Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
-
Updated
Dec 20, 2024 - Go
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
Example project using SLSA 3 Generic Generator with GoReleaser
A Jenkins plugin to create SLSA provenance attestations
Generates SBOMs remotely in a verifiable manner (SLSA Build L3)
Create SLSA Provenance from nix flake
SLSA generate and verify provenance demo
Jenkins Shared Library
Ensignia Provenance Upload Action
Add a description, image, and links to the slsa-provenance topic page so that developers can more easily learn about it.
To associate your repository with the slsa-provenance topic, visit your repo's landing page and select "manage topics."