chainloop
chainloop copied to clipboard
chainloop-dev
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
The documentation and README still contain references to the oci-registry plugin.
I've noticed some orgs without the `inline cas backend`, we should check why it is not there, if it can be removed, and what's the behavior of the `fallback` flag.
Currently, when you receive an invitation to an org, the way to accept it is to register/login `auth login`. This can be confusing and not documented anywhere, so we might...
I've noticed that some runs were not being sweeped to `expired` state. We have a periodic run that checks for in-progress runs that are older than 1 hour, but this...
Add support for a new material type that contains the result of running OSSF [Scorecard](https://github.com/ossf/scorecard) For example, [this action](https://github.com/chainloop-dev/chainloop/blob/main/.github/workflows/scorecards.yml) does 3 things - analyze the repository - sends the result...
To be able to on-demand expose Prometheus metrics related to a given organization/workflow via a custom, protected metrics endpoint. ```[tasklist] ### Tasks - [ ] https://github.com/chainloop-dev/chainloop/issues/1098 - [ ] https://github.com/chainloop-dev/chainloop/issues/1118...
We are currently leveraging this library https://github.com/hedwigz/entviz to generate a visualization of the control plane schema And it will get generated automatically as part of code generation https://github.com/chainloop-dev/chainloop/blob/041cd2daf5f93b3d73b4341ebcd79d195a2ac36e/app/controlplane/internal/data/ent/entc.go#L33 You can...
Currently, the data model root is namespaced (soft multi-tenancy) by an organization entity. Users are connected to different organizations through memberships, and the way we decide which one if the...
It seems that the packaging helm chart action is overriding (re-pushing) the chart. This job happens when a change in the templates is found, but doesn't take into account if...
Latest version of go includes structured logging which can interoperate with a zap backend, which is what we use. It looks like slog could be q native replacement from Kratos...
Metadata
Owner
Metadata
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.