Guides

How-to create a real-time application inventory

You can use Chalk to create a real-time application inventory, collecting data about the code and builds being deployed. This includes additional metadata such as who the official and inferred code owners are, useful in incident response scenarios.

How-to create software security supply chain compliance reports automatically

You can use Chalk to generate SBOMs with every build, adding code provenance information and digitally signing it, before sending it to a location of your choice as a report. As a big bonus, with no extra effort, you can be SLSA level 2 compliant.

How-to automatically run Semgrep globally on every Docker build

Chalk natively supports automating running additional collection tools including built-in support for SAST tools like Semgrep. This guide shows you how to execute a SAST scan every time you build using Docker.

Helper Docs

How-to deploy Chalk globally using Docker

You can deploy Chalk across all of the builds performed by a build server by setting a global alias for Docker and having it call Chalk, so that every build will automatically be 'chalked'. This guide walks you through the configuration step by step.

How-to setup a local test environment with containers and a SQLite database

You can set up containers to run the Chalk API server and the SQLite database server locally to test and learn Chalk including following the other how-to guides. This guide is a step by step guide to configure that local environment.