Stacklok’s mission is to make it easier for developers to build more trustworthy software. Our free-to-use products, Trusty and Minder, help developers make safer dependency choices and help development teams and open source maintainers adopt safer development practices. Stacklok is committed to bringing software supply chain security to developers through community aligned tools. We support Sigstore as an important mechanism to generate proof-of-origin information for open source software.
Trusty by Stacklok is a free-to-use service that helps developers assess dependency risk. Trusty uses statistical analysis of dimensions such as author and repo activity, along with a package’s source of origin, to provide an assessment about its trustworthiness. Trusty is accessible via a VS Code plug-in and a browsable web interface.
Minder by Stacklok is an open source platform that helps development teams and open source communities build more secure software, and prove to others that what they’ve built is secure. Minder helps project owners proactively manage their security posture by providing a set of checks and policies to minimize risk along the software supply chain, and attest their security practices to downstream consumers.