ChangeLog: Context is King

TL;DR

May was all about context. We launched our MCP Server preview to make your Software Delivery Life Cycle (SDLC) context AI-accessible, expanded our automated compliance coverage with new frameworks, published a solution brief with Keyfactor, and took our message directly to customers and the community across Chicago, Vienna, and Barcelona.

Context is King: MCP Server Preview

In the world of LLMs and AI-powered development, trusted data and context are everything. You can have the most sophisticated AI model, but without the right context, it’s just sophisticated noise. The same principle applies to your software supply chain—scattered data across dozens of tools creates noise, not insights.

With Chainloop, every artifact, every piece of evidence, every policy evaluation becomes part of a rich, interconnected narrative that both humans, automation, and AI can understand and act upon. This month, we doubled down on building the context foundation, and Chainloop now provides the context API for your SDLC. We launched our Model Context Protocol (MCP) Server preview, enabling secure, two-way connections between your SDLC data stored with context in the Chainloop trusted storage and AI-powered tools.

What this means for you:

• Your favorite AI tools can now understand your SDLC context
• Natural language queries about compliance status, vulnerabilities, and deployment readiness
• Foundation for building custom AI agents that understand your specific SDLC patterns

The MCP Server isn’t just another integration—it’s your gateway to building truly intelligent software delivery workflows. Now you will be able to create custom agents that can answer questions like “What’s blocking our delivery pipelines?”, “Which software products/projects need attention?”, “Can we ship this feature safely next week?”, or “Are we getting better over time?”.

Check out our MCP Server documentation to learn how to set it up.

Automated Compliance: More Frameworks, Less Friction

Compliance shouldn’t slow you down—it should be invisible. This month, we expanded our automated compliance capabilities across multiple critical frameworks:

EU Cyber Resilience Act (CRA) Support (Preview)

Our comprehensive guide to CRA compliance helps you understand the CRA timeline and how Chainloop can help you prepare.

NIST Secure Software Development Framework (SSDF)

We published our in-depth analysis on building secure software by design with SSDF, introducing preview support for the SSDF framework at Chainloop to help teams stay ahead of emerging compliance requirements by simplifying the assessment, tracking, and documentation of secure-by-design practices without disrupting their existing workflows.

SLSA

Our updated SLSA and Chainloop integration guide shows how we make SLSA Level 3 provenance compliance effortless. The result? Compliance that happens in the background, giving you audit-ready evidence without disrupting your development velocity.

Keyfactor Solution Brief

This month, we published our comprehensive solution brief on securing the software supply chain with Keyfactor. This integration brings enterprise-grade PKI signing directly into your SDLC workflows.

For highly regulated industries—finance, healthcare, government—this combination provides the cryptographic foundation for truly trustworthy software delivery. Your compliance teams get immutable audit trails, while your developers get frictionless workflows.

On the Road: Connecting with Customers and Community

May was a month of meaningful connections. Our team hit the road to engage directly with customers and the broader security community:

Vienna Technical Discussions

Daniel’s visit to Vienna focused on CRA, SLSA, and automated compliance. Daniel also gave a talk on “Securing the Software Supply Chain: Practical Strategies” at the Security Meetup by SBA Research, sharing insights on making supply chain security practical and scalable.

Chicago Customer Visits

Daniel spent time in Chicago meeting with enterprise customers, diving deep into their software supply chain challenges. The results speak for themselves: we’re seeing Chainloop shortens often complex release cycles by ~8× on average (up to 20×), removes manual toil, and dramatically cuts compliance and evidence-gathering effort.

OWASP AppSec Barcelona

Miguel represented Chainloop at OWASP AppSec in Barcelona, connecting with the application security community. The conversations reinforced our belief that the industry is ready for a paradigm shift from fragmented point solutions to unified SDLC governance.

Looking Ahead: June and Beyond

We want to democratize SDLC Intelligence—transforming your scattered supply chain metadata into conversational intelligence that anyone can query and analyze.

Imagine asking your SDLC: “Show me all containers with critical vulnerabilities deployed in the last week” or “Which teams consistently produce the most secure code?” This isn’t science fiction—it’s the immediate future we’re building at Chainloop.

Want to talk more about this vision? We’ll be at the Open Source Finance Forum in London on June 24th. Ping us for a live demo!

The future of software delivery isn’t just automated—it’s intelligent. But intelligence requires context, and context requires a foundation that connects every piece of your SDLC puzzle. That foundation is Chainloop.

• Request the Chainloop Platform demo: chainloop.dev/book-a-demo
• Join our community and check out our docs: docs.chainloop.dev
• Try our open source version: github.com/chainloop-dev/chainloop

Want to stay updated on our latest developments? Follow us on LinkedIn and subscribe to our newsletter for monthly updates straight to your inbox.