[2026-07-01T16:05:38,212589076+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf Pushing sbom to registry [retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3@sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key '. Uploading SBOM file for [quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb] to [quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:sha256-311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb.sbom] with mediaType [text/spdx+json]. quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:5f3f367f2113a789ab219c97fec79bbd07e160c9d04598714b424671bb82d4ab [2026-07-01T16:06:18,658772107+00:00] End upload-sbom