Skip to main content
In addition to the Rego builtin functions, Chainloop’s Rego engine has been enhanced with additional functions that can be used to interact with Chainloop APIs and features. All API calls to Chainloop services will use the same authentication context configured in the CLI (by using chainloop auth login or CHAINLOOP_TOKEN). This is the list of APIs supported currently:

chainloop.discover

Calls Chainloop’s Discover API. It’s the same as chainloop discover --digest sha256:foobar Usage: chainloop.discover(digest, kind) Arguments:
  • digest (string): artifact digest in the form of sha256:foobar
  • kind (string, optional): optional filter by kind to disambiguate
Returns: same payload as chainloop discover CLI call. A JSON with the artifact metadata and the list of referenced artifacts. Example: 
  {
   "digest": "sha256:79261a7ebb2955f1c54c092bee6ee0e16ad6d096ed51f599412a50b356b247c9",
   "kind": "CONTAINER_IMAGE",
   "downloadable": false,
   "public": true,
   "createdAt": "2025-11-19T10:37:45.937172Z",
   "references": [
      {
         "digest": "sha256:5319f1abba10ae602a92c0e4b5bfd6e59e6dcadaae68c57f0b55cc7ff96d7e57",
         "kind": "ATTESTATION",
         // ... other metadata
      },
      {
         "digest": "sha256:d0d10a109a55c16118c622daefd276a5641be81bb024e1f30eedbef3eb9b9c49",
         "kind": "ATTESTATION",
         // ... other metadata
      },
      {
         "digest": "sha256:ad71aa55f6016aa83a1418bdb1337a889f1df47173ec640813911f0cbb00d3b1",
         "kind": "ATTESTATION",
         // ... other metadata
      }
   ]
}