Frequently Asked Questions

Does Minder support private repositories?

Minder is currently limited to public repositories only, but we plan to support private repositories in the future. If you're interested in using Minder on private repos, drop us an email at support@stacklok.com.

Do I have to pay to use Minder?

No. Minder is free to use for public repos, to support open source maintainers.

I don't want to use SaaS. Can I run my own Minder server?

Yes, you can—see instructions here.

Can you tell me more about Stacklok, the company behind Minder?

Stacklok’s mission is to make it easier for developers to build more trustworthy software. Our free-to-use products, Stacklok Insight and Minder, help developers make safer dependency choices and help development teams and open source maintainers adopt safer development practices.

Our co-founders, Craig McLuckie and Luke Hinds, are veterans of the open source and software security communities. Craig McLuckie co-founded Kubernetes, an open source system for automating deployment, scaling, and management of containerized applications, and Luke Hinds founded Sigstore, an open source project that dramatically simplifies how developers sign and verify software artifacts.

Learn more about us at www.stacklok.com.

I'm an open source maintainer. Do I have to use Minder to improve my Stacklok Insight results?

No, you don’t. Minder can make it easier to put in place security policies and practices that may improve your Stacklok Insight report, but use of Minder doesn’t guarantee a better result, and we don’t give favorable treatment or higher scores to project owners just for using it. Project owners can take measures outside of Minder to improve their Stacklok Insight activity score, like increasing their commit frequency, the number of contributors to their project, or the number of contributions they make to other projects.

How do Minder and Stacklok Insight work together? Are they integrated?

Yes — Stacklok Insight and Minder are complementary tools. For example, in Minder, you can set a policy to block pull requests that contain dependencies with risk indicators. When this happens, Minder will also display a list of alternative packages to help developers select a safer option.

What value does Minder add above GitHub Advanced Security?

Minder integrates with GitHub security features such as Dependabot and Code Scanning to make it easy to manage many repositories with a consistent set of policies. Minder’s Projects concept (on the roadmap) will allow you to group multiple repositories and apply policy consistently. In addition, Minder’s policy engine enables autoremediation of any configuration gaps, so you can automatically fix configuration issues across repositories.

How do I get support for Minder?

Stacklok currently offers community support for Minder in our Discord forum.

Why is the Minder mascot a marmot?

Marmots look out for each other: when one marmot leaves its burrow to eat, another marmot will go with it to act as a lookout. If it sees a threat, it will whistle to alert other marmots in the area about possible danger. We want Minder to be your trusted sidekick, looking out for risk and keeping your software safe.

Does Minder support private repositories?​

Do I have to pay to use Minder?​

I don't want to use SaaS. Can I run my own Minder server?​

Can you tell me more about Stacklok, the company behind Minder?​

I'm an open source maintainer. Do I have to use Minder to improve my Stacklok Insight results?​

How do Minder and Stacklok Insight work together? Are they integrated?​

What value does Minder add above GitHub Advanced Security?​

How do I get support for Minder?​

Why is the Minder mascot a marmot?​