Stacklok

Stacklok is a company dedicated to improving software security through its open source platforms, Minder and Trusty. Minder is designed to help owners and maintainers secure their software by automatically applying and enforcing security policies and best practices throughout the Software Development Life Cycle (SDLC). It features capabilities for repository configuration and security, dependency and license management, as well as CI/CD workflow and artifact security. On the other hand, Trusty is a free service aimed at helping developers make safer dependency choices by providing scoring and metrics about a package’s repository and author activity. Trusty’s features include activity scoring, package provenance, and package recommendations, which are enhanced by generative AI. Additionally, Stacklok publishes a weekly newsletter titled ‘Software Supply Chain Security (S3C) Weekly,’ which focuses on topics related to software supply chain security.