--project
flag with the value myproject
, so let’s inspect it in the project view.

Enabling compliance through products
In addition to the project concept that enables workflow, policy, and evidence aggregation, Chainloop also introduces the concept of product. Products can be seen as a collection of projects (components) to enable product management capabilities and become an entry point to manage compliance, alerting, and user access configuration at scale. To enable compliance, you need to create a product and then 1) attach the project to it 2) attach the compliance frameworks that we want to use, in our case we will use theSLSA
and chainloop-best-practices
frameworks



Manage Project Versions
Important: A “project” is different than a “product”, as well as a “project version” is different than a “product version”.Project versions represent the version of the component while product versions represent the version of the product.
Products and project versions can evolve independently.
none
value for now. Chainloop allows you to create versions of your project, so all the compliance data can be aggregated by version. To learn more about versions, check this guide.
Let’s try to perform the same attestation than before but this time providing the --version
flag with the value 1.0.0
.
1.0.0
in the selector up top

Aggregate data
As mentioned before the goal of this view is to show you a high-level, aggregated view of your project workflows, pieces of evidence, policy evaluations and compliance score for each version. So let’s try to perform another attestation but this time from another workflow