Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
-
Updated
May 22, 2024 - Go
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
A BOM repository server for distributing CycloneDX BOMs
A standard API specification for exchanging CycloneDX BOMs
A GitHub Action that creates a SBOM from your application so you can meet compliance and security requirements. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements, and has the SBOM to show it!
Find & pull public SBOMs
Dockerfile and scripts to build a container image that facilitates generating and uploading Software Bill of Materials (SBOM) to sbom.sh utilizing various open-source SBOM tools such as Trivy, Grype, and Syft.
Add a description, image, and links to the sbom-distribution topic page so that developers can more easily learn about it.
To associate your repository with the sbom-distribution topic, visit your repo's landing page and select "manage topics."