Policy based security profiles, from the software supply chain security experts at Stacklok.

Minder by Stacklok is an open source platform that helps development teams and open source communities build more secure software, and prove to others that what they’ve built is secure. Minder helps project owners proactively manage their security posture by providing a set of checks and policies to minimize risk along the software supply chain, and attest their security practices to downstream consumers.

Minder allows users to enroll repositories and define policy to ensure repositories and artifacts are configured consistently and securely. Policies can be set to alert only or autoremediate. Minder provides a predefined set of rules and can also be configured to apply custom rules.

Features

• Repo configuration and security: Simplify configuration and management of security settings and policies across repos.
• Proactive security enforcement: Continuously enforce best practice security configurations by setting granular policies to alert only or auto-remediate.
• Artifact attestation: Continuously verify that packages are signed to ensure they’re tamper-proof, using the open source project Sigstore.
• Harden GitHub Actions: Automatically switch GitHub App tags to digests.
• Deploy Popular Security Tools: Automatically deploy Dependabot, CodeQL and many other security tools.
• Dependency management: Manage dependency security posture by helping developers make better choices and enforcing controls. Minder is integrated with Trusty by Stacklok to enable policy-driven dependency management using Trusty's intelligent threat heuristics pipeline, and the open source vulnerability database for the ability to block CVEs within a pull request.

Open source and community centric

We are a company that has co-founded and created projects such as kubernetes, sigstore and many more.

Our mission is to help open source communities and developers build safer software, and our team has deep roots in open source. We believe that contributing to open source is a necessary part of our everyday work. We also believe open source software, makes for safer software, as the code is transparent and open to review and audit by everybody.