chainloop-dev / chainloop

Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
https://docs.chainloop.dev
Apache License 2.0
369 stars 27 forks source link

Chainloop Tools container image #229

Open danlishka opened 1 year ago

danlishka commented 1 year ago

Build the chainloop tools container image during the release process. We will use this image in various automations/integrations.

The image will include the latest version of Chainloop CLI and:

migmartri commented 1 year ago

We might don't need to make it part of our release process, but a parallel process instead.

That way we do not need to wait for chainloop to be released if we want to add/update a tool. re: the CLI we can always download it from the github releases.

WDYT?

danlishka commented 1 year ago

Makes sense to me! I just want to make sure we update it every time the new chainloop cli is available.