Trusty provides a free-to-use service with scoring and metrics about a package’s repo and author activity.
Minder by Stacklok is an open source platform that helps development teams and open source communities build more secure software, and prove to others that what you’ve built is secure.
Minder helps software project owners and open source communities proactively manage their security posture. It provides a set of checks and policies to minimize risk along the software supply chain, and attest your security practices to downstream consumers.
Most development teams have multiple repos—averaging 6x the number of developers. Minder helps you simplify configuration and management of security policies and settings across multiple project repos.
Continuously enforce security best practices like secret scanning, branch protections, artifact signing and more by setting granular policies to alert or auto-remediate.
Make sure your artifacts are tamper-proof by setting a policy to verify that all artifacts are signed using Sigstore, and display signature and verification status for those artifacts.
Manage your dependency security posture and supported licenses by helping developers make better choices and enforcing controls. Minder integrates with Trusty to enable policy-driven management based on dependency risk level.
Minder can be deployed easily as a Helm chart and includes a CLI tool. We also provide a Stacklok-hosted version of Minder, so that you don't have to manage it yourself.
Most development teams have multiple repos—as many as 6x the number of developers. To take control of repo sprawl, Minder allows you to apply security policies across multiple repos, and manage security controls programmatically.
Instead of scanning running workloads and checking for configuration issues after deployments, Minder helps you set up controls across any resource and manage how you control them, through alerts and auto-remediation.
We're excited to announce the launch of Minder and Trusty, two free-to-use tools that build on the power of the open source project Sigstore to help developers and open source communities keep their software safe.
Continue Reading