Minder by Stacklok is an open source and extensible platform that helps OSS maintainers and project owners consistently protect their code repos, build pipelines, and artifacts from malicious attacks.

Minder Features

Repository configuration and security

Most development teams have multiple repos—averaging 6x the number of developers. Minder helps you simplify configuration and management of security policies and settings across multiple project repos.

Proactive security enforcement

Continuously enforce security best practices like secret scanning, branch protections, artifact signing and more by setting granular policies to alert or auto-remediate.

Artifact attestation

Make sure your artifacts are tamper-proof by setting a policy to verify that all artifacts are signed using Sigstore, and display signature and verification status for those artifacts.

Dependency and license management

Manage your dependency security posture and supported licenses by helping developers make better choices and enforcing controls. Minder integrates with Trusty to enable policy-driven management based on dependency risk level.