Skip to main content
Skip table of contents

Secure the Software Supply Chain with Chainloop

About Chainloop

chainloop.png

Chainloop is an open-source evidence store for software supply chain attestations, Software Bill of Materials (SBOMs), vulnerability reports (VEX), SARIF, CSAF files, QA reports, and more. Companies rely on this metadata to make deployment decisions, driven by security goals or regulations. Signing metadata is crucial to safeguard artifact integrity and verifying signer identity.

By using Chainloop, you can ensure that all submitted metadata is attested, digitally signed, evaluated, routed, and securely stored.

Integrating Chainloop with EJBCA and SignServer

By integrating Chainloop with EJBCA and SignServer, you get an end-to-end solution that will create in-toto attestations signed with SignServer and EJBCA, stored in an OCI registry.

Two integrations are offered:

Local Signing of Attestations with Chainloop and EJBCA Ephemeral Certificates
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close