WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Downloading SBOMs this way does not ensure its authenticity. If you want to ensure a tamper-proof SBOM, download it using 'cosign download attestation '. Found SBOM of media type: text/spdx+json Detected base images from amd64 SBOM: registry.access.redhat.com/ubi8/openjdk-17 registry.access.redhat.com/ubi8/openjdk-17-runtime Images to be checked: registry.access.redhat.com/ubi8/openjdk-17 registry.access.redhat.com/ubi8/openjdk-17-runtime Querying Red Hat Catalog for registry.access.redhat.com/ubi8/openjdk-17. Running conftest using /project/repository/ policy, required_checks namespace. [ { "filename": "/tmp/ubi8/openjdk-17/repository_data.json", "namespace": "required_checks", "successes": 1 } ] [SUCCESS] Image registry.access.redhat.com/ubi8/openjdk-17 is valid Querying Red Hat Catalog for registry.access.redhat.com/ubi8/openjdk-17-runtime. Running conftest using /project/repository/ policy, required_checks namespace. [ { "filename": "/tmp/ubi8/openjdk-17-runtime/repository_data.json", "namespace": "required_checks", "successes": 1 } ] [SUCCESS] Image registry.access.redhat.com/ubi8/openjdk-17-runtime is valid {"result":"SUCCESS","timestamp":"2026-07-01T11:24:05+00:00","note":"Task deprecated-image-check completed: Check result for task result.","namespace":"required_checks","successes":2,"failures":0,"warnings":0} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/group-opqj/konflux-test-integration-clone-jm0730:on-pr-9f56b8ed09f83b6d90763e9a7fcd2d5e8aff3dda", "digests": ["sha256:52de61776aacd06432142b29d0aef00f5c2b966b62cb6b20c26c04bfd58fa1be"]}}