You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Chainloop control plane has a mechanism to forward received DSSE attestation envelopes or SBOMs to different backends, i.e OCI registry or Dependency-Track.
This means that conceptually both OCI registries and SBOM processors are at the same level, third party fan out integrations, but reality is that the implementation grew in a different manner.
Because of historical development reasons, currently, an OCI repository is mapped as its own identity in both the database and business logic.
while dependency track integration makes use of a generic "integration" model meant to encapsulate different processors.
This command will, however, update the Chainloop backend service database and may affect other users in the org/project. This may break some pipelines because if you have more than one org, you might accidentally update the OCI registry you did not intend.
Chainloop control plane has a mechanism to forward received DSSE attestation envelopes or SBOMs to different backends, i.e OCI registry or Dependency-Track.
This means that conceptually both OCI registries and SBOM processors are at the same level, third party fan out integrations, but reality is that the implementation grew in a different manner.
Because of historical development reasons, currently, an OCI repository is mapped as its own identity in both the database and business logic.
while dependency track integration makes use of a generic "integration" model meant to encapsulate different processors.
both of them belongs to an
organization
and get attached to different workflows. The only difference is that having a valid OCI registry is mandatoryThis issue is about making the OCI repository feature part of the more generic "integrations" feature for consistency.
The text was updated successfully, but these errors were encountered: