chainloop
chainloop copied to clipboard
chainloop-dev
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
To prevent the attestation from growing a lot, we could leverage our CAS to store the evaluated policies and then we just add the digest to the policy evaluation. Embedded...
Having the organizations instrumented bring us the opportunity to establish alerts based on those metrics. The goal of the task would be to write some set of Alertmanager rules based...
when reference a policy, it would be useful to pin them by hash, just to ensure that the policy version at schema creation time is the one used at evaluation...
Containers are a special case, since the material content is the manifest, which must be pulled before evaluating the policy. This feature will allow to create policies of type `CONTAINER_IMAGE`...
Since Prometheus Integration it's something users will leverage using an API Token, let's create a specific CAS bin rule to fine grained the feature. The goal of the task is...
In order to let end users to register a new Prometheus integration, we need to expose it in the CLI. That is, given the users the opportunity to register a...
Currently, adding a custom AWS-S3 CAS backend (with a custom endpoint) fails if the scheme is not part of the URL. For example: $ chainloop cas-backend add aws-s3 --endpoint hostname:port...
``` Error: INSTALLATION FAILED: rendered manifests contain a resource that already exists. Unable to continue with install: ClusterRole "chainloop-dex" in namespace "" exists and cannot be imported into the current...
today, we expose the versions of the application via `infoz` endpoints but it would be useful if we could also log it at boot, so we have access to that...
Metadata
Owner
Metadata
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.