From 821bc66d8a68c7a2866715baf5bf7870d77782e1 Mon Sep 17 00:00:00 2001
From: Clement Bois <clement.bois@orange.com>
Date: Tue, 19 Aug 2025 16:40:11 +0200
Subject: [PATCH] fix(sign): support sbom attestation with parallel matrix

---
 templates/gitlab-ci-docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml
index 5e9d030..eb5e852 100644
--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -1320,7 +1320,7 @@ docker-sbom:
         log_info "Attaching attested SBOM to ${DOCKER_SNAPSHOT_IMAGE}..."
         install_cosign
         configure_cosign_private_key
-        $docker_cosign attest --key ${docker_cosign_private_key} ${DOCKER_COSIGN_OPTS} --predicate reports/docker-sbom-${basename}.cyclonedx.json ${docker_image_digest}
+        $docker_cosign attest --key ${docker_cosign_private_key} ${DOCKER_COSIGN_OPTS} --predicate reports/docker-sbom-${basename}.cyclonedx.json ${DOCKER_SNAPSHOT_IMAGE}
       fi
   artifacts:
     name: "SBOM for docker from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
-- 
GitLab