Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.

Example project using SLSA 3 Generic Generator with GoReleaser

A Jenkins plugin to create SLSA provenance attestations

Generates SBOMs remotely in a verifiable manner (SLSA Build L3)

Create SLSA Provenance from nix flake

Jenkins Shared Library

SLSA generate and verify provenance demo

Ensignia Provenance Upload Action