[2026-07-02T06:49:10,924973609+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/image-controller-e2e-ctba/gh-test-custom-branch-cdxnhi Pushing sbom to registry [retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/image-controller-e2e-ctba/gh-test-custom-branch-cdxnhi:on-pr-0fffc10d85af7f2de8b002afa3ebfb00dc4fb351@sha256:cd72cc596eb295f08de5f2e4bb34350e9a6034854e4486ccd31eed1f156e44e7 WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key '. Uploading SBOM file for [quay.io/redhat-appstudio-qe/image-controller-e2e-ctba/gh-test-custom-branch-cdxnhi@sha256:cd72cc596eb295f08de5f2e4bb34350e9a6034854e4486ccd31eed1f156e44e7] to [quay.io/redhat-appstudio-qe/image-controller-e2e-ctba/gh-test-custom-branch-cdxnhi:sha256-cd72cc596eb295f08de5f2e4bb34350e9a6034854e4486ccd31eed1f156e44e7.sbom] with mediaType [text/spdx+json]. quay.io/redhat-appstudio-qe/image-controller-e2e-ctba/gh-test-custom-branch-cdxnhi@sha256:f5bcccbf6f25e19563772ddd6475053df6ad6fb2ba7a6726c236bd10be0c67d0 [2026-07-02T06:49:29,252567192+00:00] End upload-sbom