Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
-
Updated
Dec 20, 2024 - Go
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
A BOM repository server for distributing CycloneDX BOMs
A standard API specification for exchanging supply chain artifacts and intelligence
A GitHub Action that creates a SBOM from your application so you can meet compliance and security requirements. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements, and has the SBOM to show it!
Find & pull public SBOMs
Dockerfile and scripts to build a container image that facilitates generating and uploading Software Bill of Materials (SBOM) to sbom.sh utilizing various open-source SBOM tools such as Trivy, Grype, and Syft.
SBOMinify is a GitHub Action to capture and list installed packages and their versions in a Docker image, generating Software Bill of Materials (SBOM) files. This action leverages some special technics to scan Docker images and output SBOM files in both table and JSON formats.
Add a description, image, and links to the sbom-distribution topic page so that developers can more easily learn about it.
To associate your repository with the sbom-distribution topic, visit your repo's landing page and select "manage topics."