Skip to main content
Skip table of contents

Securing the Software Supply Chain with Chainloop

Chainloop is an open-source evidence store for software supply chain attestations, Software Bill of Materials (SBOMs), vulnerability reports (VEX), SARIF, CSAF files, QA reports, and more. By using Chainloop, you can ensure that all submitted metadata is attested, digitally signed, evaluated, routed, and securely stored.

By integrating Chainloop with EJBCA and SignServer, you get an end-to-end solution that will create in-toto attestations signed with SignServer and EJBCA, stored in an OCI registry. Two integrations are offered:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close