Both charts are scratch (no upstream Helm chart published — Coraza
project + anchore/syft+grype CLIs ship containers only). The
blueprint-release.yaml hollow-chart gate (issue #181) rejects charts
with zero declared dependencies. Adding sigstore/common as a tiny
library subchart satisfies the gate; common is a library type so it
contributes zero runtime resources to either chart's rendered output.
The Catalyst-side templates (Deployment+Service for bp-coraza,
CronJob+PVC for bp-syft-grype) remain entirely in templates/ — the
library dep is purely a CI-gate mechanism, NOT a functional dependency.
Co-authored-by: hatiyildiz <hatice.yildiz@openova.io>
* feat(bp-falco): umbrella chart for security layer
Catalyst Blueprint umbrella chart for falco — security/policy layer.
Pinned upstream + appVersion verified against the helm index on
2026-04-30. ServiceMonitor disabled per BLUEPRINT-AUTHORING.md §11.2.
Solo-Sovereign defaults; per-Sovereign overlays bump to HA later.
Part of security-stack umbrellas batch 3.
* feat(bp-kyverno): umbrella chart for security layer
Catalyst Blueprint umbrella chart for kyverno — security/policy layer.
Pinned upstream + appVersion verified against the helm index on
2026-04-30. ServiceMonitor disabled per BLUEPRINT-AUTHORING.md §11.2.
Solo-Sovereign defaults; per-Sovereign overlays bump to HA later.
Part of security-stack umbrellas batch 3.
* feat(bp-trivy): umbrella chart for security layer
Catalyst Blueprint umbrella chart for trivy — security/policy layer.
Pinned upstream + appVersion verified against the helm index on
2026-04-30. ServiceMonitor disabled per BLUEPRINT-AUTHORING.md §11.2.
Solo-Sovereign defaults; per-Sovereign overlays bump to HA later.
Part of security-stack umbrellas batch 3.
* feat(bp-sigstore): umbrella chart for security layer
Catalyst Blueprint umbrella chart for sigstore — security/policy layer.
Pinned upstream + appVersion verified against the helm index on
2026-04-30. ServiceMonitor disabled per BLUEPRINT-AUTHORING.md §11.2.
Solo-Sovereign defaults; per-Sovereign overlays bump to HA later.
Part of security-stack umbrellas batch 3.
* feat(bp-syft-grype): umbrella chart for security layer
Catalyst Blueprint umbrella chart for syft-grype — security/policy layer.
Pinned upstream + appVersion verified against the helm index on
2026-04-30. ServiceMonitor disabled per BLUEPRINT-AUTHORING.md §11.2.
Solo-Sovereign defaults; per-Sovereign overlays bump to HA later.
Part of security-stack umbrellas batch 3.
* feat(bp-reloader): umbrella chart for security layer
Catalyst Blueprint umbrella chart for reloader — security/policy layer.
Pinned upstream + appVersion verified against the helm index on
2026-04-30. ServiceMonitor disabled per BLUEPRINT-AUTHORING.md §11.2.
Solo-Sovereign defaults; per-Sovereign overlays bump to HA later.
Part of security-stack umbrellas batch 3.
* feat(bp-coraza): umbrella chart for security layer
Catalyst Blueprint umbrella chart for coraza — security/policy layer.
Pinned upstream + appVersion verified against the helm index on
2026-04-30. ServiceMonitor disabled per BLUEPRINT-AUTHORING.md §11.2.
Solo-Sovereign defaults; per-Sovereign overlays bump to HA later.
Part of security-stack umbrellas batch 3.
* feat(bp-litmus): umbrella chart for security layer
Catalyst Blueprint umbrella chart for litmus — security/policy layer.
Pinned upstream + appVersion verified against the helm index on
2026-04-30. ServiceMonitor disabled per BLUEPRINT-AUTHORING.md §11.2.
Solo-Sovereign defaults; per-Sovereign overlays bump to HA later.
Part of security-stack umbrellas batch 3.
---------
Co-authored-by: hatiyildiz <hatice.yildiz@openova.io>
