Chainloop Changelog, August 2024

TL;DR: In August, we rolled out new features designed to help you automate compliance and security, making it easier for your teams to adopt Policy as Code. We have introduced the Policies Library and new Compliance Dashboards to simplify your compliance process and get visibility across different products, teams, and software delivery stages. We are also excited to announce that the open-source Chainloop Evidence Store is now available in the Bitnami Catalog!

Chainloop Open Source - Evidence Store

Let's start with updates for our open-source project, Chainloop Evidence Store.

Policy-as-Code with Chainloop Just Got Better

Policy-as-code is a powerful approach that helps organizations manage their policies effectively across various domains, including infrastructure, development tools, and security. As noted in a recent CNCF article, "by leveraging Policy-as-Code, organizations can reason holistically about their quality, compliance, and regulatory objectives and visualize conformance across their systems." In short, Policy-as-Code helps accelerate software delivery and shortens time-to-market.

Chainloop is the perfect place for implementing Policy-as-Code. With Chainloop, you can already integrate all your software delivery pipelines into a single control plane and store all your artifacts, metadata, and software supply chain evidence in the Chainloop Evidence Store. Now, we've made it possible for you to create an inventory of all your policies and controls in one place, applying them across all your CI/CD workflows and stored metadata.

Policy Management

We keep improving our policy support. Last month, we introduced policies built on the Open Policy Agent framework and Rego language. This month, we've made several key updates to help you write more complex rules and add support for policy arguments.

  • Improved Policy Capabilities: Policies now support more complex rules and arguments, with significantly enhanced validation error messages.
  • New Policy Provider Framework: We've introduced a framework to streamline the management and integration of different policy providers. Check it out here.
  • Enhanced Contracts: Contracts now maintain their format and comments more effectively, with better validation error handling. Read more about it here.

Bitnami Catalog Addition

We're excited to share that Chainloop Open Source is now part of the Bitnami Catalog. Bitnami holds special significance for our team, and having Chainloop included is a proud moment. With Chainloop now listed, deployment has become even easier. The Bitnami Helm Chart for Chainloop Open Source is available, along with continuously updated container images on Docker Hub, Tanzu Application Catalog, AWS Marketplace, and more.

Even better, Chainloop is now automatically and continuously validated across different platforms and Kubernetes versions, including FIPS and Airgap testing, all provided by the Bitnami team. You can learn more about the Bitnami and Tanzu Application Catalog verification matrix in this article.

Chainloop Platform

Now, let's move on to the features added to the Chainloop Platform, which builds on top of the open-source Chainloop Evidence Store. Currently in private early access, the platform is available both as a SaaS offering and for on-prem deployment.

Simplified Compliance and Security

In today's rapidly evolving software landscape, staying compliant with security and regulatory standards can be daunting. We've focused on making this easier by adding features that simplify and automate compliance management.

  • Automated Compliance: One of our most significant additions this month is the library of built-in policies. Together with a new compliance dashboard, it centralizes your compliance tracking efforts, offering a comprehensive view of your organization's adherence to security and compliance standards. Whether you're managing a small team or an enterprise-scale operation, this feature ensures that nothing slips through the cracks. By automating much of the compliance process, you can reduce the manual workload, minimize human error, and focus on what matters most—delivering high-quality, secure software fast.
  • Expanded Policy-as-Code: Chainloop better supports creating and managing policies for various parts of your technology setup. This makes it easier to ensure that your systems are secure and compliant.
  • New Contracts Editor: We've introduced a new Contracts Editor. This mighty, intuitive, and user-friendly tool simplifies the creation, updates, and management of contracts and policies within Chainloop.

On the way to General Availability

As we move closer to the general availability of the Chainloop Platform, we're making significant improvements in performance, reliability, and trustworthiness.

  • Improved Performance and Reliability: Our engineering team has worked hard optimizing the platform's performance over the past month. We've made several infrastructure improvements to make Chainloop faster and more reliable.
  • Trust Our Chainloop Platform: Security and compliance are top priorities for us. We're in the final stages of our SOC2 Type 2 audit and expect to complete it by September 2024. This certification will demonstrate our commitment to high security and data protection standards. You can track our progress and see updates on our certification at trust.chainloop.dev. As we grow, we'll also be adding more certifications to keep Chainloop a reliable and secure platform

Wrapping Up

That's all for August! We're excited about these updates and hope they make your experience with Chainloop even better. Book a demo with us to see the new features in action. If you like what we're doing, consider joining our community on Slack and giving Chainloop Open Source a star on GitHub.