Changelog

Chainloop secures your software supply chain by automating compliance, ensuring traceability, and enhancing collaboration across Dev, Sec, and Ops. With real-time visibility, a centralized evidence store, and a curated policy library, it accelerates delivery and helps teams ship secure, compliant software faster.

Chainloop Documentation

Chainloop provides a centralized platform for artifact management, real-time visibility, and automated compliance for your Software Delivery Process.

Welcome to Chainloop

Quickstart

Overview

Setup

Your First Attestation

Set Metadata expectations

Set Policies expectations

Get an overview of the core concepts of Chainloop.

Attestations

Workflows

Contracts

Chainloop supports the following pieces of evidence types that can be attached during the attestation process.

Material Types

Implement control gates and security checks in your attestations.

Policies

Group policies together to simplify their management.

Policy Groups

Projects and Versions

Compliance Frameworks and Requirements

Integrations

Content Addressable Storage (CAS) backend

How to configure Chainloop to perform attestation from GitLab without the need to provide Chainloop API tokens.

Keyless Attestations in GitLab

How to generate SLSA provenance and how to add it to your Chainloop workflow.

Track SLSA level of your Project

Send SBOMs to Dependency-Track

Use Dagger With Chainloop

Use Keyfactor SignServer for attestation signing

How to monitor your CI/CD systems with Chainloop and Prometheus

Write custom policies

Audit Logs

Signing and Verification

Authentication Methods

Frequently Asked Questions

CLI Installation

CLI Command Reference

CLI Telemetry