chainloop
chainloop copied to clipboard
chainloop-dev
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
I hit an error when trying to start the attestation crafting process. The error is: ```shell chainloop --debug attestation init DBG loaded token from robot account DBG Retrieving attestation definition...
My ghcr.io token has expired, and all my attestations are failing now. I am getting inconsistent error messages. - I get `ERR adding material: crafting material: uploading material: rpc error:...
In https://github.com/chainloop-dev/chainloop/pull/247 (part of #201), we've added inline CAS option, which means that attestation can include artifact data embedded. The good thing is that users can get started using Chainloop...
Currently we offer a way to extend Chainloop via a [`core plugins` SDK](./app/controlplane/plugins). This mechanism has the limitation that it requires the plugin to be added to Chainloop's Control Plane...
It's getting fairly common for build systems to output not only the artifact they are building i.e `container image` but also a in-toto attestation in the form of slsa provenance....
A common use-case for people building and signing container images is to use cosign. Cosign allows not only to sign such container images but also in-toto attestations and SBOMS. An...
**The problem** We have automation triggered periodically every X minutes, which scans the OCI registry for new updated artifacts/metadata, processes it, and pushes it to chainloop. We want to ensure...
Build the chainloop tools container image during the release process. We will use this image in various automations/integrations. The image will include the latest version of Chainloop CLI and: -...
Create a Google Cloud Storage plugin. We can extract it from #211
https://github.com/chainloop-dev/chainloop/pull/191 added support for a generator that keeps extension Readme files up to date with their input schema information. We'd like to extend this generator to inject additional metadata such...
Metadata
Owner
Metadata
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.