[2026-05-12T10:30:23,057618739+00:00] Upload SBOM Using token for quay.io/rhtap_qe/default-tenant/java-quarkus-177858133 Pushing sbom to registry [retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/rhtap_qe/default-tenant/java-quarkus-177858133:dd724423bed401cd77af9d5d96b6b8c97343a8ee@sha256:fa883e115e4b45a4a5de5527694b1de1d0702e68523b5fbb6f568c9f349813e3 WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key '. Uploading SBOM file for [quay.io/rhtap_qe/default-tenant/java-quarkus-177858133@sha256:fa883e115e4b45a4a5de5527694b1de1d0702e68523b5fbb6f568c9f349813e3] to [quay.io/rhtap_qe/default-tenant/java-quarkus-177858133:sha256-fa883e115e4b45a4a5de5527694b1de1d0702e68523b5fbb6f568c9f349813e3.sbom] with mediaType [text/spdx+json]. quay.io/rhtap_qe/default-tenant/java-quarkus-177858133@sha256:e76522a9d78e1bef80912505dca11e566100f5fbde9f58f937250b895556da1fInitializing TUF root from http://tuf.tsf-tas.svc.cluster.local [retry] executing: cosign initialize --root http://tuf.tsf-tas.svc.cluster.local/root.json --mirror http://tuf.tsf-tas.svc.cluster.local WARNING: Fetching initial root from URL without providing its checksum is deprecated and will be disallowed in a future Cosign release. Please provide the initial root checksum via the --root-checksum argument. [2026-05-12T10:30:26,726960021+00:00] Sign SBOM Signing and attaching SBOM to quay.io/rhtap_qe/default-tenant/java-quarkus-177858133:dd724423bed401cd77af9d5d96b6b8c97343a8ee@sha256:fa883e115e4b45a4a5de5527694b1de1d0702e68523b5fbb6f568c9f349813e3 using keyless signing [retry] executing: cosign attest -y --type spdxjson --predicate sbom.json --rekor-url=http://rekor-server.tsf-tas.svc.cluster.local --fulcio-url=http://fulcio-server.tsf-tas.svc.cluster.local --oidc-issuer=https://oidc.op1.openshiftapps.com/2jtsga3i2etnl697l7bk5i1kmbm4a95j quay.io/rhtap_qe/default-tenant/java-quarkus-177858133:dd724423bed401cd77af9d5d96b6b8c97343a8ee@sha256:fa883e115e4b45a4a5de5527694b1de1d0702e68523b5fbb6f568c9f349813e3 Using payload from: sbom.json Generating ephemeral keys... Retrieving signed certificate... Successfully verified SCT... The sigstore service, hosted by sigstore a Series of LF Projects, LLC, is provided pursuant to the Hosted Project Tools Terms of Use, available at https://lfprojects.org/policies/hosted-project-tools-terms-of-use/. Note that if your submission includes personal data associated with this signed artifact, it will be part of an immutable record. This may include the email address associated with the account with which you authenticate your contractual Agreement. This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later, and is subject to the Immutable Record notice at https://lfprojects.org/policies/hosted-project-tools-immutable-records/. By typing 'y', you attest that (1) you are not submitting the personal data of any other person; and (2) you understand and agree to the statement and the Agreement terms at the URLs listed above. tlog entry created with index: 45 [2026-05-12T10:30:30,193722884+00:00] End upload-sbom