TL;DR: Today, Chainloop introduces a Plugin Framework tech preview, making adding new integrations to Chainloop and extending its functionality easy. With new Chainloop plugins for Discord, OCI Registry, and SMTP, you can enable real-time notifications or store attestations securely in different repositories.
Chainloop is a single integration point for collecting and routing Software Supply Chain (SSC) metadata. Operators can enable third-party integrations while developers don't have to learn, test, or use a new API every time.
Security and Compliance is a rapidly evolving space, and deciding what vendor to use today for metadata generation, transport, analysis, and policy enforcement is daunting. Enterprises are urged to add and make sense of different metadata coming from SSC. We are building a future-proof compliance platform that grows with the industry and enables you to transform your SSC iteratively and continuously.
Our vision is to offer a pluggable metadata conduit that plugs into their existing CI/CD systems, providing flexibility in routing metadata to their vendor of choice.
A Follow-up On Our First Integration
We recently added our first Chainloop integration for Dependency Track. Please refer to our blog post and documentation. You gave us good feedback, and the Dependency Track video was among the most popular. Developers love that you connect with Chainloop once to start sending CycloneDX SBOM as specified in the contract, and then you can forget about the Dependency Track instance's existence.
In the traditional approach, developers would have to write code on their CI workflows to communicate directly with the Dependency Track API, manage API tokens, and ensure the instance is reachable from their CI runners. With Chainloop, these tasks and steps are no longer necessary.
There are a few notable benefits to integrating through Chainloop worth highlighting here:
-First, Chainloop eliminates the need to share credentials between the integration service (like Dependency Track) owner team and many Developer teams.
- The integration service can now be behind the firewall/VPN and only accessible through the Chainloop's Control Plane.
- The integration service endpoint may get updated, and there is no need to change anything on the Developer side.
- It is effortless to add/remove/mix and match new integrations and update their versions without any update on the left side.
We want to enable our users to get the same benefits for other integrations, like notifications, compliance checks, policy enforcement, or storage. That is why we started working on Plugin Framework.
New Plugin Framework
Today, we are thrilled to announce a Tech Preview of Chainloop's Plugin Framework. Although it is still an early version, we have already made it incredibly easy for anyone to add more integrations to Chainloop. With our framework, developers, and organizations can quickly build new Chainloop plugins and seamlessly connect Chainloop with additional services and platforms, opening up a world of possibilities for automation, collaboration, and security.
New Integrations
We are also delighted to introduce three new integrations for Chainloop: Discord, OCI Registry, and SMTP.
Discord Integration
By connecting Chainloop with Discord, teams can receive real-time notifications and updates on new attestations sent to Chainloop. This integration promotes collaboration, allowing development and SecOps teams to stay connected. Please refer to our README for more information.
OCI Registry Integration
With Chainloop's new OCI Registry integration, you can store your attestations securely and reliably in multiple OCI registries. For compliance reasons, you may want to route attestations from different workflows to separate OCI registries. Please refer to our README for more information.
SMTP Integration
Chainloop's SMTP plugin enables easy integration with email services, ensuring attestation notifications are sent to the relevant stakeholders. Please refer to our README for more information.
Conclusion
With the introduction of Plugin Framework and new integrations for Discord, OCI Registries, and SMTP, we empower developers to extend Chainloop's functionality and seamlessly integrate with various services.
Stay tuned for future updates as we expand Plugin Framework and introduce more integrations to elevate your software supply chain experience with Chainloop. Please reach out, your feedback is more than welcome.
How to get started?
Please refer to our documentation: