Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
-
Updated
Nov 15, 2024 - Go
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.
Enabling Software Supply Chain Security Capabilities in ArgoCD
in-toto is a framework to secure the software supply chain.
Github Action implementation of SLSA Provenance Generation
Pipeline for patching CVEs in container images 💉📦
Prototype in-toto attestation verifier based on ITE-10 and ITE-11 layouts
Library to create, verify, and evaluate policy for attestations on container images
A wrapper for running in-toto commands and using dbom repositories as the storage medium for the in-toto attestations
A paper on supply chain security in software development for Uni.
Jenkins Shared Library
Add a description, image, and links to the in-toto topic page so that developers can more easily learn about it.
To associate your repository with the in-toto topic, visit your repo's landing page and select "manage topics."