The manylinux_2_28 image is AlmaLinux 8 based, so perhaps their wiki page can help get those SBOMs generated: Codenotary SBOM integration · AlmaLinux/build-system Wiki · GitHub
They have a Python tool for generating the SBOMs on, what appears to be, a per package basis. The page also refers to a git based notary service, but I’m deep enough into all this to be able tell, whether we need something like that as well.
One issue I can see with going down this rabbit hole is rather frequent changes to SBOMs of those images (eg. due to security fixes), so I guess there’s a versioning challenge to be solved (possibly using git hashed).