[2026-05-19T00:37:22,277342084+00:00] Upload SBOM
INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt
'/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt'
Using token for quay.io/redhat-appstudio-qe/group-lbpf/konflux-test-integration-clone-v4lsfu
Pushing sbom to registry
[retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/group-lbpf/konflux-test-integration-clone-v4lsfu:on-pr-ef3b87ba148644c3808df9d7f5dab7b9ecd29658@sha256:5a17239a12f996c2084452cbacf16316d64d51acd873313361303e030afd3fe2
WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations.
WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key <key path>'.
Uploading SBOM file for [quay.io/redhat-appstudio-qe/group-lbpf/konflux-test-integration-clone-v4lsfu@sha256:5a17239a12f996c2084452cbacf16316d64d51acd873313361303e030afd3fe2] to [quay.io/redhat-appstudio-qe/group-lbpf/konflux-test-integration-clone-v4lsfu:sha256-5a17239a12f996c2084452cbacf16316d64d51acd873313361303e030afd3fe2.sbom] with mediaType [text/spdx+json].

quay.io/redhat-appstudio-qe/group-lbpf/konflux-test-integration-clone-v4lsfu@sha256:07261c410eb07a9bd6252b1c6e3e048a09ab1d36ff2b576c779efed337a7d150
[2026-05-19T00:37:48,173282640+00:00] End upload-sbom