chainloop
chainloop copied to clipboard
chainloop-dev
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
Trying to add a material on a non initialized attestation, it's wrongly retried with exponential backoff: ``` cldev att add --value test/cyclonedx.json DBG using config file path="/Users/jiparis/Library/Application Support/chainloop/config.devel.toml" WRN API...
Currently, policy evaluations are reported as a single `violations` rule result, that will contain elements in the case of non compliance. However, if the policy couldn't be evaluated (because of...
We do not add the component for which the SBOM was generated against. This is stored inside the SBOM itself in the component structure (at least in cycloneDX generated by...
Currently, arguments are all interpreted as strings, supporting array of strings either in the form of comma separated values, or line feeds. However, real arrays or numeric values are not...
If you do not provide this value in the values.yaml file, it gets autogenerated. The issue with this approach is that you lose reproducibility. We could force the users to...
You can now sign and verify using a [Signserver](https://www.signserver.org/) instance but currently we do not support any kind of authentication. Signserver OSS supports a bunch of [authorizers](https://docs.keyfactor.com/signserver/latest/authorizers), this task is...
Similarly to what we do with SBOMs?
Have a way to define selectors so the plugin can choose wether to send the data or not.
Metadata
Owner
Metadata
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.