[2026-07-03T22:05:07,144928905+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/build-e2e-oifp/go-component-drfezg Pushing sbom to registry [retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/build-e2e-oifp/go-component-drfezg:on-pr-cd33b55ce994fe80d744314fd29eb292f1d33924@sha256:6f23f06fc84e00e77dc40e47b30d375c0ec20c1f19d08c7bd57afc6102837850 WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key '. Uploading SBOM file for [quay.io/redhat-appstudio-qe/build-e2e-oifp/go-component-drfezg@sha256:6f23f06fc84e00e77dc40e47b30d375c0ec20c1f19d08c7bd57afc6102837850] to [quay.io/redhat-appstudio-qe/build-e2e-oifp/go-component-drfezg:sha256-6f23f06fc84e00e77dc40e47b30d375c0ec20c1f19d08c7bd57afc6102837850.sbom] with mediaType [text/spdx+json]. quay.io/redhat-appstudio-qe/build-e2e-oifp/go-component-drfezg@sha256:d290e12c47b254671363f4e86a5d84dd61dea1abf72e3946c50bf79942cc6c12 [2026-07-03T22:05:49,782175619+00:00] End upload-sbom