Resources

Stacklok Blog

The latest news, tips, and ideas about open source and supply chain security.

Featured Articles

Capturing the productivity gains of AI coding assistants without sacrificing control of privacy

Luke Hinds /

4 mins read

Dec 17, 2024

AI Security

Open Source Security

We are excited to announce a new open source project—CodeGate is a single Docker container that a developer can install locally to protect their privacy and their code while using AI coding assistants and LLMs.

Stacklok has contributed Minder to the OpenSSF out of a deep belief in the power of the open source community

Luke Hinds /

5 mins read

Oct 28, 2024

Community

Minder

The open source community is a rich source of innovation and has developed a number of powerful security tools. Minder makes it easier to integrate and utilize these tools for organizations that want a platform for open source security. We're excited that Minder has been adopted into the OpenSSF sandbox.

Flexible policy enforcement with Minder profile selectors

Dan Barr /

4 mins read

Sep 19, 2024

Minder

Tutorials

Profile selectors, now available in Minder, enable you to customize how profiles are applied to your software supply chain. With selectors, you can apply the right rules to the right resources to increase compliance flexibility and reduce alert fatigue.

New Hire Perspective: Week One as Stacklok's First SRE

Chris Burns /

Jan 22, 2025

Company News

Community

Capturing the productivity gains of AI coding assistants without sacrificing control of privacy

Luke Hinds /

Dec 17, 2024

AI Security

Open Source Security

Stacklok has contributed Minder to the OpenSSF out of a deep belief in the power of the open source community

Luke Hinds /

Oct 28, 2024

Community

Minder

This Month in Minder: September 2024

Stacklok /

Sep 26, 2024

Minder

Community

Flexible policy enforcement with Minder profile selectors

Dan Barr /

Sep 19, 2024

Minder

Tutorials

Dependency hijacking: Dissecting North Korea’s new wave of DeFi-themed open source attacks targeting developers

Poppaea McDermott /

Sep 10, 2024

Threat Analysis

Securi-Taco Tuesday livestream recap: How code signing and Sigstore secure the software supply chain

Stacey Potter /

Sep 3, 2024

Community

Supply Chain Security 101

Cross-platform RAT deployed by weaponized 'requests' clone

Luke Hinds / Poppaea McDermott /

Aug 30, 2024

Threat Analysis

Now available in Trusty: Vulnerability and license information for open source packages

Megan Bruce /

Aug 27, 2024

Trusty

Open Source Security

Docs

Resources

Stacklok Blog

Featured Articles

Capturing the productivity gains of AI coding assistants without sacrificing control of privacy

Stacklok has contributed Minder to the OpenSSF out of a deep belief in the power of the open source community

Flexible policy enforcement with Minder profile selectors

New Hire Perspective: Week One as Stacklok's First SRE

Capturing the productivity gains of AI coding assistants without sacrificing control of privacy

Stacklok has contributed Minder to the OpenSSF out of a deep belief in the power of the open source community

This Month in Minder: September 2024

Flexible policy enforcement with Minder profile selectors

Dependency hijacking: Dissecting North Korea’s new wave of DeFi-themed open source attacks targeting developers

Securi-Taco Tuesday livestream recap: How code signing and Sigstore secure the software supply chain

Cross-platform RAT deployed by weaponized 'requests' clone

Now available in Trusty: Vulnerability and license information for open source packages

Don't be a stranger

Newsletter

Stay in the loop

Explore our GitHub repo

Dive into our Discord