Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
-
Updated
Sep 9, 2024 - Go
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
A demonstration of showing how to use 💃SLSA 3 Generic Generator with GoReleaser to release artifacts while generating signed SLSA provenance
Generates SBOMs remotely in a verifiable manner (SLSA Build L3)
A Jenkins plugin to create SLSA provenance attestations
Create SLSA Provenance from nix flake
SLSA generate and verify provenance demo
Jenkins Shared Library
Ensignia Provenance Upload Action
💃 GitHub Action for installing the slsa-verifier CLI tool
Add a description, image, and links to the slsa-provenance topic page so that developers can more easily learn about it.
To associate your repository with the slsa-provenance topic, visit your repo's landing page and select "manage topics."