Skip to content

v0.56.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 29 Jan 13:34
· 1564 commits to main since this release
v0.56.0
1efafc5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Chainloop Attestation Report here 🚀 🥳

Highlights

Authorization backend

This release sets the foundation of an authorization layer and enables it to our APITokens authentication method #474

This means that now unattended APITokens meant to be used by automation have a more granular, and restrictive, access level.

In the following demo you can see how the underlying policies are attached/removed during API-token creation/revocation.

policy-handling

Below, you'll see how only the allowed routes go through, and the rest get intercepted by the new backend.

middleware-interception

CycloneDX 1.5 support

Chainloop now supports the latest version of the CycloneDX SBOM format as material type during attestations.

What's Changed

  • Bump Helm Chart Version => v0.55.0 by @github-actions in #469
  • chore(deps): Bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #472
  • chore(deps): Bump github.com/containerd/containerd from 1.7.5 to 1.7.11 by @dependabot in #473
  • chore(deps): Bump github.com/go-git/go-git/v5 from 5.9.0 to 5.11.0 by @dependabot in #475
  • chore: happy new year by @migmartri in #476
  • fix: allow downloading artifacts with http clients by @migmartri in #471
  • chore(deps): Bump github.com/cloudflare/circl from 1.3.5 to 1.3.7 by @dependabot in #477
  • feat: add support for CycloneDX 1.5 by @migmartri in #480
  • feat: authorization backend for API tokens by @migmartri in #474
  • fix(docs): devel README instructions by @fgallina in #481

Full Changelog: v0.55.0...v0.56.0

Contributors

migmartri, fgallina, and dependabot
Assets 15
Loading