chainloop
chainloop copied to clipboard
chainloop-dev
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
This PR improves the way `att push` result is shown. It uses now the status action logic (in `full` mode) before running the actual push to gather all the information...
now, `att push` supports both `-o json` and regular view. This task is about improving the default output to show something similar we show in our labs trust report https://github.com/chainloop-dev/chainloop/actions/runs/8938087539#summary-24551614195...
This PR creates a new implementation of a Tracker client based on Posthog. Users can deactivate telemetry by setting the env variable `DO_NOT_TRACK=1`, it follows the convention at: https://consoledonottrack.com/ Information...
The CLI and backend are rapidly evolving and currently there is no check to make sure CLI/Controlplane are compatible. This is problematic since for example @jp-gouin ran into the following...
https://docs.google.com/document/d/1zc_uYy8zQnx0u6YO6QKo1tw2iRJf4fuB4ofu7xWfCOM/ @jp-gouin shared some great feedback that we'd like to translate into actionable items. Thanks again for the feedback ```[tasklist] ### Tasks - [ ] https://github.com/chainloop-dev/chainloop/issues/796 ```
We want to be able to attest a gitHub release in an easy way. Ideally, we could have a reusable workflow/action that reacts to a `release` event and performs an...
Once we attest a GitHub release #788, we want to add a link to the public att endpoint https://app.chainloop.dev/attestation/sha256:deadbeef. This is an [example](https://app.chainloop.dev/attestation/sha256:c69944533417b25cb9991ef1875ec38ded57fea3c5612e77b24c23d5dcee0af4). Note that it uses the sha of...
Implement a workflow that translates github releases to chainloop attestations. - It should work with a single API token - It can create a workflow automatically - It will download...
If we want to upload any artifact to an attestation, we might need to allow some sort of empty contract or a contract that allows you to add arbitrary information.
We'd like to add some basic, anonymous, optional telemetry in the CLI that could help us understand what commands are being used. - ID must always be protected and anonymous,...
Metadata
Owner
Metadata
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.