[2026-07-03T11:18:39,498171403+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/group-lwmb/konflux-test-integration-clone-hafkak Pushing sbom to registry [retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/group-lwmb/konflux-test-integration-clone-hafkak:281b58a2e4a81f147d392b823983af9466a68638@sha256:56720ea13a829e8a0c7066e9161a69fea5519622f928523c272cc6a4e7d0d279 WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key '. Uploading SBOM file for [quay.io/redhat-appstudio-qe/group-lwmb/konflux-test-integration-clone-hafkak@sha256:56720ea13a829e8a0c7066e9161a69fea5519622f928523c272cc6a4e7d0d279] to [quay.io/redhat-appstudio-qe/group-lwmb/konflux-test-integration-clone-hafkak:sha256-56720ea13a829e8a0c7066e9161a69fea5519622f928523c272cc6a4e7d0d279.sbom] with mediaType [text/spdx+json]. quay.io/redhat-appstudio-qe/group-lwmb/konflux-test-integration-clone-hafkak@sha256:e71b7b8c76bf562dae7f5e066f786d87456486f7e04f9a7d4bd3466668494f0d [2026-07-03T11:19:19,043925896+00:00] End upload-sbom