Chainloop is an Open Source Metadata Vault for your Software Supply Chain metadata, SBOMs, VEX, SARIF files, QA reports, and more.
With Chainloop, operators can decide what pieces of evidence they want to receive, where to put them, and what to do with them. On the other hand, developers just need to follow a guided attestation process. Defining a clear separation of concerns that scales with your organization's compliance and security needs.
One of Chainloop’s core principles is to meet our users where they are. This means developers can keep using the CI/CD systems and tools that make them productive. This principle gets elevated another notch today.
Introducing the Dagger Module for Chainloop
Dagger is a powerful, programmable open-source CI/CD engine that runs your pipelines in containers. It lets you replace your software project's artisanal scripts with a modern API and cross-language scripting engine. You heard it right. Now developers can write their CI pipelines in the language of their choice, whether that’s Go, Python, or Typescript.
One of their latest additions was the introduction of Dagger functions, which paved the way for today’s announcement. Chainloop Module for Dagger. You can now programmatically collect and enforce pieces of evidence from your Dagger pipeline, both from the Dagger CLI or directly in your code! To learn more, see below an overview demo we did last week with their team.
We are very excited about this integration. I enjoyed how easy and idiomatic instrumenting some of our pipelines felt. It’s definitely the best integration we have with any CI/CD to date.
Dagger is a great fit for Chainloop since it is aligned with our principle of meeting developers where they are, and you can’t get closer to them than in code, with their programming language,and in their local machine 🙂
Please send feedback our way, and if you like what we do, give our GitHub repository a star :)