Security

Supply chain security

Cosign keys

The Chronosphere Telemetry Pipeline public Cosign key is available here (opens in a new tab).

GPG keys

The Telemetry Pipeline public GPG key is available here:

-----BEGIN PGP PUBLIC KEY BLOCK-----
 
mQINBGI8PcIBEADZ0fizLscKGjhrg0tC5IZUTasN3uJIqNtAIRl48Zr26UYPsnjE
TIXiANnruf0OzEm2f9KsfVETubawAV/b1gMGcv7vYVm6IxDvWQpUb01ooPvzqH6d
Gn2Gq7LTq5t2+/1MZii0ZNkaoKsB6GiGO1gJE0flGvCASE3m0wPbZv+Q5sJ8wNcu
uL/lDurM8twKJAQVBPaXadY1dxl0UDOF0w+vTtTxFAHh0apNqNYQLXjjc2TcaDdL
MnLg6AUGBZhhgIPECdG6XLxkVGqTMLBhBEtohMtVGznRr5gicIn0jX57ueDiftuc
QOnm/ZEvBuiNAW6PRtvuqW/+PHZ1pVUP1z1rcCWqYJK471I5W11r1BH738arJy1T
kzciHjraum10dDLoB0Ly/NDf/0XFkLS4A009BRxo4N6FRVN8OP6t8zktxAZTuawH
MTpTJD8+lGJju4R/AA+H01m3cixM4ffy1zuwqlH4IWRlkysRwlHtxfu+9PYA7GjX
d+uQJPKYYAaG7LloTIxcQ01yZ63FB97CLAd05Bmq3eQpQw/9iP8OP6Ska827Gjfg
0pgG4HEOk2ykyCFeSj8vW4frzhhas/YuDvKhxXZf8jaKJFAbxuHW4rBv5OUUckCw
PQDEiIsB465eIIaSrjjD9yhZKB9BBFAPHCvptbjvhvQ/x0MxSEcVOv81LQARAQAB
tDRDYWx5cHRpYSBSZWxlYXNlcyA8ZW50ZXJwcmlzZS1yZWxlYXNlc0BjYWx5cHRp
YS5jb20+iQJUBBMBCAA+FiEECKp3AN5X5P1iQ9xRuOWmBtZ6eVIFAmI8PcICGwMF
CQeGH1MFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQuOWmBtZ6eVIC1BAAjsPs
nUz4OxS8JrLho68hNa+4xaWrlXqVt47MfHbOl0RplH0iKa/E47nRYJ10QdGaPKZG
60prudoS7kfrD9qrONcuJPYa1XeB6fYs1K3yaDcEbTGCtJtICChrBvLkfwK0CcIF
H4NzFLaSJOJLDtC0gFW6A7kWzosjK7WJ5fwr/JWwND62usTwrCCHHRX/u6ecI6PT
RakzUl3SVhAmEstoiX/X7wZw6PF/hNqV7T9CtbsVy8DpCGamCccCrrDHb3WZpFpR
cb4pxBIeXtP5dzmK0RKRuaKQtcfx7bYuqpNB89fzPkaBoER0VLuAvY3ml336WJn6
WG9lyJI/N97bXWe/dYqo/xb1isVWHT0mYXP7a3M3wcKMeyW0ZYQ8m+jJXnhlG45h
Vqwub+UL0ymi6JuopQH6kDVMGjFoG1oU14RJMABbvLoDBPtdP03No6jxCkqVHZTL
OPV5hNbYX0fevHIKT6L0Wj42uExIb27M23c4iaDgAboewNF3vCVw9McuWTrp+5bL
HCIjYhPSN7Uu/62+KlGWI1d8MeigWyHOX9QisVrm7e/eTvGkciVvQAs2S1v7yqGc
DgBTscOR0ie7XBDy57JrLMrt540Lfc1WaarfAJVqEg+XeU9zwKhw3IYiMULi8+5t
doPOndkv/rZNQnNdoj7DSx5zBHhpGL/rDA2Ovf+5Ag0EYjw9wgEQALY1aY+G1AOe
LpB/3Ptdw2vpqEViJx47FrEoMeIQunKJ2nxQ5Zxxyy8qnbYmpD399wteN8u++kPw
uxeNhEPVjJd/hZ+aKiSdIIAQw9LabAU9zGkyTcipRU/FpfGb97PShnEKn5y8l+5J
VOifBP2pfazwoFEZ38rkhMg9qnn9yU+WffzNvLAK9QiYywMSgwkQyEoK5DOLusLr
y0b5CU7CyE/WCo1NWI6vKEMb20D/bFpYbLzTP80h5SaUY7jrl4YVx6pkDnbuv0cF
5XRROGZWFORx0jqSFI3r5m+2Bfua/pMrBSIrqy8n9nB0T0Q4c/6JJugnIk0ujgpz
ZiHFox6fo5mWA5kbrb9UkdOoCCC6gXWcwcRdLy6DnkRROFdOTB2j3wph6pzNVfJx
Er97yymS1FrwxUDVgWNQm6pIaJPnF1ttVAs7ofHPSs9jyA0jnFlEhw9Zsu+jhUBS
BQYjqb/Xma+YegZHK9lcOLpPHxI9mJnWKYbmaz7fXL4aRoYVscKDAvpByxphRoVi
+AB6P7I/dkk/cj6W6kDAbr5f3htUFRYl7I4CoC/GaDxTFU7DyiWpeqyUZ83074Di
zplgCBJ5D7A9+6ZdppfidX4jBbrg1mNihHgMfnZ1W2OQkRli+2BnA8x3HxfFZo10
Ay9Uz6LwLyc9SoziOeupddl5YBlvdVnhABEBAAGJAjwEGAEIACYWIQQIqncA3lfk
/WJD3FG45aYG1np5UgUCYjw9wgIbDAUJB4YfUwAKCRC45aYG1np5UglyD/9Xs1ZW
6vNbY4jvQkLoboOE6QMRM9rmsRxq8mHoTrcXS8nlh/4TaUSn/IX8QFNel4PKT7bo
TYfds5xONC59Nw7LJUs6VPdg8I6L3w7WE94uAweLVa3Dr5/mKJ5khK63XBhywGK4
DO4o3RHWdbgfHBo3dOT9C3TYJSc/O2IQEPINQkDYz4MnUOQvZbPU34GkOVCPK73b
m/Kw9mRADcwuLKP7hN1JH4RZfGCr5TgaYQABNa/k/wG63QND9+20nUhbUFvCQqnL
t3FPcJYkArbSigivmrbwNvlhzmAuS0m1iutVhlAtgBw3DaF8VAaf6pYQBNKk804W
XzqjH2dys8ZEALDFwW1y4J91MjM24ziHXrAY3/cnwN530QF/HLeE+lqeIXpm5Hi1
BdD26CXrRRrtfTjAHG/mZwkA7mA6GR7cpQWJ4d1gorKj3ofTOKcakIoD1yk/x4X1
nN2gI7le7dV0YuzLncGh51bnCmBSYbnoD+vZ88LbB5IjOZRYYwSOLyyCFfwVzLDG
eCPl42gf2624An19rUlCMoBom0CFblN8tlmWu7FSgD3zd3u7cAG5ktOiLtad98xB
PmdXROjwdDdvPiBiC36Wf6qhshQKJ2OEK/x0He3Vd6vXQyV8SFIAukv9bWZEbhFr
nnZ6mGB2zREpsL/HoaG4no46tHvWfhanTEGEoA==
=33Bk
-----END PGP PUBLIC KEY BLOCK-----

The Telemetry Pipeline public GPG key can be verified by using the following information:

pub   rsa4096 2022-03-24 [SC] [expires: 2026-03-24]
      08AA 7700 DE57 E4FD 6243  DC51 B8E5 A606 D67A 7952
uid                      Calyptia Releases <enterprise-releases@calyptia.com>
sub   rsa4096 2022-03-24 [E] [expires: 2026-03-24]

SBOM and other reports

SBOMs are generated for each release along with CVE reports at the time of release.