[2026-07-12T10:22:39,213950251+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/build-e2e-prop/go-component-opwspo Pushing sbom to registry [retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/build-e2e-prop/go-component-opwspo:on-pr-ed50e6025dab72cd950b3ac3b35aff225c14aca9@sha256:7cab866542724c52dbc0f46b78d615f693b3114664bf9a5f628a6e99aa590400 WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key '. Uploading SBOM file for [quay.io/redhat-appstudio-qe/build-e2e-prop/go-component-opwspo@sha256:7cab866542724c52dbc0f46b78d615f693b3114664bf9a5f628a6e99aa590400] to [quay.io/redhat-appstudio-qe/build-e2e-prop/go-component-opwspo:sha256-7cab866542724c52dbc0f46b78d615f693b3114664bf9a5f628a6e99aa590400.sbom] with mediaType [text/spdx+json]. quay.io/redhat-appstudio-qe/build-e2e-prop/go-component-opwspo@sha256:83d18d20c8649336ee9a7e31960dcc42e3b1d770b4be7b40ea1b436ad499f889 [2026-07-12T10:23:04,397023388+00:00] End upload-sbom