Stacklok product documentation

Stacklok's mission is to make it easier for developers to build more trustworthy software. Our free-to-use products, Stacklok Insight and Minder Cloud, help developers make safer dependency choices and help development teams and open source maintainers adopt safer development practices. Stacklok is committed to bringing software supply chain security to developers through community aligned tools. We support Sigstore as an important mechanism to validate proof-of-origin information for open source software.

Stacklok Insight is a free-to-use service that helps developers assess dependency risk. Stacklok Insight uses statistical analysis of dimensions such as author and repo activity, along with a package's source of origin, to provide an assessment about its trustworthiness. Stacklok Insight is accessible via a REST API and a browsable web interface.

Minder Cloud is a public SaaS instance of the open source Minder platform that helps development teams and open source communities build more secure software, and prove to others that what they've built is secure. Minder helps project owners proactively manage their security posture by providing a set of checks and policies to minimize risk along the software supply chain, and attest their security practices to downstream consumers.