Skip to main content
This feature is only available on Chainloop’s platform paid plans.
Important: A “project” is different than a “product”, as well as a “project version” is different than a “product version”.Project versions represent the version of the component while product versions represent the version of the product. Products and project versions can evolve independently.
Products can be seen as a collection of projects (components) to enable product management capabilities and become an entry point to manage compliance, alerting, and user access configuration at scale. Products can be organized within Business Units, which are top-level organizational entities that help structure your organization by grouping related products together. This includes, but is not limited to, being able to:
  • Organize products within Business Units for better organizational structure and management
  • Attach frameworks at the product level, including applicability configuration, and get aggregated compliance reports.
  • Manage user access (RBAC) at the product level that can be used for product management functions, as well as giving users access to the underlying projects today.
  • (not yet available) Offer product release management capabilities that include the ability to track versions of a product that are linked to the versions of the underlying projects.

Creating a product

Products can be created only through the Chainloop UI.
  1. Navigate to the Products section in the left sidebar.
  2. Click on the Create Product button.
Create products
  1. Fill in the product details:
    • Name: The name of the product.
    • Description: A brief description of the product.
    • Business Unit (optional): Select a business unit to associate this product with for organizational purposes.
  2. Click on Create to finalize the product creation.
You can assign products to Business Units to organize them by department, division, or any other organizational structure that makes sense for your company.

Creating a product version

Important: A “project” is different than a “product”, as well as a “project version” is different than a “product version”.Project versions represent the version of the component while product versions represent the version of the product. Products and project versions can evolve independently.
Product version help you manage different releases or frozen states of your product. While creating a new version you can select the projects and the versions it should contain as well as enabling the applicability configuration. Product version form

Configuring compliance applicability

The Compliance Applicability matrix allows you to define compliance applicability at the product level and tweak it down to the project level. This sounds complicated, but long story short, it allows compliance and product managers to mark frameworks as a whole or specific requirements as non-applicable (optionally providing a reasoning) for specific underlying projects, reducing the configuration burden. Let’s see an example. Below, you can see a compliance applicability configuration for the compliance framework “Chainloop best practices.” On the left side, you can see the applicability for the whole product version (Chainloop Platform v1.235) and whether the underlying projects inherit or “override” the applicability. Compliance Applicability Matrix At the product level, we are disabling “helm-chart-signed” requirement, indicating the rationale. Further down, in the CLI, we indicate that the container-signed requirement does not apply to this project either. Compliance Applicability Matrix

Adding users and groups to a product

  1. You can manage user access by clicking the “Manage members and groups” option within the product. members
Users and groups can be added to the product with specific roles, such as Product Admin or Product Viewer.
  • Product Admins have full access to manage the product, including attaching compliance frameworks and managing user access.
  • Product Viewers have read-only access to the product and its associated projects, unless they have a specific project role that grants them additional permissions.
roles

Editing products

Select “Edit Product” in the product menu to edit the product properties, including attaching additional compliance frameworks. edit product

Release a version

At any time you can release a version of your product by clicking on the “Release” button in the product version menu. This will pin the underlying projects to the current version in practice creating an snapshot of the product compliance posture.
I