[2026-07-03T09:16:27,610068938+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/group-i4dp/python-component-28wip7 Pushing sbom to registry [retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/group-i4dp/python-component-28wip7:on-pr-c4be1a4f5bd75e4ecda7417485de8f74c38d7e4d@sha256:5a5721b9eae05def7cc1d5e9889e141ec5eabf89db373fccbc6512827f5524b4 WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key '. Uploading SBOM file for [quay.io/redhat-appstudio-qe/group-i4dp/python-component-28wip7@sha256:5a5721b9eae05def7cc1d5e9889e141ec5eabf89db373fccbc6512827f5524b4] to [quay.io/redhat-appstudio-qe/group-i4dp/python-component-28wip7:sha256-5a5721b9eae05def7cc1d5e9889e141ec5eabf89db373fccbc6512827f5524b4.sbom] with mediaType [text/spdx+json]. quay.io/redhat-appstudio-qe/group-i4dp/python-component-28wip7@sha256:20c29469db240c861b36091a172a5515b5069272e38be8a863e8c8eaefdf3306 [2026-07-03T09:17:04,212750261+00:00] End upload-sbom