# Chainloop Documentation > Chainloop secures your software supply chain by automating compliance, ensuring traceability, and enhancing collaboration across Dev, Sec, and Ops. With real-time visibility, a centralized evidence store, and a curated policy library, it accelerates delivery and helps teams ship secure, compliant software faster. ## Docs - [Evaluate evidence with AI](https://docs.chainloop.dev/api-reference/agentsservice/evaluate-evidence-with-ai.md): Starts an AI-powered analysis of evidence identified by digest or provided as raw content. Returns an operation ID for polling the result. - [Describe an artifact](https://docs.chainloop.dev/api-reference/artifactservice/describe-an-artifact.md): Get detailed information about an artifact by ID, including a paginated list of linked evidence. - [List artifacts](https://docs.chainloop.dev/api-reference/artifactservice/list-artifacts.md): List artifacts stored in the organization, optionally filtered by project, product, kind, or search term. - [Approve an assessment revision](https://docs.chainloop.dev/api-reference/assessmentservice/approve-an-assessment-revision.md): Promote a pending assessment revision to APPROVED. The parent assessment's effective state is refreshed from this revision. - [Create an assessment](https://docs.chainloop.dev/api-reference/assessmentservice/create-an-assessment.md): Create a new security assessment. - [Delete an assessment](https://docs.chainloop.dev/api-reference/assessmentservice/delete-an-assessment.md): Delete an assessment. - [Get an assessment](https://docs.chainloop.dev/api-reference/assessmentservice/get-an-assessment.md): Get detailed information about a specific assessment. - [Get assessment summary](https://docs.chainloop.dev/api-reference/assessmentservice/get-assessment-summary.md): Returns aggregate counts of assessments grouped by status, scoped to a project and optionally a project version. - [List assessment revisions](https://docs.chainloop.dev/api-reference/assessmentservice/list-assessment-revisions.md): List every revision recorded for a single assessment, newest first. - [List assessments](https://docs.chainloop.dev/api-reference/assessmentservice/list-assessments.md): List assessments with optional filters. - [Reject an assessment revision](https://docs.chainloop.dev/api-reference/assessmentservice/reject-an-assessment-revision.md): Reject a pending assessment revision. The parent assessment is not modified. - [Trigger auto-assessment](https://docs.chainloop.dev/api-reference/assessmentservice/trigger-auto-assessment.md): Dispatch an AI-powered auto-assessment for a vulnerability finding. - [Update an assessment](https://docs.chainloop.dev/api-reference/assessmentservice/update-an-assessment.md): Update an existing assessment. - [Get async operation status](https://docs.chainloop.dev/api-reference/asyncoperationsservice/get-async-operation-status.md): Retrieves the current status and result of an asynchronous operation. - [List async operations](https://docs.chainloop.dev/api-reference/asyncoperationsservice/list-async-operations.md): Lists asynchronous operations with optional filters for resource association and status. - [Creates and attestation from a piece of content](https://docs.chainloop.dev/api-reference/attestationsservice/creates-and-attestation-from-a-piece-of-content.md): This endpoint is used to create an attestation for a piece of content, such as a file or a blob. The provided content is stored in the configured storage backend - [Get product-level compliance aggregation](https://docs.chainloop.dev/api-reference/complianceservice/get-product-level-compliance-aggregation.md): Retrieves aggregated compliance data for a product version across all its project versions. Includes per-project evaluation details and overall status using 'worst case wins' logic, filtering out not-applicable requirements. - [Get project-level compliance evaluation](https://docs.chainloop.dev/api-reference/complianceservice/get-project-level-compliance-evaluation.md): Retrieves compliance evaluation summary for specific frameworks and project version. Returns per-requirement evaluation details including status, policy evaluations, manual evidence, and overrides. - [Describe a component](https://docs.chainloop.dev/api-reference/componentservice/describe-a-component.md): Returns detailed information about a component and all projects/versions where it appears - [List software components](https://docs.chainloop.dev/api-reference/componentservice/list-software-components.md): List the software components (SBOM) registered in your organization, optionally filtered by project version or product version. - [Summarize components](https://docs.chainloop.dev/api-reference/componentservice/summarize-components.md): Return aggregate component counts (total / vulnerable / fixable / exploitable) for a project version. - [Download Artifacts from CAS](https://docs.chainloop.dev/api-reference/downloadservice/download-artifacts-from-cas.md): Downloads artifacts stored in the Chainloop Content Addressable Storage (CAS). - [Create an environment](https://docs.chainloop.dev/api-reference/environmentsservice/create-an-environment.md): Creates a new environment with a name, type, and optional description. - [Delete an environment](https://docs.chainloop.dev/api-reference/environmentsservice/delete-an-environment.md): Soft-deletes an environment by its ID. The environment will no longer be accessible. - [Describe an environment](https://docs.chainloop.dev/api-reference/environmentsservice/describe-an-environment.md): Retrieves detailed information about an environment by its ID. - [List deployment names](https://docs.chainloop.dev/api-reference/environmentsservice/list-deployment-names.md): Returns distinct deployment names with optional filtering by environment, logical environment, and search query. - [List deployment records](https://docs.chainloop.dev/api-reference/environmentsservice/list-deployment-records.md): Retrieves a paginated list of deployment records with optional filtering by environment, project, version, status, artifact kind, and deployment name. - [List environments](https://docs.chainloop.dev/api-reference/environmentsservice/list-environments.md): Retrieves a paginated list of environments with optional filtering by name or description. - [Record a deployment](https://docs.chainloop.dev/api-reference/environmentsservice/record-a-deployment.md): Creates or updates a deployment record linking an artifact to an environment. If a record for the same environment and deployment name already exists, it will be updated. - [Update an environment](https://docs.chainloop.dev/api-reference/environmentsservice/update-an-environment.md): Updates an existing environment by ID. Supports updating name, description, and type. - [Describe a piece of evidence](https://docs.chainloop.dev/api-reference/evidenceservice/describe-a-piece-of-evidence.md): Get detailed information about a specific piece of evidence by its unique identifier. - [List pieces of evidence](https://docs.chainloop.dev/api-reference/evidenceservice/list-pieces-of-evidence.md): List the pieces of evidence registered in your organization, these include SBOMs, vulnerability reports, attestations or more, optionally filtered by project name and project version. - [Describe a finding](https://docs.chainloop.dev/api-reference/findingservice/describe-a-finding.md): Get detailed information about a specific security finding. - [List findings](https://docs.chainloop.dev/api-reference/findingservice/list-findings.md): List security findings (vulnerabilities, license violations, etc.) for the current organization, with optional filters. - [Summarize findings](https://docs.chainloop.dev/api-reference/findingservice/summarize-findings.md): Return aggregate finding counts (totals, assessment breakdown, unassessed severity × fixable matrix, suggested-action scalars) for the current organization, with optional filters. - [Trigger auto-remediation](https://docs.chainloop.dev/api-reference/findingservice/trigger-auto-remediation.md): Dispatch an AI-powered auto-remediation for a vulnerability finding, creating a PR with the fix. - [Create a logical environment](https://docs.chainloop.dev/api-reference/logicalenvironmentsservice/create-a-logical-environment.md): Creates a new logical environment with a name and optional description. - [Delete a logical environment](https://docs.chainloop.dev/api-reference/logicalenvironmentsservice/delete-a-logical-environment.md): Soft-deletes a logical environment by its ID. The logical environment will no longer be accessible. - [Describe a logical environment](https://docs.chainloop.dev/api-reference/logicalenvironmentsservice/describe-a-logical-environment.md): Retrieves detailed information about a logical environment by its ID. - [List logical environments](https://docs.chainloop.dev/api-reference/logicalenvironmentsservice/list-logical-environments.md): Retrieves a paginated list of logical environments with optional filtering by name and description. - [Update a logical environment](https://docs.chainloop.dev/api-reference/logicalenvironmentsservice/update-a-logical-environment.md): Updates an existing logical environment's name and/or description by ID. - [Overview](https://docs.chainloop.dev/api-reference/overview.md) - [Create a new policy](https://docs.chainloop.dev/api-reference/policyservice/create-a-new-policy.md): Creates a new policy with the provided definition. The policy will be registered for the organization of the authenticated user. - [Get a policy by name](https://docs.chainloop.dev/api-reference/policyservice/get-a-policy-by-name.md): Retrieves a policy by its name, optionally specifying a particular version by digest. If no digest is provided, the latest version is returned. - [Get a policy group by name](https://docs.chainloop.dev/api-reference/policyservice/get-a-policy-group-by-name.md): Retrieves a policy group by its name, optionally specifying a particular version by digest. If no digest is provided, the latest version is returned. - [Remove a policy from the list](https://docs.chainloop.dev/api-reference/policyservice/remove-a-policy-from-the-list.md): Removes a policy from the listing. The policy will no longer be visible or accessible, but may still exist in the system. - [Update an existing policy](https://docs.chainloop.dev/api-reference/policyservice/update-an-existing-policy.md): Updates an existing policy with a new definition. This creates a new version of the policy. - [Validate a policy attachment](https://docs.chainloop.dev/api-reference/policyservice/validate-a-policy-attachment.md): Validates a policy attachment by checking its arguments and requirements against the policy definition. - [List products](https://docs.chainloop.dev/api-reference/productsservice/list-products.md): Retrieves a paginated list of products with optional filtering by name, description, business unit, and project association. Only returns products the user has access to. - [List projects](https://docs.chainloop.dev/api-reference/projectsservice/list-projects.md): Retrieves a paginated list of projects with optional filtering by name and description. Only returns projects the user has access to based on RBAC permissions. - [Discover private referrer](https://docs.chainloop.dev/api-reference/referrerservice/discover-private-referrer.md): Returns the referrer item for a given digest in the organizations of the logged-in user - [Discover public shared referrer](https://docs.chainloop.dev/api-reference/referrerservice/discover-public-shared-referrer.md): Returns the referrer item for a given digest in the public shared index - [Get current user information](https://docs.chainloop.dev/api-reference/userservice/get-current-user-information.md): Returns information about the currently authenticated user, including personal details and organization memberships. - [Changelog](https://docs.chainloop.dev/changelog.md): Keep up with the latest releases, improvements, and fixes. - [Command Line Reference (EE)](https://docs.chainloop.dev/command-line-reference/cli-ee-reference.md) - [CLI Installation](https://docs.chainloop.dev/command-line-reference/cli-installation.md) - [CLI Telemetry](https://docs.chainloop.dev/command-line-reference/cli-telemetry.md) - [Ask Chainloop](https://docs.chainloop.dev/concepts/ask-chainloop.md): A built-in natural language interface for querying your software supply chain data directly from the Chainloop dashboard. - [Attestations](https://docs.chainloop.dev/concepts/attestations.md) - [Business Units](https://docs.chainloop.dev/concepts/business-units.md) - [Content Addressable Storage (CAS) backend](https://docs.chainloop.dev/concepts/cas-backend.md) - [Compliance Frameworks and Requirements](https://docs.chainloop.dev/concepts/compliance-frameworks.md) - [Contracts](https://docs.chainloop.dev/concepts/contracts.md) - [Control and Quality Gates](https://docs.chainloop.dev/concepts/control-gates.md): Use control gates to enforce policies and security checks in your software supply chain. - [Artifact Deployment Tracking](https://docs.chainloop.dev/concepts/deployments.md): Track where your artifacts are running across your environments. - [Environments and Logical Environments](https://docs.chainloop.dev/concepts/environments.md): Define infrastructure targets and lifecycle stages for deployment tracking in Chainloop. - [Integrations](https://docs.chainloop.dev/concepts/integrations.md) - [Material Types](https://docs.chainloop.dev/concepts/material-types.md) - [Notifications](https://docs.chainloop.dev/concepts/notifications.md) - [Overview](https://docs.chainloop.dev/concepts/overview.md): Get an overview of the core concepts of Chainloop. - [Policies](https://docs.chainloop.dev/concepts/policies.md): Implement control gates and security checks in your attestations. - [Policy Groups](https://docs.chainloop.dev/concepts/policy-groups.md): Group policies together to simplify their management. - [Products](https://docs.chainloop.dev/concepts/products.md) - [Projects and Versions](https://docs.chainloop.dev/concepts/projects-versions.md) - [Workflows](https://docs.chainloop.dev/concepts/workflows.md) - [Product and Project Compliance](https://docs.chainloop.dev/get-started/add-frameworks.md) - [Set Metadata expectations](https://docs.chainloop.dev/get-started/adding-contract.md) - [Set Policies expectations](https://docs.chainloop.dev/get-started/adding-policies.md) - [Your First Attestation](https://docs.chainloop.dev/get-started/first-attestation.md) - [Next Steps](https://docs.chainloop.dev/get-started/next-steps.md) - [Overview](https://docs.chainloop.dev/get-started/overview.md) - [Setup](https://docs.chainloop.dev/get-started/setup.md) - [How to collect AI agent configuration](https://docs.chainloop.dev/guides/ai-config-collector.md): Automatically gather agentic development configuration files as attestation evidence - [How to use the Chainloop MCP server](https://docs.chainloop.dev/guides/chainloop-mcp.md): How to configure Chainloop MCP in your AI clients and agents - [How to trace AI coding sessions](https://docs.chainloop.dev/guides/chainloop-trace.md): Automatically capture and attest AI-assisted development sessions with Chainloop trace - [EU Cyber Resilience Act (CRA)](https://docs.chainloop.dev/guides/cra.md) - [How to write custom policies](https://docs.chainloop.dev/guides/custom-policies.md) - [Use Dagger With Chainloop](https://docs.chainloop.dev/guides/dagger-integration.md) - [Declarative Resource Management](https://docs.chainloop.dev/guides/declarative-resource-management.md): Manage compliance resources as code using YAML definitions and the Chainloop CLI. - [Send SBOMs to Dependency-Track](https://docs.chainloop.dev/guides/dependency-track.md) - [Enterprise edition](https://docs.chainloop.dev/guides/deployment/chainloop-ee.md): How to deploy and configure the Chainloop Enterprise in Kubernetes - [Use Azure KeyVault as secrets backend](https://docs.chainloop.dev/guides/deployment/guides/azure-keyvault.md) - [Use Keyfactor EJBCA to generate ephemeral signing certificates](https://docs.chainloop.dev/guides/deployment/guides/ejbca.md) - [Use Ory Hydra as OIDC (OpenID Connect) provider](https://docs.chainloop.dev/guides/deployment/guides/hydra-oauth2.md) - [Migrating to chainloop-ee chart](https://docs.chainloop.dev/guides/deployment/guides/migration-guide.md): How to migrate from OSS+Platform to unified EE chart - [Use Active Directory as Single Sign-On provider](https://docs.chainloop.dev/guides/deployment/guides/oidc-ad.md) - [Organization provisioning with API tokens](https://docs.chainloop.dev/guides/deployment/guides/org-provisioning.md) - [Automatic provisioning of user roles and groups](https://docs.chainloop.dev/guides/deployment/guides/provisioning.md) - [Restrict organization creation to specific users](https://docs.chainloop.dev/guides/deployment/guides/restrict-org-creation.md) - [Configure your Identity Provider for SAML SSO](https://docs.chainloop.dev/guides/deployment/guides/saml-idp.md): How to configure your Identity Provider (IdP) to use SAML Single Sign-On with Chainloop Cloud - [Open Source Evidence Store](https://docs.chainloop.dev/guides/deployment/oss.md) - [Evaluate Chainloop Platform](https://docs.chainloop.dev/guides/evaluate-platform.md): Different ways to evaluate the Chainloop Platform - SaaS, Kubernetes, or Docker Compose - [Keyless Attestations in GitHub](https://docs.chainloop.dev/guides/github-keyless.md): How to configure Chainloop attestations from GitHub Actions without using Chainloop API tokens. - [Keyless Attestations in GitLab](https://docs.chainloop.dev/guides/gitlab-keyless.md): How to configure Chainloop to perform attestation from GitLab without the need to provide Chainloop API tokens. - [How to run LLM-driven policies](https://docs.chainloop.dev/guides/llm-policies.md): Use AI-powered prompts to evaluate evidence and attestations in your supply chain - [Using PR Policies as Control Gates](https://docs.chainloop.dev/guides/pr-policies-control-gate.md): Enforce pull request quality standards with Chainloop control gates in GitHub Actions and GitLab CI - [How to monitor your CI/CD systems with Chainloop and Prometheus](https://docs.chainloop.dev/guides/prometheus.md) - [Use Keyfactor SignServer for attestation signing](https://docs.chainloop.dev/guides/signserver.md) - [SLSA Levels](https://docs.chainloop.dev/guides/slsa.md): How Chainloop enables SLSA compliance through automated provenance generation, source track validation, and policy enforcement for both build and source code security. - [SSDF](https://docs.chainloop.dev/guides/ssdf.md) - [WASM Policy Examples & Patterns](https://docs.chainloop.dev/guides/wasm-policies/examples.md): Common patterns and complete examples for writing WASM policies - [Go SDK for WASM Policies](https://docs.chainloop.dev/guides/wasm-policies/go-sdk.md): Complete guide to writing Chainloop policies in Go with TinyGo - [JavaScript SDK for WASM Policies](https://docs.chainloop.dev/guides/wasm-policies/javascript-sdk.md): Complete guide to writing Chainloop policies in JavaScript/TypeScript - [Writing WASM Policies](https://docs.chainloop.dev/guides/wasm-policies/overview.md): Learn how to write custom validation policies using WebAssembly with Go or JavaScript - [Frequently Asked Questions](https://docs.chainloop.dev/misc/faq.md) - [Quickstart](https://docs.chainloop.dev/quickstart.md) - [AI Session Score](https://docs.chainloop.dev/reference/ai-score.md): Per-PR confidence signal for AI-assisted code changes — scoring criteria, how to read results, and how to improve scores - [API](https://docs.chainloop.dev/reference/api.md) - [Authentication Methods](https://docs.chainloop.dev/reference/api-tokens.md) - [Audit Logs](https://docs.chainloop.dev/reference/audit-logs.md) - [SCM Protection Policies](https://docs.chainloop.dev/reference/branch-protection-policies.md) - [Builtin functions for Rego policies](https://docs.chainloop.dev/reference/builtin-functions.md) - [EU Cyber Resilience Act (CRA)](https://docs.chainloop.dev/reference/cyber-resilience-act.md) - [LLM Support](https://docs.chainloop.dev/reference/llm-support.md): Supported AI providers for LLM-driven policy evaluation - [Model Context Protocol (MCP) Server](https://docs.chainloop.dev/reference/mcp-server.md) - [Policies](https://docs.chainloop.dev/reference/policies.md): Reference documentation for all available policies and policy groups - [Role Based Access Control](https://docs.chainloop.dev/reference/rbac.md) - [CI/CD Runner Context](https://docs.chainloop.dev/reference/runner-context.md): Gathering runner context in your CI/CD pipeline. - [Signing and Verification](https://docs.chainloop.dev/reference/signing.md) - [SLSA Framework](https://docs.chainloop.dev/reference/slsa-provenance.md): What is SLSA provenance and how Chainloop helps you verify your SLSA compliance. - [SSDF](https://docs.chainloop.dev/reference/ssdf.md) - [Welcome to Chainloop](https://docs.chainloop.dev/welcome.md): Chainloop provides a centralized platform for artifact management, real-time visibility, and automated compliance for your Software Delivery Process. ## OpenAPI Specs - [openapi](https://docs.chainloop.dev/api-reference/openapi.json) ## Optional - [Website](https://chainloop.dev/) - [Blog](https://chainloop.dev/blog) - [Get Help](https://help.chainloop.dev)