[2026-06-30T23:34:22,953161663+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/group-c3xw/go-component-9h1qxd Pushing sbom to registry [retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/group-c3xw/go-component-9h1qxd:on-pr-6a8c68b7e23193f05a9f1beefe09da55513f17b7@sha256:11b23e6d1aaae7f487679412d8a7b6fe96e8027ef4232dc31ec1bf0e8b475a94 WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key '. Uploading SBOM file for [quay.io/redhat-appstudio-qe/group-c3xw/go-component-9h1qxd@sha256:11b23e6d1aaae7f487679412d8a7b6fe96e8027ef4232dc31ec1bf0e8b475a94] to [quay.io/redhat-appstudio-qe/group-c3xw/go-component-9h1qxd:sha256-11b23e6d1aaae7f487679412d8a7b6fe96e8027ef4232dc31ec1bf0e8b475a94.sbom] with mediaType [text/spdx+json]. quay.io/redhat-appstudio-qe/group-c3xw/go-component-9h1qxd@sha256:6bedc6bb7bbeade977e0bdaf8500d7aa71cbca468d48edb75730d89b79243729 [2026-06-30T23:35:03,509760370+00:00] End upload-sbom