Stacklok Insight is a free-to-use web app that provides data and scoring on the supply chain risk for open source packages.
OpenSSF runs a number of "public good" instances, including Sigstore and OpenSSF scorecards. In this video, Stacklok Principal Engineer Evan Anderson pulls back the curtain on the what and how of public good instances, drawing on his experience getting involved and going on-call for these instances.
OpenSSF runs a number of "public good" instances, including Sigstore and OpenSSF scorecards. In this video, Stacklok Principal Engineer Evan Anderson pulls back the curtain on the what and how of public good instances, drawing on his experience getting involved and going on-call for these instances. The OpenSSF's mission is to make software safer and more secure. Part of that is investigating and improving the tools developers have available to protect themselves from attackers, and the public good instances play a key role in making that happen.
Topics covered in this video:
How the public instances are hosted: A bit about the scale of public instances
Some security insights into public instances: Why you should trust and use the public instances (and when not to!)
Evan Anderson
Principal Software Engineer