chainloop
chainloop copied to clipboard
chainloop-dev
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
Current behaviour interprets them as CSV, converting them to multivalued arguments. There should be a way to escape the `,` and skip the CSV conversion. For example: ```yaml policies: materials:...
Currently, we only allow adding annotations defined in the contract. Similarly to contractless attestations we should allow adding arbitrary annotations
In order to communicate that there is a new version of the contract we could show a warning message during the attestation process
For example https://github.com/chainloop-dev/chainloop/releases/tag/v0.180.0
It'd be nice to have another level of debug in which we can see calls to server APIs being made by the CLI. Also, the debug level is not very...
`chainloop attestation [subcommand]` has the --org option flag available but in reality, that one is not used for those commands. This task is about removing the flag for those subcommands.
We are gradually transitioning away from using Chainloop Labs and adopting standard CLI commands directly, avoiding embedding them within workflows. The objective of this task is to migrate the following...
Metadata
Owner
Metadata
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.