Chainloop is under active development and you should expect breaking changes before the first stable release. If you are interested in contributing, please take a look at our contributor guide.
Chainloop is an open source software supply chain control plane, a single source of truth for artifacts plus a declarative attestation process.
With Chainloop, SecOps teams can declaratively state the attestation and artifacts expectations for their organization’s CI/CD workflows, while also resting assured that latest standards and best practices are put in place.
Developer teams, on the other hand, do not need to become security experts, the attestation crafting tool will guide them with guardrails and a familiar developer experience.
See the getting started guide for detailed information on downloading and configuring the Chainloop Command Line Interface (CLI)
The result is having a SLSA level 3 compliant single Source of truth for artifacts and attestation built on OSS standards such as Sigstore, in-toto, SLSA and OCI.