You can use Chalk to create a real-time application inventory, collecting data about the code and builds being deployed. This includes additional metadata such as who the official and inferred code owners are, useful in incident response scenarios.
You can use Chalk to generate SBOMs with every build, adding code provenance information and digitally signing it, before sending it to a location of your choice as a report. As a big bonus, with no extra effort, you can be SLSA level 2 compliant.
Chalk natively supports automating running additional collection tools including built-in support for SAST tools like Semgrep. This guide shows you how to execute a SAST scan every time you build using Docker.
You can deploy Chalk across all of the builds performed by a build server by setting a global alias for Docker and having it call Chalk, so that every build will automatically be 'chalked'. This guide walks you through the configuration step by step.
You can set up containers to run the Chalk API server and the SQLite database server locally to test and learn Chalk including following the other how-to guides. This guide is a step by step guide to configure that local environment.