chainloop
chainloop copied to clipboard
chainloop-dev
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
There are some queries that can be improved in terms of performance by adding some indexes, for example the retrieval of workflow runs based on a workflow, currently, the SQL...
Quick PR to update the values.yaml example, as it included an invalid name.
CLI supports overwriting materials with multiple `att add --name material-name` calls. When this happens, evaluations should be reset as well.
The goal is to avoid having duplicated policies in a contract, applied to the same materials/attestation. The check could be done during contract crafting, but also at attestation time. It...
When a remote policy fails to be fetched we show an error that doesn't tell me which one actually failed. We should show which one couldn't be loaded. ``` chainloop...
Currently, policy attachments are not validated (other than plain protobuf validation). The goal is to perform a server-side validation for remote policies. This is: 1) parse contract for remote policies,...
We are currently showing validations errors like this excerpt from https://github.com/chainloop-dev/chainloop/issues/1206 ``` chainloop workflow create --name build --project xy --team abc ERR failed to create workflow: rpc error: code =...
From [https://github.com/bitnami/charts/pull/27100#issuecomment-2256043379](https://github.com/bitnami/charts/pull/27100#issuecomment-2256043379) NOTE: It's essential to evaluate and discuss each breaking change we might add to the chart. ```[tasklist] ### Tasks - [x] Openshift settings - [x] hardcoded ports in...
To avoid problems like this one https://github.com/chainloop-dev/chainloop/issues/1189 we should add some basic CI checks for the Helm Chart rendering. What I'd do - On PR, if the helm chart directory...
it would be useful to have something like `chainloop policy eval` that receives a material and a policy (file, URL) and returns a report with potential violations. I would be...
Metadata
Owner
Metadata
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.