[2026-04-18T16:43:12,206397017+00:00] Upload SBOM
INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt
'/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt'
Using token for quay.io/redhat-appstudio-qe/group-ezoj/python-component-pvquva
Pushing sbom to registry
[retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/group-ezoj/python-component-pvquva:4cd290dfb803fe398746de058a276af5297ff682@sha256:f59fb6d9d8da985d3ef492346801a19f0291cf2150eab2be216e8832e0847615
WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations.
WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key <key path>'.
Uploading SBOM file for [quay.io/redhat-appstudio-qe/group-ezoj/python-component-pvquva@sha256:f59fb6d9d8da985d3ef492346801a19f0291cf2150eab2be216e8832e0847615] to [quay.io/redhat-appstudio-qe/group-ezoj/python-component-pvquva:sha256-f59fb6d9d8da985d3ef492346801a19f0291cf2150eab2be216e8832e0847615.sbom] with mediaType [text/spdx+json].

quay.io/redhat-appstudio-qe/group-ezoj/python-component-pvquva@sha256:f0e72c4f3fc43d8d50297d99faacaa37d0096e2760ada9d267ae8f16311574ca
[2026-04-18T16:43:15,738277560+00:00] End upload-sbom