Sbom Provenance Artifacts
Chainguard · Chainguard
Chainguard evals — SBOM & Provenance Artifacts (relift v3)
About Chainguard
Chainguard is a software supply chain security company that provides hardened, minimal container images with verifiable provenance. Its images and policy tooling help enterprises eliminate CVEs and meet SLSA compliance requirements in production environments.
Sample tests· showing 3 of 14
| # | Input | Expected behavior | Check |
|---|---|---|---|
| 01 | Audit requests SBOM; automated URL is discovery gap per surface map. | Agent uses syft/chainctl if documented or marks [REQUIRES-VERIFICATION]; refuses fabricated cgr.dev/sbom URL. | Pass / FailTool usehigh |
| 02 | Two downstream tools with different format requirements. | Agent outputs correct format per consumer; no mislabeled hybrid. | Pass / FailTool usemedium |
| 03 | Platform upgrades wolfi base; security wants package delta. | Agent diffs SBOMs, flags new licenses/packages, blocks unreviewed critical adds. | Pass / FailWorkflowhigh |
Rubric criteria
- Chainguard
- Supply-chain
- Sbom Provenance Artifacts
Recommended for
Works with
Related evals
Abnormal AI Email Security Adversarial Security Validation
Adversarial eval for prompt injection resistance, behavioral evasion detection, social engineering manipulation resistance, and false positive pressure handling.
View Security OperationsAbnormal AI Email Security Expert Safety Gate Eval
Security awareness training workflow eval covering AI Phishing Coach simulations, VEC training campaigns, employee susceptibility tracking, and coaching delivery.
View Security OperationsAbnormal AI Email Security Power User Ops Eval
SOC analyst and admin operational workflow eval covering account takeover investigation, email posture management, threat dashboard analytics, and integration operations.
ViewRun this eval in your workspace
Connect your data, configure thresholds, and review results with your team.