Skip to main content
This feature is only available on Chainloop’s platform paid plans.
Chainloop can onboard your software in two ways: connect a source-code repository so Chainloop can watch and scan it automatically, or start with a project only and send attestations from any CI/CD pipeline. The Create Project wizard guides you through either path.

The two paths

Connect a repository

Link a GitHub or GitLab repository. Chainloop prefills the project details and can run PR/MR validation and security scans server-side — no CI changes required.

Start without a repository

Create a project with just a name and description. Instrument any CI/CD pipeline with the Chainloop CLI and link a repository later.

What connecting a repository unlocks

A managed vulnerability scan surfacing a failing finding on a connected repository
  • Managed workflows — SCM configuration checks and security scanners run automatically, server-side, against your repository code.
  • AI auto-remediation — for vulnerability findings, Chainloop assesses the issue with AI and proposes a fix as a pull/merge request. See Vulnerability Management.
  • AI agent tracking — Chainloop watches AI agent configuration files in your repository for drift.

Steps

1

Connect GitHub or GitLab

A one-time, organization-level connection from the Integrations section.
2

Create a project

Use the Create Project wizard to name the project and link a repository.
3

Configure workflows

Choose which built-in and managed workflows run for the project.

Prerequisites