Signing an attestation generates a misleading warning

[crispysipper]

Description

We are using cosign to do a number of signing/attesting/verifying tasks within our secure supply chain pipelines and all work very well. Also, we use our own PKI to sign artifacts with cosign. However, included in one of the jobs is an attestation piece (all variables have been verified):

DIGEST=$(skopeo inspect --format "{{ .Digest }}" "docker://${image}")
cosign attest --tlog-upload=false --yes --type cyclonedx --predicate ./artifacts/${artifactTag}-cyclonedx-sbom.json --key ${ARTIFACT_SIGNING_KEY} ${image}@${DIGEST}
cosign sign --key ${ARTIFACT_SIGNING_KEY} $(cosign triangulate ${image}@${DIGEST} --type attestation)

All of this works exactly as intended. However, the final command cosign sign --key blah blah results in the following warning:

WARNING: Image reference <harbor-registry>/<repo>/langgraph-cli:sha256-abc123.att uses a tag, not a digest, to identify the image to sign.
    This can lead you to sign a different image than the intended one. Please use a
    digest (example.com/ubuntu@sha256:abc123...) rather than tag
    (example.com/ubuntu:latest) for the input to cosign. The ability to refer to
    images by tag will be removed in a future release.

Again, this doesn't cause a functional error in the job but I am concerned that future releases could affect it. The warning message is misleading because it isn't an image reference at all, it is a reference to an attestation of an image and that is what we are signing in this command. This command is signing the attestation itself, not the image (that occurs in a separate job and works fine). It also IS referencing a digest, not a tag so that is a bit misleading as well.

Attestation artifacts will never have a format of example.com/ubuntu@sha256:abc123
Rather they'll have a reference like this: example.com/ubuntu:sha256-abc123.att

Version

cosign v2.4.1