Resources

Stacklok Blog

The latest news, tips, and ideas about open source and supply chain security.

Loading...

Introducing the Trusty Dependency Risk Action: Automatically scan PRs for unsafe dependencies

Megan Bruce /
Jul 18, 2024
Continue Reading

Secrets management: GitHub-native tools and best practices to keep your secrets safe

Stacklok /
Jul 16, 2024
Continue Reading

Securing our security platform: Findings from Minder's independent security audit

Stacklok /
Jul 12, 2024
Continue Reading

DestroyLoneliness: npm starjacking attack on Roblox Node.js library delivers QuasarRAT

Poppaea McDermott /
Jul 11, 2024
Continue Reading

Introducing the Frizbee GitHub Action to automate pinning actions and container images to digests

Radoslav Dimitrov / Luke Hinds /
Jun 20, 2024
Continue Reading

Python typosquatting attack targets popular open source PyPI library with 30M weekly downloads

Luis Juncal / Luke Hinds /
Jun 6, 2024
Continue Reading

All I really need to know I learned from co-founding Kubernetes

Craig McLuckie /
Jun 6, 2024
Continue Reading

This Month in Minder: May 2024

Stacklok /
May 31, 2024
Continue Reading

Blocking unsafe open source dependencies in pull requests with Minder and OSV.dev

Yolanda Robla / Adolfo "Puerco" García Veytia /
May 29, 2024
Continue Reading