Changelog - Chainloop Documentation

November 03, 2025

Add support for attesting container images from local OCI layout directories - enables secure image attestation in air-gapped environments and registry-less deployments without requiring image push to remote registries

# Single image layout (automatic)
chainloop attestation add \
  --name my-app \
  --value /path/to/oci-layout \
  --kind CONTAINER_IMAGE

# Multi-image layout (requires digest selector)
chainloop attestation add \
  --name my-app \
  --value /path/to/oci-layout@sha256:9a7ef86e19... \
  --kind CONTAINER_IMAGE

Add custom endpoint configuration for Azure Blob Storage CAS backends - enables support for Azure Government Cloud and other sovereign cloud environments by allowing custom endpoint suffixes

October 31, 2025

Introduce new contract schema format to align with other compliance resources.
Add Policy Group management commands in Chainloop CLI Enterprise Edition - store and manage reusable policy groups in the platform with declarative YAML configuration

# Create or update a policy group
chainloop policy-group apply --file sbom-quality.yaml

# List all policy groups
chainloop policy-group list

# Describe a specific policy group
chainloop policy-group describe --name sbom-quality

Add chainloop workflow contract apply command for declarative contract management - simplifies contract lifecycle by creating or updating contracts from YAML files in a single operation

October 28, 2025

Introduce Chainloop CLI Enterprise Edition - proprietary extension of the open-source CLI with additional features and capabilities available in platform paid plans

# Install CLI Enterprise Edition
curl -sfL https://dl.chainloop.dev/cli/install.sh | bash -s -- -ee

Key features include:

Declarative policy management - store and reuse custom policies in the platform with YAML-based configuration and Rego evaluation logic for consistent supply chain security enforcement across workflows
Advanced runner context - capture and attest CI/CD environment security configuration including branch protection settings, pull request requirements, and commit protection for enhanced compliance verification

October 25, 2025

Add Compliance Overview to product view for comprehensive visibility into compliance frameworks and requirements across product versions with drill-down capabilities into underlying projects
Add Evidence tab to product view for centralized access to all pieces of evidence across product versions, including artifacts, SBOMs, VEX documents, vulnerability reports, and provenance data with advanced filtering capabilities

October 22, 2025

Add notification trigger for product releases - receive alerts when new product versions are released

October 21, 2025

Expose OpenAPI spec preconfigured for your specific instance of Chainloop You can find it at https://your-backend-instance/openapi.yaml for example here

October 20, 2025

Add notifications for aggregated product compliance changes - stay informed about compliance status updates (failures and recoveries)

October 17, 2025

Introduce Notification Integrations - send alerts about system status through Microsoft Teams and Email Notifications

October 15, 2025

Add Evidence tab to project view for centralized access to all pieces of evidence, including artifacts, SBOMs, VEX documents, vulnerability reports, and provenance data with advanced filtering capabilities

October 10, 2025

Add system status page to monitor platform health and view past incidents in real-time

October 09, 2025

Introduce Business Units - organize products by department, division, or team for better organizational structure management

September 15, 2025

Display user group memberships in the members table with contextual group inspection

September 13, 2025

Allow to re-evaluate requirements from existing workflow runs

September 12, 2025

Fix GitLab integration authentication issues

September 09, 2025

Implement automatic Storage backend health checks every 30 minutes with owner notifications on status changes via Email and Audit Log

September 04, 2025

Improve product compliance view with aggregated compliance charts
Fix CAS backend permission errors when storage cannot be reached

September 03, 2025

Add documentation for branch protection policies including GitLab integration

September 02, 2025

Allow product-level applicability settings with inheritance to project versions
Extend banned-licenses policy to support SPDX license expressions

August 29, 2025

Allow creating product versions from previous ones - streamlines version management by pre-populating projects and compliance mappings

August 28, 2025

Replace bitnami containers with custom builds to address container initialization issues

August 27, 2025

Requirements applicability for projects and versions - define which requirements apply to specific projects or versions within a product for tailored compliance management

August 25, 2025

Pin project versions on product releases to maintain stable relationships
Standardize on “pre-release” terminology across the platform

August 18, 2025

Enable inviting external users to products
Add audit entries when adding users/groups to products and projects

August 15, 2025

On-prem: New instance-level Admin role for managing organization creation.

August 14, 2025

Product version lifecycle management

August 8, 2025

Add contextual help links in UI pointing to documentation and RBAC guide

July 18, 2025

Ensure at least one Org Owner is present in the organization before leaving

Refer to this collection of blog posts for additional historical changes.