An open source software supply chain security platform

Minder by Stacklok is an open source and extensible platform that helps OSS maintainers and project owners consistently protect their code repos, build pipelines, and artifacts from malicious attacks.

What is Minder?

Minder makes it easier to apply and automate the enforcement of security checks and policies across multiple GitHub repositories. It comes with a set of pre-built rule types to help you understand what policies to apply, and allows you to write and enforce custom policies using Rego.

Watch Stacklok software engineer Eleftheria Stein-Kousathana demo how to get started with Minder, from enrolling a provider to creating your first profile with a set of rule types and applying it to a group of repos.

Minder Features

Repo configuration and security

Most development teams have multiple repos—averaging 6x the number of developers. Minder helps you simplify configuration and management of security policies and settings across multiple project repos.

Proactive security enforcement

Continuously enforce security best practices like secret scanning, branch protections, artifact signing and more by setting granular policies to alert or auto-remediate.

Artifact attestation

Make sure your artifacts are tamper-proof by setting a policy to verify that all artifacts are signed using Sigstore, and display signature and verification status for those artifacts.

Dependency and license management

Manage your dependency security posture and supported licenses by helping developers make better choices and enforcing controls. Minder integrates with Trusty to enable policy-driven management based on dependency risk level.

Why use Minder?

Easy to get started

Minder can be deployed easily as a Helm chart and includes a CLI tool. We also provide a Stacklok-hosted version of Minder, so that you don't have to manage it yourself.

Designed for scale

Most development teams have multiple repos—as many as 6x the number of developers. To take control of repo sprawl, Minder allows you to apply security policies across multiple repos, and manage security controls programmatically. 

Robust policy engine

Instead of scanning running workloads and checking for configuration issues after deployments, Minder helps you set up controls across any resource and manage how you control them, through alerts and auto-remediation.

Blog

Announcing Minder and Trusty: Free-to-use tools to help developers and open source communities build safer software

We're excited to announce the launch of Minder and Trusty, two free-to-use tools that build on the power of the open source project Sigstore to help developers and open source communities keep their software safe.

Continue Reading
Stacklok logo
© 2024 Stacklok