Skip to content

v0.85.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 30 Apr 10:57
· 1411 commits to main since this release
v0.85.0
a5af520
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

The new core contributors @javirln and @jiparis have been busy preparing this new release 🚀

Highlights

New Material types

You can now attest two new kinds of material types, EVIDENCE and ATTESTATION.

  • To differentiate between software artifacts and pieces of evidence, we have introduced an Evidence type. It allows you to provide arbitrary information that can be attached to your attestations
  • The ATTESTATION type can be used to connect different attestations generated by chainloop and in practice is a mechanism to represent dependencies.

What's Changed

  • Bump Helm Chart Version => v0.84.0 by @github-actions in #700
  • feat(ci): Adds chainloop to scorecards pipeline by @javirln in #710
  • feat(docs-deploy): Bump version of chainloop action to perform checkout before init by @javirln in #708
  • fix(scorecards): Move env variable to individual steps by @javirln in #713
  • fix(ci): Bump version of chainloop action by @javirln in #714
  • fix(ci): Use chainloop action on scorecard pipeline by @javirln in #715
  • feat(package): attest container images in helm package gh action by @jiparis in #701
  • feat(chainloop): add EVIDENCE material type by @jiparis in #702
  • feat(referrer): store backlinks unconditionally by @migmartri in #712
  • feat(ci): Adds chainloop to codeql pipeline by @javirln in #711
  • fix(ci): do not add materials on pull_request by @migmartri in #722
  • fix(cli): Send pagination message to stderr by @jiparis in #721
  • feat(cli): Workflow run can receive a status flag by @javirln in #723
  • feat(apitoken): Adds workflow run list policy to default apitoken policies by @javirln in #724
  • fix(cli): sanitize remote url by @migmartri in #729
  • feat(cli): Allow to pass --output flag to artifact download by @javirln in #726
  • feat(cli): add json output to attestation push by @migmartri in #730
  • feat(backend): ATTESTATION material type by @jiparis in #727
  • feat(ci): Declarative Chainloop contracts by @javirln in #731
  • feat(controlplane): verify that dependent attestations exist by @migmartri in #732

Full Changelog: v0.84.0...v0.85.0

Contributors

migmartri, jiparis, and javirln
Assets 15
Loading