318c69e6dabcd1e6825b2e24432a30289a25390b9492f506ef74185ff4a6b5 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-07-08 16:01:24,407 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for quay.io/jitesoft/nginx@sha256:c9318c69e6dabcd1e6825b2e24432a30289a25390b9492f506ef74185ff4a6b5 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-07-08 16:01:26,754 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for quay.io/jitesoft/nginx@sha256:c9318c69e6dabcd1e6825b2e24432a30289a25390b9492f506ef74185ff4a6b5 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-07-08 16:01:28,131 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for quay.io/jitesoft/nginx@sha256:c9318c69e6dabcd1e6825b2e24432a30289a25390b9492f506ef74185ff4a6b5 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-07-08 16:01:29,823 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for quay.io/jitesoft/nginx@sha256:c9318c69e6dabcd1e6825b2e24432a30289a25390b9492f506ef74185ff4a6b5 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-07-08 16:01:31,535 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for quay.io/jitesoft/nginx@sha256:c9318c69e6dabcd1e6825b2e24432a30289a25390b9492f506ef74185ff4a6b5 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-07-08 16:01:31,536 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-07-08 16:01:31,536 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-07-08 16:01:31,536 [INFO] mobster.log: Contextual workflow completed in 15.74s 2026-07-08 16:01:31,543 [INFO] mobster.main: Exiting with code 0. [2026-07-08T16:01:32,202265533+00:00] End prepare-sboms pod: gh-test-custom-branch-yzhzel-on-push-x42fn-build-container-pod | container step-upload-sbom: [2026-07-08T16:01:32,575971486+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel Pushing sbom to registry [retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel:4354766858fc03a50a198f27de04c472d879e70b@sha256:11ef2dbdef99e81eeab4da752a9269f5ab6ad82fc05edc012f62a92052ffcc6a WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key '. Uploading SBOM file for [quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel@sha256:11ef2dbdef99e81eeab4da752a9269f5ab6ad82fc05edc012f62a92052ffcc6a] to [quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel:sha256-11ef2dbdef99e81eeab4da752a9269f5ab6ad82fc05edc012f62a92052ffcc6a.sbom] with mediaType [text/spdx+json]. quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel@sha256:c2ae6b219e7fb65820eedfbbca908d17537e9159dcf1fe2c027f6209019e3aaf [2026-07-08T16:01:57,821979142+00:00] End upload-sbom pod: gh-test-custom-branch-yzhzel-on-push-x42fn-clone-repository-pod | init container: prepare 2026/07/08 15:59:11 Entrypoint initialization pod: gh-test-custom-branch-yzhzel-on-push-x42fn-clone-repository-pod | init container: place-scripts 2026/07/08 15:59:12 Decoded script /tekton/scripts/script-0-gglwn 2026/07/08 15:59:12 Decoded script /tekton/scripts/script-1-jhdkq pod: gh-test-custom-branch-yzhzel-on-push-x42fn-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1783526356.3855138,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1783526356.7233124,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/devfile-sample-hello-world-bwbcqf @ 4354766858fc03a50a198f27de04c472d879e70b (grafted, HEAD) in path /var/workdir/source"} {"level":"info","ts":1783526356.7233503,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1783526356.746845,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /var/workdir/source"} Merge option disabled. Using checked-out revision 4354766858fc03a50a198f27de04c472d879e70b directly. pod: gh-test-custom-branch-yzhzel-on-push-x42fn-clone-repository-pod | container step-symlink-check: Running symlink check pod: gh-test-custom-branch-yzhzel-on-push-x42fn-clone-repository-pod | container step-create-trusted-artifact: Prepared artifact from /var/workdir/source (sha256:c4268d98c245ef6dfaa917b19b280796c36528688d493367fadbf396b8e2c3fe) Using token for quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel Executing: oras push --registry-config /tmp/create-oci.sh.Sh5uew/auth-tyJTdZ.json quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel:4354766858fc03a50a198f27de04c472d879e70b.git SOURCE_ARTIFACT Uploading c4268d98c245 SOURCE_ARTIFACT Uploaded c4268d98c245 SOURCE_ARTIFACT Pushed [registry] quay.io/redhat-appstudio-qe/build-e2e-tgco/gh-test-custom-branch-yzhzel:4354766858fc03a50a198f27de04c472d879e70b.git ArtifactType: application/vnd.unknown.artifact.v1 Digest: sha256:b12d383c57feed2421c23186ad7cdae0752aa200731d7dccb14e5f97f76cf8e6 Artifacts created pod: gh-test-custom-branch-yzhzel-on-push-x42fn-init-pod | init container: prepare 2026/07/08 15:59:05 Entrypoint initialization pod: gh-test-custom-branch-yzhzel-on-push-x42fn-init-pod | container step-init: time="2026-07-08T15:59:07Z" level=info msg="[param] enable: false" time="2026-07-08T15:59:07Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-07-08T15:59:07Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-07-08T15:59:07Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-07-08T15:59:07Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-07-08T15:59:07Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-07-08T15:59:07Z" level=info msg="Cache proxy is disabled via param" time="2026-07-08T15:59:07Z" level=info msg="[result] HTTP PROXY: " time="2026-07-08T15:59:07Z" level=info msg="[result] NO PROXY: "