chainloop
chainloop copied to clipboard
chainloop-dev
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
The current flow requires an explicit username password pair. I believe security could be enhanced with JIT credentials with short-expiry times. The easiest would be to leverage existing local .docker...
Currently `app/controlplane/api/controlplane/v1/workflow_run.proto` has two services defined, one associated with workflow runs operations and another one about the attestation process. https://github.com/chainloop-dev/chainloop/blob/e770faeeed854cfcff45a06100f9a2eef57d779a/app/controlplane/api/controlplane/v1/workflow_run.proto#L27-L41 This task is about extracting the `AttestationService` (and associated req/resp...
Currently, the control plane generates three JSON Web Tokens for different purposes. ### a) User JWT This one is generated once an user authenticate with the control plane, i.e `chainloop...
Currently, once a workflow is create with a `name` `project`, `team` and optionally a contract, it can not be changed. We should allow user to be able to * update...
Goreleaser has [a mechanism](https://goreleaser.com/customization/release/) to add additional footer metadata to each release. We could leverage this feature to add next steps such as the following in our `.goreleaser.yml` file ```yml...
We should document the options present in the control plane configuration file https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/internal/conf/conf.proto#L69 Specially the `authentication settings`.
Currently, the CLI allows configuration overrides via the `config save` ``` Persist the current settings to the config file Usage: chainloop config save [flags] Examples: chainloop config save --control-plane localhost:1234...
Shows just the gRPC error not the whole wrapped chain to the user for expected gRPC errors. Examples Before ``` $ go run main.go --insecure org api-token create --name test...
This PR fixes 2 issues: * properly wrap upstream error * add provider and policy name to the error messsage ``` ERR applying policies to statement: policy error: loading policy...
To prevent template errors like [this one](https://github.com/chainloop-dev/chainloop/pull/1226), the CI should render the template in development mode. ``` > helm template . --set development=true ```
Metadata
Owner
Metadata
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.