We do not publish a SHA56 checksum for the SBOM files. At the moment the solaris simple jobs do produce one and so if you attempt to use the release tool with */OpenJDK then you need to explicitly exclude the *sbom*sha256.txt file.

The best solution here would be to ensure that it is not generated as part of

so that there is no risk of it appearing and being published.