chainloop
chainloop copied to clipboard
chainloop-dev
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
The way I could reproduce it was: - Start a remote attestation from a CI or somewhere else not local - Grab the attestation id - While the workflow is...
Currently you provide the parentID, would it be possible to also create the parent project?
``` docker build -t my-new-image . ``` ``` chainloop att add --value my-new-image --kind CONTAINER_IMAGE ERR adding material: crafting material: GET https://index.docker.io/v2/library/my-new-image/manifests/latest: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:library/my-new-image Type:repository]] ```
The goal of this feature request is to allow to write custom logic that extracts information from the attestation context and adds it to the final statement. Examples of such...
## query 1 The following query is called quite often during the attestation process or even more taking into account the numbers shown by performance insights. ```sql SELECT DISTINCT "workflow_contract_versions"."id",...
I've deployed an instance of Chainloop in dev mode called `test` and it seems to expect dex to be under `chainloop-dex` when in reality the service name is called `test-dex`...
To perform a release we tag a commit that triggers the release job. As a way to make sure the new version is the one that was prereleased and added...
## Summary Add support for explicitly disabling specific policies within a policy group by specifying their metadata names in a skip list. Users can now selectively exclude policies from evaluation...
Currently, when you reference a policy group, all the policies inside are created. My proposal is to have an attribute in the attachment of the policy groups in the contract...
This adds a utils script to add license information to the sboms. If the license info for the Atlas components is missing, it enhances the SBOM by adding the "license.id":...
Metadata
Owner
Metadata
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.