chainloop
chainloop copied to clipboard
chainloop-dev
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
We could look into implementing a fanout integration with [defectdojo](https://www.defectdojo.org) More information on how to implement a plugin can be found [here](https://github.com/chainloop-dev/chainloop/tree/main/app/controlplane/plugins#how-to-create-a-new-plugin) ```[tasklist] ### Tasks - [ ] research functionality,...
A passive authentication mechanism would leverage the existing GITHUB_TOKEN to authenticate/authorize existing workflows against chainloop. This would mean: * GH Token should be verified against GH well-known public key *...
We [currently support](https://docs.chainloop.dev/reference/operator/contract#material-schema) CSAF_VEX. This task aims to add support for [other profiles](https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/csaf-v2.0-cs03.html#4-profiles). - [Examples](https://github.com/oasis-tcs/csaf/tree/master/csaf_2.0/examples/csaf) - [FAQ](https://github.com/oasis-tcs/csaf/blob/master/csaf_2.0/guidance/faq.md) - [GitHub Repository](https://github.com/oasis-tcs/csaf/tree/master)
Currently we support up to 1.5 https://cyclonedx.org/news/cyclonedx-v1.6-released/ For the record this is a task we did for 1.5 that could show you how to achieve this https://github.com/chainloop-dev/chainloop/issues/210
Now that we have api-tokens that can be used in automation to for example update contracts. We can now define gitops based contract updates in a repository. In addition to...
The main goal of the task is to introduce Chainloop CLI to the test process during the release, aka, only when `main` is the target branch. Evaluate if we can...
This is a feature request to provide a basic `launch.json` VSCode file to easily run and debug Chainloop services, mainly the Control Pllane and the CAS. Unfortunately, VS Code only...
Right now the current callback of performing the authentication is a basic HTML, we could potentially change it and make it prettier.
Currently, the referrer API service contains two endpoints, one public and one private https://github.com/chainloop-dev/chainloop/blob/ab86233ffb7f57307b6032b18aea416d5799bfcf/app/controlplane/api/controlplane/v1/referrer.proto#L26-L33 The private one returns information from any of your organizations while the public one only information...
Metadata
Owner
Metadata
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.