Trusty provides a free-to-use service with scoring and metrics about a package’s repo and author activity.
Minder is an open source platform that helps project owners build more secure software and prove that what they’ve built is secure.
Sigstore's public-good instance is a community-operated service for developers, run and managed by OpenSSF. Learn more about how this public-good instance is run and maintained.
We traveled to beautiful Bilbao, Spain, on September 18, to attend OpenSSF Day Europe and talk open source security.
At OpenSSF Day, Stacklok Principal Engineer Evan Anderson led a session to give attendees a tour of Sigstore's "public good instance."
This public-good instance is a community-operated service for developers, run and managed by OpenSSF. Stacklok engineers like Evan, along with engineers from several member companies, volunteer their time to participate in the on-call rotation and maintain the public good instance.
Photo credit: Unsplash