Chainloop

Chainloop is an open-source evidence store for software supply chain attestations, Software Bill of Materials (SBOMs), vulnerability reports (VEX), SARIF, CSAF files, QA reports, and more.

By integrating Chainloop with EJBCA and SignServer, you get an end-to-end solution that will create in-toto attestations signed with SignServer and EJBCA, stored in an OCI registry.

This allows you to:

Enhance Security:

Use Keyfactor’s SignServer for secure, widely adopted, enterprise-grade attestation signing.

Streamline Certificate Management:

Access EJBCA’s comprehensive certificate management system, which is trusted by enterprises worldwide.

Deploy fast:

Enjoy added trust and security with minimal setup, whether you’re using Chainloop Open Source or the Chainloop Platform.

Partnership Overview

Integrations

All

Keyfactor EJBCA

Local Signing of Attestations with Chainloop and EJBCA Ephemeral Certificates
With this integration, Chainloop can be configured to generate short-lived signing certificates by using EJBCA as the certificate authority (CA), enabling a user experience similar to Sigstore Fulcio’s “keyless” approach.

Resources:

Setup Guide

Keyfactor SignServer

Remote Signing of Attestations using Chainloop and SignServer
This integration allows users to send the attestation payload to a SignServer worker before sending it to Chainloop for storage.

Resources:

Setup Guide

EJBCA

Keyfactor EJBCA

Local Signing of Attestations with Chainloop and EJBCA Ephemeral Certificates
With this integration, Chainloop can be configured to generate short-lived signing certificates by using EJBCA as the certificate authority (CA), enabling a user experience similar to Sigstore Fulcio’s “keyless” approach.

Resources:

Setup Guide

SignServer

Keyfactor SignServer

Remote Signing of Attestations using Chainloop and SignServer
This integration allows users to send the attestation payload to a SignServer worker before sending it to Chainloop for storage.

Resources:

Setup Guide

Featured

Products

Featured

Featured

Chainloop

Chainloop

Enhance Security:

Streamline Certificate Management:

Deploy fast:

Integrations

All

Keyfactor EJBCA

Keyfactor SignServer

EJBCA

Keyfactor EJBCA

SignServer

Keyfactor SignServer