|
1 | | -# ChainLoop Bedrock |
| 1 | +# Chainloop Core |
2 | 2 |
|
3 | | -## Projects |
| 3 | +> This is an early preview of the Chainloop Core project |
| 4 | +> and you should expect breaking changes before the first stable release. |
4 | 5 |
|
5 | | -- `app/controlplane` |
6 | | -- `app/artifact-cas` |
7 | | -- `app/cli` |
| 6 | +## Overview |
8 | 7 |
|
9 | | -See makefiles in those directories for more information |
| 8 | +**Chainloop Core (Chainloop)** is an open source project, a Control Plane for all your CI/CD engines. |
10 | 9 |
|
11 | | -## Development |
| 10 | + |
12 | 11 |
|
13 | | -### Using Docker Compose |
| 12 | +Integration with existing pipelines is easy and requires only a few simple steps, including registration of a contract for the pipeline in the control plane, setup of the provided service account in the CI, and attestation crafting using Chainloop's CLI. |
14 | 13 |
|
15 | | -You can run the core services (controlplane and CAS) and associated dependencies (postgresql) by running |
| 14 | + |
16 | 15 |
|
17 | | -``` |
18 | | -docker compose up |
19 | | -``` |
| 16 | +Chainloop provides: |
20 | 17 |
|
21 | | -Then, the CLI can be run by doing |
| 18 | +- **Compliant Single Source of Truth.** A SLSA level 3 compliant single Source of truth for artifacts and attestation built on OSS standards such as Sigstore, in-toto, SLSA and OCI. Developers can craft and store attestation metadata and artifacts via a single integration point, regardless of their CI/CD provider choice. |
| 19 | +- **Contract-based attestation.** Workflow Contracts give operators full control over what kind of data (build info, materials) must be received as part of the attestation and the environment where these workflows must be executed. |
| 20 | +- **Third-Party Integration fan-out.** Operators can set up third-party integrations such as Dependency-Track for SBOM analysis or an OCI registry for storage of the received artifacts and attestation metadata. |
| 21 | +- **Observability/Auditability**. The control plane provides org-wide workflow, attestation, and artifacts visibility, including error rates, and operational anomalies. |
| 22 | +- Chainloop provides **a role-tailored experience**, clearly defining the responsibilities and functional scope of the Security/Operation (SecOps) and Development/Application teams. |
22 | 23 |
|
23 | | -``` |
24 | | -docker compose run --rm cli |
25 | | -``` |
| 24 | + |
26 | 25 |
|
27 | | -Note that changes made in the source code are not reflected automatically in the running services, for that you'll need to perform a restart. |
| 26 | +To learn more, please visit the Chainloop project's documentation website, https://docs.chainloop.dev. |
28 | 27 |
|
29 | | -``` |
30 | | -docker compose restart -t0 controlplane |
31 | | -# or |
32 | | -docker compose restart -t0 cas |
33 | | -``` |
| 28 | +## Documentation |
34 | 29 |
|
35 | | -### Locally |
| 30 | +The documentation provides a getting started guide, FAQ, examples, and more. |
36 | 31 |
|
37 | | -Prerequisites |
| 32 | +To learn more, please visit the Chainloop project's documentation website, https://docs.chainloop.dev. |
38 | 33 |
|
39 | | -- postgresql |
| 34 | +## Community / Discussion / Support |
40 | 35 |
|
41 | | -Note: You can run the prerequisites by leveraging the provided docker-compose file i.e `docker compose up postgresql` |
| 36 | +Chainloop is developed in the open and is constantly improved by our users, contributors and maintainers. Got a question, comment, or idea? Please don't hesitate to reach out via: |
42 | 37 |
|
43 | | -Then each project has a `make run` target that can be used |
| 38 | +- GitHub [Discussions](https://github.com/chainloop-dev/chainloop/discussions), |
| 39 | +- GitHub [Issues](https://github.com/chainloop-dev/chainloop/issues), |
| 40 | +- or [Chainloop Discord Community Server](https://discord.gg/f7atkaZact). |
| 41 | + |
| 42 | +## Contributing |
| 43 | + |
| 44 | +Want to get involved? Contributions are welcome. |
| 45 | + |
| 46 | +If you are ready to jump in and test, add code, or help with documentation, please follow the instructions on |
| 47 | +our [Contribution](CONTRIBUTING.md) page. At all times, follow our [Code of Conduct](./CODE_OF_CONDUCT.md). |
| 48 | + |
| 49 | +See the [issue tracker](https://github.com/chainloop-dev/chainloop/issues) if you're unsure where to start, especially the [Good first issue](https://github.com/chainloop-dev/chainloop/labels/good%20first%20issue) label.postpo |
| 50 | + |
| 51 | +## Changelog |
| 52 | + |
| 53 | +Take a look at the list of [[releases|http://github.com/chainloop-dev/chainloop/releases]] to stay tuned for the latest features and changes. |
| 54 | + |
| 55 | +## License |
| 56 | + |
| 57 | +Chainloop is released under the Apache License, Version 2.0. Please see the [LICENSE](./LICENSE.md) file for more information. |
0 commit comments