Skip to main content
This feature is only available on Chainloop’s platform paid plans.

Overview

Ask Chainloop is a native natural language interface embedded directly in the Chainloop Web UI. It lets you query your supply chain data, check compliance status, explore artifacts, and get answers about your organization’s security posture — all through conversational prompts, without leaving the dashboard. Ask Chainloop uses the same tooling as the Chainloop MCP server, but requires zero local configuration. It runs entirely within the platform using your existing web session.

Why Ask Chainloop

Consuming and correlating supply chain data typically requires navigating the Web UI or using the API. The MCP server provides a powerful integration for AI clients, but requires setting up a local client and configuring connections. Ask Chainloop removes that barrier:
  • Zero configuration — no local binaries, API keys, or MCP client setup. It uses your existing session.
  • Contextual awareness — the assistant knows which page you’re viewing and can tailor responses to your current context.
This makes supply chain intelligence accessible to everyone in the organization, from developers checking their project’s compliance to stakeholders reviewing a product’s security posture.

Prerequisites

Ask Chainloop requires an AI provider to be configured in your organization. Configure an AI provider in your organization’s Integrations page before getting started.

How to Use

Open the Ask panel from anywhere in the dashboard:
  • Click the Sparkles icon in the top navbar
  • Press Cmd+K (or Ctrl+K) to toggle the panel
The panel opens on the right side of the screen. Type your question and press Enter to send. The assistant streams its response in real time. Your conversation persists as you navigate between pages within the same organization. Switching organizations starts a fresh conversation.

Tips for Better Results

  • Be specific — include project names, version numbers, or framework names. “Show compliance for the backend project against SLSA” works better than “show compliance.”
  • Start with action verbs — “List,” “Show,” “Compare,” “Describe” help the assistant understand what you need.
  • Add scope — narrow your question to a project, product, or version. The more context you give, the more precise the answer.
  • Ask follow-ups — the assistant remembers your conversation. Start broad (“list my products”) then drill down (“show the compliance status for the latest version of that first one”).
  • Use the page context — the assistant knows which page you’re on. If you’re viewing a project, you can ask “what policies apply here?” without repeating the project name.

Limitations

  • Read-only — Ask Chainloop can query and retrieve data but cannot create, modify, or delete any resources (projects, policies, contracts, workflows, etc.).
  • Responses may be inaccurate — AI-generated responses can contain mistakes. Always verify critical information before acting on it.
  • Scoped to your organization — the assistant can only access data within your current organization and respects your existing permissions.
  • No conversation history — each session starts fresh. Conversations are preserved while navigating within the same organization, but there is no way to save or revisit past conversations.

Capabilities

Ask Chainloop has access to the following tools to answer your questions:

Organization and Discovery

  • View account details and organization information
  • Find evidence or materials by SHA256 digest, with full relationship tracing

Products, Projects, and Versions

  • List and inspect products with their version history
  • List and inspect projects

Compliance

  • Evaluate compliance against security frameworks (SLSA, CRA, SSDF, and custom frameworks)
  • Get aggregated compliance status across products with per-project breakdowns
  • List and describe available frameworks and their requirements

Evidence and Artifacts

  • List evidence artifacts with filtering by kind (SBOM, SARIF, container image, JUnit XML, and more)
  • Download evidence content by digest
  • View policy evaluation results for specific versions

Components

  • List software components and packages with filtering by project or product
  • Get detailed component information with dependency relationships

Policies and Contracts

  • List policies (custom and built-in) and policy groups
  • List and describe workflow contracts with their full schema