Chainloop is the open source metadata platform for the Secure Software Supply Chain. It helps SecOps teams collect, store, and distribute pieces of evidence while meeting the latest security and compliance requirements.
When it comes to software supply chain security, every piece of evidence is crucial. Chainloop's Content Addressable Storage (CAS) ensures that data such as Software Bill Of Materials (SBOMs), test results, Vulnerability Exploitability eXchange (VEX), SARIF, attestations, runner logs, and so on, are safely stored and easily retrievable.
Chainloop's promise is to meet our users where they are and stick with their preferred storage options, whether they're already part of their IT infrastructure or chosen for specific rules they need to follow.
A common theme among our enterprise users is the need for storage backends they know how to operate, ones that have been battle-tested and are cost-effective. In this category, a recurrent request has been the use of Azure Blob Storage, and today we are thrilled to announce support for Azure Blob Storage as CAS backend.
Below you can see a screenshot of how this metadata will look in Azure. The magic trick is that once you set it up, nothing changes for you as a user. You can go business as usual, uploading and referencing stored assets through their checksum. Chainloop will take care of the Azure-Specific nifty details (storage, metadata, tampering checks) and Chainloop CAS federation will do the rest :)
To learn more on how to set up your Azure Storage Account, take a look at our documentation.