[2026-04-27T11:55:42,565154972+00:00] Upload SBOM
INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt
'/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt'
Using token for quay.io/redhat-appstudio-qe/build-e2e-pigr/go-component-bcxpss
Pushing sbom to registry
[retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/build-e2e-pigr/go-component-bcxpss:on-pr-d9121c1a5d36aa68d48bdbc04868b92a6a165a2d@sha256:fd19bb6156ab36807c0d4367a821fbfdddbae1cb37741f358e80d01f43673c8f
WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations.
WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key <key path>'.
Uploading SBOM file for [quay.io/redhat-appstudio-qe/build-e2e-pigr/go-component-bcxpss@sha256:fd19bb6156ab36807c0d4367a821fbfdddbae1cb37741f358e80d01f43673c8f] to [quay.io/redhat-appstudio-qe/build-e2e-pigr/go-component-bcxpss:sha256-fd19bb6156ab36807c0d4367a821fbfdddbae1cb37741f358e80d01f43673c8f.sbom] with mediaType [text/spdx+json].

quay.io/redhat-appstudio-qe/build-e2e-pigr/go-component-bcxpss@sha256:86b07c71e0c13206dbeec7158dbc6cf01d1b7a2ad3e6c85c61b1b51cd08f6bd6
[2026-04-27T11:56:06,993022828+00:00] End upload-sbom