chainloop.dev Open in urlscan Pro
63.35.51.142  Public Scan

Form analysis
1 forms found in the DOM

Name: email-form — POST https://dev.us21.list-manage.com/subscribe/post?u=801f42b3abafc40b1a17c5f25&id=dee0113f8e&f_id=00ffc6e1f0

<form id="email-form" name="email-form" data-name="Email Form" action="https://dev.us21.list-manage.com/subscribe/post?u=801f42b3abafc40b1a17c5f25&amp;id=dee0113f8e&amp;f_id=00ffc6e1f0" method="post" class="form-row space-bottom"
  data-wf-page-id="646aabee552ae1f2c7a62fa7" data-wf-element-id="d0127c9e-ad6f-c144-cb5a-c542f3b8457a" aria-label="Email Form"><input class="form-input form-input-large no-border w-input" maxlength="256" name="Email" data-name="Email"
    placeholder="Email Address" type="email" id="email" required=""><input type="submit" data-wait="Please wait..." class="button button-large form-row-button w-button" value="Subscribe"></form>

Text Content

BlogDocsOpen SourceAbout Us
Get Started




SOFTWARE SUPPLY CHAIN ATTESTATIONS

... that both Developers and SecOps love
Request Demo
Documentation


A CONTROL PLANE FOR YOUR SOFTWARE SUPPLY CHAIN

Chainloop is an open source software supply chain control plane, a single source
of truth for artifacts plus a declarative attestation process.



With Chainloop, SecOps teams can declaratively state the attestation and
artifacts expectations for their organization’s CI/CD workflows, while also
resting assured that latest standards and best practices are put in place.

Developer teams, on the other hand, do not need to become security experts, the
attestation crafting tool will guide them with guardrails and a familiar
developer experience.



Chainloop single integration point enables operators to be able to set up
third-party integrations such as Dependency-Track for SBOM analysis or an OCI
registry for storage of the received artifacts and attestation metadata.



You can think of Chainloop as an API for your organization’s Software Supply
Chain that both development and SecOps teams can use to interact effectively.

That way SecOps teams now have control over their organization’s Software Supply
Chain security compliance, observability and standardization implementation
efforts.


See Chainloop in action in this video




FEATURES

OPEN SOURCE


Chainloop is an Open Source project. Contribute, customize and run it on your
own infrastructure!

SECURITY COMPLIANCE


Reach Supply chain Levels for Software Artifacts (SLSA) provenance level 3 by
leveraging your own OCI artifact storage, the sigstore suite and in-toto
attestation format.

CONTRACT BASED ATTESTATION


The SecOps team can define the attestation requirements associated with the
Workflows in their organization. New/Updated requirements can be easily
propagated and enforced.

CI PROVIDER AGNOSTIC


Standardize your attestation, and artifact needs via a single source of truth
and integration point. Embrace CI/CD fragmentation!

THIRD-PARTY INTEGRATION FAN-OUT


The ingested artifacts and attestation metadata can be forwarded to different
third-party integrations such as Dependency-Track for Software Bill Of Materials
(SBOM) analysis or an OCI registry for storage.

DEAD SIMPLE CRAFTING PROCESS


The crafting CLI offers developers a Jargon-free process to meet their
compliance demands via a familiar developer experience, no security expertise or
additional training required!

FIRST CLASS DAY-2 OPERATIONS


Propagate, enforce new attestation requirements and prevent configuration drift

TRANSPARENT BEST-PRACTICES ENFORCEMENT


Handle different kinds of materials accordingly to meet industry best practices.
e.g artifacts types will be uploaded to your artifact registry, while container
images types will get resolved to get their content digest.

AUDITABILITY


Have centralized and tamper-resistant access to attestation/provenance metadata,
logs, and build artifacts from all your organization.

OBSERVABILITY


Have visibility on the organizational ownership, health, and readiness of your
automation.


FREQUENTLY ASKED QUESTIONS.

If you have any further questions, Get in touch!

IS CHAINLOOP OPEN SOURCE?

Yes, Chainloop source code has been Open Sourced and can be found here! 🎉

CAN I RUN MY OWN INSTANCE OF CHAINLOOP END TO END?

Yes, please refer to this guide.

I AM USING NEITHER GITHUB ACTIONS NOR GITLAB, CAN I STILL USE CHAINLOOP?

Yes, Chainloop is runner agnostic, which means that you can run the attestation
anywhere, including your laptop! That said, there are benefits for using one of
our supported runner types. We plan on supporting more CI vendors so your is not
supported yet, please contact us with your preference and we will get back to
you.




GET GREAT CONTENT UPDATES FROM OUR TEAM TO YOUR INBOX.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Join our subscribers. GDPR and CCPA compliant.


FEATURED BLOG POSTS

Engineering
November 8, 2023


SOFTWARE BILL OF MATERIALS THAT YOU CAN TRUST


News
October 18, 2023


CLOUD NATIVE SUPPORT FOR AZURE


Engineering
September 6, 2023


ANNOUNCING FEDERATED CONTENT ADDRESSABLE STORAGE


Engineering
July 4, 2023


INTRODUCING GUAC INTEGRATION


People
May 10, 2023


WHY I JOINED CHAINLOOP - DANIEL LISZKA



PRODUCTS


Chainloop Open SourceChainloop Services

RESOURCES


DocumentationBlogDiscordPrivacy

ABOUT


TeamCareersContact UsRequest a Demo

SOCIAL


TwitterLinkedInGithubYouTube
© Chainloop, Inc. All Rights Reserved.
By using this website, you agree to the storing of cookies on your device to
enhance site navigation, analyze site usage, and assist in our marketing
efforts. View our Privacy Policy for more information.
OK