# Install chainloop-cli with Homebrew

CLI for interacting with Chainloop. Version 1.103.1 via Homebrew; verified 2026-07-01.

## Install

```sh
sudo av install brew:chainloop-cli
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install chainloop-cli
```

  Evidence: local Homebrew formula metadata

## Package facts

- **Package key:** brew:chainloop-cli
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/chainloop-cli>
- **Version:** 1.103.1
- **Source summary:** CLI for interacting with Chainloop
- **Homepage:** <https://docs.chainloop.dev>
- **Repository:** <https://github.com/chainloop-dev/chainloop>
- **Upstream docs:** <https://docs.chainloop.dev/>
- **License:** Apache-2.0
- **Source archive:** <https://github.com/chainloop-dev/chainloop/archive/refs/tags/v1.103.1.tar.gz>
- **Last updated:** 2026-07-01T15:21:51Z
- **Generated:** 2026-07-09T07:20:21+00:00

## Executables

- chainloop (cli)
- chainloop (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-09
- Package-manager version: 1.103.1
- Package-manager updated: 2026-07-01
- Local data: ok
- Upstream repository: https://github.com/chainloop-dev/chainloop
- Upstream latest detected: v1.103.1 (current)
## Project history and usage

Chainloop CLI is the developer-facing command-line interface for Chainloop's software supply-chain evidence store and attestation platform. It is used to initialize attestations, add evidence such as SBOMs or vulnerability reports, sign metadata, and push it into Chainloop for validation and storage.

### Project history

Chainloop was introduced on May 22, 2023 as an API for an organization's software supply chain, built around a SLSA level 3 provenance-compliant control plane and a contract-based attestation process. The README describes Chainloop as an open-source evidence store for attestations, SBOMs, VEX, SARIF, QA reports, and related software-delivery evidence.

### Adoption history

The official README and docs emphasize use across CI/CD pipelines, with developers using the CLI while security and compliance teams define workflow contracts, policies, storage, and integrations. Chainloop documentation and changelogs show the platform expanding from attestation capture into policies, compliance frameworks, vulnerability management, integrations, AI coding-session evidence, and enterprise platform features.

### How it is used

The quickstart guides users through installing the CLI, logging in, initializing an attestation, adding a container image, SBOM, and vulnerability report, then pushing the signed attestation. The CLI reference documents commands for applying YAML resources, uploading/downloading artifacts, creating attestations, and passing configuration through ~/.config/chainloop/config.toml or environment variables such as CHAINLOOP_TOKEN.

### Why package nerds care

Package nerds care about chainloop-cli because it is a modern supply-chain CLI that wraps several packaging-era concerns: SBOMs, provenance, signatures, OCI storage, SLSA, in-toto, Sigstore, policy-as-code, and CI/CD evidence capture. Homebrew packaging gives developers a local install path for a tool meant to be embedded in automated delivery pipelines.

### Timeline

- 2023: Chainloop was introduced publicly as an early-access software supply-chain attestation platform.
- 2024: Chainloop changelogs added contract-less attestations, material auto-discovery, broader evidence types, policies, and Prometheus-oriented monitoring.
- 2026: Documentation presents Chainloop as a centralized evidence store with real-time visibility, automated compliance, policy evaluation, and CLI-driven attestation workflows.

### Related projects

- Chainloop is built around or integrates with SLSA, in-toto, Sigstore, OCI registries, OPA/Rego policies, Dependency-Track, GUAC, CycloneDX, SPDX, OpenVEX, SARIF, CSAF, GitHub Actions, GitLab CI, and Kubernetes/Helm deployment paths.

### Sources

- <https://chainloop.dev/blog/introducing-chainloop/>
- <https://github.com/chainloop-dev/chainloop/blob/main/README.md>
- <https://docs.chainloop.dev/welcome.md>
- <https://docs.chainloop.dev/quickstart.md>
- <https://docs.chainloop.dev/command-line-reference/cli-reference.md>
- <https://docs.chainloop.dev/llms.txt>


## Security Notes

No matching local secret-handling manifest was found for chainloop-cli. Nucleus package metadata is still published here so future coverage has a stable package URL.



## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: ~/.config/chainloop/config.toml

## Credential files

- Unix: ~/.config/chainloop/config.toml
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** chainloop-cli
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable


## Related links

- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [Documentation packages](https://www.automicvault.com/pkg/documentation-tools/) - Matched documentation, manual, or publishing metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [cdxgen](https://www.automicvault.com/pkg/brew/cdxgen/) - Shares av.db curated category or tags: cli, sbom, security, software-supply-chain.
- [cyclonedx-gomod](https://www.automicvault.com/pkg/brew/cyclonedx-gomod/) - Shares av.db curated category or tags: cli, sbom, security, software-supply-chain.
- [cyclonedx-python](https://www.automicvault.com/pkg/brew/cyclonedx-python/) - Shares av.db curated category or tags: cli, sbom, security, software-supply-chain.
- [sbom-tool](https://www.automicvault.com/pkg/brew/sbom-tool/) - Shares av.db curated category or tags: cli, sbom, security, software-supply-chain.
- [syft](https://www.automicvault.com/pkg/brew/syft/) - Shares av.db curated category or tags: cli, sbom, security, software-supply-chain.
- [bom](https://www.automicvault.com/pkg/brew/bom/) - Shares av.db curated category or tags: cli, sbom, security, software-supply-chain.
- [cargo-audit](https://www.automicvault.com/pkg/brew/cargo-audit/) - Shares av.db curated category or tags: cli, security, software-supply-chain.
- [phylum-cli](https://www.automicvault.com/pkg/brew/phylum-cli/) - Shares av.db curated category or tags: cli, security, software-supply-chain.

## Combined YAML source

View the package source record on GitHub. [combined/chainloop-cli.yml](https://github.com/automic-vault/db/blob/main/combined/chainloop-cli.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- cross-ecosystem install command graph
