chainloop
chainloop copied to clipboard
chainloop-dev
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
Currently we have basic securityContext support in our chart, basically we require the user to put the rules in the values.yaml file and will get injected accordingly. Some of our...
I have a couple of usability suggestions that might be worth implementing - If we are using the discovery mode, i.e do not provide `kind`, and ends up falling back...
Currently, the chainloop CLI will try to gather information about your repository and if it finds it, it injects it in the in-toto attestation. This is useful but a problem...
When describing a workflow run by its id, it's failing due to an error when unmarshalling: ```bash $ chainloop --debug wf run ls DBG Telemetry enabled, to disable it use...
Some of the Chainloop crafters use a JSON schema approach for validation, meaning that incoming evidence is validated against a specified schema. Currently, the schemas are loaded in an `init`...
This is a follow up of the issue https://github.com/chainloop-dev/chainloop/issues/785. The current status at the time of writing is the following: - There is a reusable workflow on Chainloop labs: https://github.com/chainloop-dev/labs/blob/main/.github/workflows/chainloop_github_release.yml...
Chainloop should allow adding materials from remote services, using `https` protocol. This will allow users to quickly download and attest external artifacts. Example: ``` chainloop att add --value https://my.service.org/installer.tgz ```
Trying to attest an OCI chart ends up discovering an `STRING` material type, but it should be `HELM_CHART` instead. Running it in debug mode: ``` > cl att add --value...
We are missing some of the latest additions in the reference table. 
Contract-less materials have a configuration of `output: true` by default while being attested. This configuration was controlled by the contract with a field with the same signature the issue is...
Metadata
Owner
Metadata
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.