chainloop-dev/chainloop

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/chainloop-dev/chainloop)

chainloop-dev / chainloop

SDLC evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more

☆526

Alternatives and similar repositories for chainloop

Users that are interested in chainloop are comparing it to the libraries listed below

Sorting:

in-toto / witness
View on GitHub
Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…
☆517Updated this week
guacsec / guac
View on GitHub
GUAC aggregates software security metadata into a high fidelity graph database.
☆1,450Updated this week
snyk / parlay
View on GitHub
Enrich SBOMs with data from third party services
☆219Feb 11, 2026Updated 2 weeks ago
SBOMit / specification
View on GitHub
☆76Dec 10, 2025Updated 2 months ago
sigstore / gitsign
View on GitHub
Keyless Git signing using Sigstore
☆1,063Updated this week
openvex / spec
View on GitHub
OpenVEX Specification
☆168Jan 16, 2026Updated last month
in-toto / archivista
View on GitHub
Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…
☆108Updated this week
protobom / protobom
View on GitHub
A universal SBOM representation in protocol buffers
☆316Feb 18, 2026Updated last week
openvex / vexctl
View on GitHub
A tool to create, transform and attest VEX metadata
☆176Updated this week
CycloneDX / transparency-exchange-api
View on GitHub
A standard API specification for exchanging supply chain artifacts and intelligence
☆99Feb 20, 2026Updated last week
deislabs / image-layer-provenance
View on GitHub
Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.
☆45Oct 30, 2023Updated 2 years ago
vmware-labs / distribution-tooling-for-helm
View on GitHub
Helm Distribution plugin is is a set of utilities and Helm Plugin for making offline work with Helm Charts easier. It is meant to be used…
☆100Feb 18, 2026Updated last week
kusaridev / spector
View on GitHub
Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks
☆33Apr 22, 2025Updated 10 months ago
gittuf / gittuf
View on GitHub
A security layer for Git repositories
☆578Updated this week
notaryproject / ratify
View on GitHub
Artifact Ratification Framework (CNCF Sandbox)
☆284Feb 19, 2026Updated last week
in-toto / in-toto-golang
View on GitHub
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.
☆145Feb 13, 2026Updated 2 weeks ago
eBay / sbom-scorecard
View on GitHub
Generate a score for your sbom to understand if it will actually be useful.
☆238Aug 13, 2024Updated last year
chainguard-dev / bomshell
View on GitHub
An SBOM query language and associated utilities
☆55Jan 22, 2024Updated 2 years ago
DataDog / supply-chain-firewall
View on GitHub
Supply-Chain Firewall (SCFW) is a tool for preventing the installation of malicious npm and PyPI packages
☆215Updated this week
sigstore / rekor
View on GitHub
Software Supply Chain Transparency Log
☆1,088Updated this week
in-toto / attestation
View on GitHub
in-toto Attestation Framework
☆326Feb 17, 2026Updated last week
mindersec / minder
View on GitHub
Software Supply Chain Security Platform
☆375Updated this week
chainguard-dev / policy-catalog
View on GitHub
☆20Feb 5, 2026Updated 3 weeks ago
buildsec / frsca
View on GitHub
☆255Feb 16, 2026Updated last week
protobom / sbom-convert
View on GitHub
Example CLI project to demo API architecture and protobom library
☆25Feb 17, 2026Updated last week
slsa-framework / slsa-github-generator
View on GitHub
Language-agnostic SLSA provenance generation for Github Actions
☆546Feb 21, 2026Updated last week
slsa-framework / slsa-verifier
View on GitHub
Verify provenance from SLSA compliant builders
☆310Nov 20, 2025Updated 3 months ago
kubernetes-sigs / bom
View on GitHub
A utility to generate SPDX-compliant Bill of Materials manifests
☆441Updated this week
in-toto / in-toto
View on GitHub
in-toto is a framework to protect supply chain integrity.
☆974Feb 11, 2026Updated 2 weeks ago
project-copacetic / copacetic
View on GitHub
🧵 CLI tool for directly patching container images!
☆1,543Feb 20, 2026Updated last week
zarf-dev / zarf
View on GitHub
The Airgap Native Package Manager for Kubernetes
☆1,810Feb 20, 2026Updated last week
trustification / trustification
View on GitHub
Superseded by https://github.com/guacsec/trustify
☆53Dec 15, 2025Updated 2 months ago
interlynk-io / sbomqs
View on GitHub
sbomqs: The Comprehensive SBOM Quality & Compliance Tool
☆269Updated this week
in-toto / friends
View on GitHub
Friends of in-toto! A place to record integrations and adoptions of the in-toto specification.
☆21Feb 16, 2026Updated last week
bureado / awesome-software-supply-chain-security
View on GitHub
A compilation of resources in the software supply chain security domain, with emphasis on open source
☆348Updated this week
ossf / s2c2f
View on GitHub
The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously…
☆227May 26, 2025Updated 9 months ago
slsa-framework / slsa
View on GitHub
Supply-chain Levels for Software Artifacts
☆1,814Feb 20, 2026Updated last week
chainguard-sandbox / bom-shelter
View on GitHub
A place to systematically store software bill of materials (SBOM) documents.
☆50Jun 1, 2023Updated 2 years ago
openclarity / openclarity
View on GitHub
OpenClarity is an open source platform built to enhance security and observability of cloud native applications and infrastructure
☆1,449Updated this week