Trusty provides a free-to-use service with scoring and metrics about a package’s repo and author activity.
Minder is an open source platform that helps project owners build more secure software and prove that what they’ve built is secure.
Minder makes it easier to apply and automate the enforcement of security checks and policies across multiple GitHub repositories. It comes with a set of pre-built rule types to help you understand what policies to apply, and allows you to write custom policies in the language of your choice, like Rego.
Most development teams have multiple repos—averaging 6x the number of developers. Minder helps you simplify configuration and management of security policies and settings across multiple project repos.
Continuously enforce security best practices like secret scanning, branch protections, artifact signing and more by setting granular policies to alert or auto-remediate.
Make sure your artifacts are tamper-proof by setting a policy to verify that all artifacts are signed using Sigstore, and display signature and verification status for those artifacts.
Manage your dependency security posture and supported licenses by helping developers make better choices and enforcing controls. Minder integrates with Trusty to enable policy-driven management based on dependency risk level.
Minder can be deployed easily as a Helm chart and includes a CLI tool. We also provide a Stacklok-hosted version of Minder, so that you don't have to manage it yourself.
Most development teams have multiple repos—as many as 6x the number of developers. To take control of repo sprawl, Minder allows you to apply security policies across multiple repos, and manage security controls programmatically.
Instead of scanning running workloads and checking for configuration issues after deployments, Minder helps you set up controls across any resource and manage how you control them, through alerts and auto-remediation.
We're excited to announce the launch of Minder and Trusty, two free-to-use tools that build on the power of the open source project Sigstore to help developers and open source communities keep their software safe.Continue Reading