chainloop
chainloop copied to clipboard
chainloop-dev
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
In the context of supporting more backend technologies for keyless signing, we want to look into [Vault PKI](https://developer.hashicorp.com/vault/docs/secrets/pki) as a CA provider.
When creating a contract through the API, if it contains a typo on the actual fields of the json, it throws an error from the buf validation, we should return...
When invoking a `chainloop org member invite create` the identified `--recipient`, which does not send out an invite to join the organization. SMTP could be configured to enable the Chainloop...
This is if it's passed with full auto-discovery ``` Run jq -r .
The goal is to research the feasibility of integrating Chainloop and Sigstore by: * Letting users use a Fulcio instance to generate ephemeral signing certificates with the proper attributes (CTlog...
* look at keyfactor example * GitHub example, implement same thing
Currently, keyless signing is in production in experimental mode, as generated attestations are not yet verifiable (because generated certificate is not stored). This task is for implementing the full verification...
Based on [this discussion](https://github.com/chainloop-dev/chainloop/pull/964#discussion_r1642340663), we want to change the location of the new certs, basically, we will need to - Create dynamic mount points inside `/etc/ssl/cert_{i}.pem` so it doesn't override...
Two issues ## Job doesn't seem to fail if the workflow can't be created ## Wrong workflow name With a configuration like this one, I get the following error ```yaml...
Metadata
Owner
Metadata
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.