Chainloop is an Open Source Metadata Vault for your Software Supply Chain metadata, SBOMs, VEX, SARIF files, QA reports, and more.

With Chainloop, operators can decide what pieces of evidence they want to receive, where to put them, and what to do with them. On the other hand, developers just need to follow a guided attestation process. Defining a clear separation of concerns that scales with your organization's compliance and security needs.

Go to https://docs.chainloop.dev/ to learn more and get started.