[2026-07-03T21:13:19,880700427+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/build-e2e-lqfx/python-component-zmjcuv Pushing sbom to registry [retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/build-e2e-lqfx/python-component-zmjcuv:on-pr-b4bc0ec91ca47cccffcb185fe90fb2ec3e4c6023@sha256:a157c4e1d4dabb6e496eb028516f1eb0596293ddcbcf96f3cbeadc12f7c7899a WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key '. Uploading SBOM file for [quay.io/redhat-appstudio-qe/build-e2e-lqfx/python-component-zmjcuv@sha256:a157c4e1d4dabb6e496eb028516f1eb0596293ddcbcf96f3cbeadc12f7c7899a] to [quay.io/redhat-appstudio-qe/build-e2e-lqfx/python-component-zmjcuv:sha256-a157c4e1d4dabb6e496eb028516f1eb0596293ddcbcf96f3cbeadc12f7c7899a.sbom] with mediaType [text/spdx+json]. quay.io/redhat-appstudio-qe/build-e2e-lqfx/python-component-zmjcuv@sha256:2019eb82fe6e801c960f11d89e7660286a8fa7ab389e1010f88ea8dfc2363e7c [2026-07-03T21:13:42,639784258+00:00] End upload-sbom