Skip to content

v0.86.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 08 May 17:23
· 1395 commits to main since this release
v0.86.0
This tag was signed with the committer’s verified signature.
javirln Javier Rodríguez
GPG key ID: 7D7676C9E58AD1F5
Verified
Learn about vigilant mode.
8c03ae2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

CSAF support

CycloneDX 1.6 support

Chainloop now supports (#751) CycloneDX 1.6 Software Bill Of Materials (SBOM) as a piece of evidence in your attestations.

Note that our Dependency-Track integration will not send such versions to Dep-Track until DependencyTrack/dependency-track#3584 is fixed.

CSAF 2.1, 2.2 profiles support

In addition to the existing Common Security Advisory Framework (CSAF) VEX profile, Chainloop now supports three additional ones: Security Advisory, Informational Advisory, and Security Incident Response.

schemaVersion: v1
materials:
  - type: CSAF_INFORMATIONAL_ADVISORY
    name: informational-advisory

  - type: CSAF_SECURITY_ADVISORY
    name: security-advisory

  - type: CSAF_SECURITY_INCIDENT_RESPONSE
    name: security-incident-response

What's Changed

  • Bump Helm Chart Version => v0.85.1 by @github-actions in #746
  • feat(attestation): add tag to container image attestation by @migmartri in #747
  • feat(materials): Add support for schema validators and CycloneDX 1.6 by @javirln in #751
  • feat(policies): Add attestation as new resource type and workflow create permission by @javirln in #754
  • feat(workflows): describe workflow by name by @jiparis in #756
  • feat(materials): Add support for CSAF 2.0 and 2.1 schemas and remaining CSAF_* materials by @javirln in #749

Full Changelog: v0.85.1...v0.86.0

Contributors

migmartri, jiparis, and javirln
Assets 15
Loading