diff --git a/.github/workflows/policy-tester-examples.yml b/.github/workflows/policy-tester-examples.yml
index 42b69f37c..d1bf076f6 100644
--- a/.github/workflows/policy-tester-examples.yml
+++ b/.github/workflows/policy-tester-examples.yml
@@ -60,7 +60,9 @@ jobs:
           -p 5000:5000 \
           registry:2
 
-    - name: Example (keyless-attestation-sbom-spdxjson)
+    # This example requires public Fulcio, only run on push to main
+    - if: ${{ github.event_name == 'push' }}
+      name: Example (keyless-attestation-sbom-spdxjson)
       working-directory: ./src/github.com/${{ github.repository }}/examples
       run: |
         REF="localhost:5000/examples/keyless-attestation-sbom-spdxjson"
diff --git a/.gitignore b/.gitignore
index ab4103d7b..acb7f7df3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -32,4 +32,3 @@ policyImagerefs
 **verify-experimental*
 
 policy-tester
-spdx-sbom.json