Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
-
Updated
Oct 3, 2024 - Go
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
A demonstration of showing how to use 💃SLSA 3 Generic Generator with GoReleaser to release artifacts while generating signed SLSA provenance
Generates SBOMs remotely in a verifiable manner (SLSA Build L3)
A Jenkins plugin to create SLSA provenance attestations
Create SLSA Provenance from nix flake
SLSA generate and verify provenance demo
Jenkins Shared Library
Ensignia Provenance Upload Action
Add a description, image, and links to the slsa-provenance topic page so that developers can more easily learn about it.
To associate your repository with the slsa-provenance topic, visit your repo's landing page and select "manage topics."