Resources

Stacklok Resources

Browse our latest blog posts, view videos from our team, and more.

Unlocking secure software distribution with Minder and GitHub Artifact Attestations

Jakub Hrozek / Adolfo "Puerco" García Veytia / Radoslav Dimitrov /
7 mins read
/
May 3, 2024

We’re excited to announce support in Minder for GitHub’s new Artifact Attestations feature, now in public beta. Artifact Attestations enables developers to easily publish attestations signed with the open source project sigstore.


Driving safe and sustainable open source consumption with two new Stacklok capabilities

Craig McLuckie /
6 mins read
/
Apr 17, 2024

Stacklok is announcing the launch of two new capabilities to help detect and prevent supply chain attacks that build on tools like sigstore. Over time, we believe these capabilities will help mitigate newly emerging techniques that are threatening the health of open source ecosystems.


Announcing the Proof-of-Diligence (PoD) algorithm: A method of modeling trust and maintainability in open source ecosystems

Luke Hinds / Pankaj Telang /
15 mins read
/
Apr 17, 2024

The OSS Trust Graph is an implementation of the Proof-of-Diligence algorithm created at Stacklok. Proof-of-Diligence (PoD) provides a robust mechanism to model trust, quality and maintainability in open source ecosystems. This blog post provides details on the reasoning behind the algorithm, how it is implemented, and how it can be used.


Loading...

Python typosquatting attack targets popular open source PyPI library with 30M weekly downloads

Luis Juncal / Luke Hinds /
Jun 6, 2024
Continue Reading

All I really need to know I learned from co-founding Kubernetes

Craig McLuckie /
Jun 6, 2024
Continue Reading

This Month in Minder: May 2024

Stacklok /
May 31, 2024
Continue Reading

Blocking unsafe open source dependencies in pull requests with Minder and OSV.dev

Yolanda Robla / Adolfo "Puerco" García Veytia /
May 29, 2024
Continue Reading

3 key takeaways from PyCon US 2024

Luis Juncal / Yolanda Robla /
May 28, 2024
Continue Reading

Tutorial: Using Minder to automate management of source code repository configuration and security

Stacklok /
May 23, 2024
Continue Reading

Unlocking secure software distribution with Minder and GitHub Artifact Attestations

Jakub Hrozek / Adolfo "Puerco" García Veytia / Radoslav Dimitrov /
May 3, 2024
Continue Reading

Driving safe and sustainable open source consumption with two new Stacklok capabilities

Craig McLuckie /
Apr 17, 2024
Continue Reading

Announcing the Proof-of-Diligence (PoD) algorithm: A method of modeling trust and maintainability in open source ecosystems

Luke Hinds / Pankaj Telang /
Apr 17, 2024
Continue Reading