Trusty is a free-to-use web app that provides data and scoring on the supply chain risk for open source packages.
Browse our latest blog posts, view videos from our team, and more.
We’re excited to announce support in Minder for GitHub’s new Artifact Attestations feature, now in public beta. Artifact Attestations enables developers to easily publish attestations signed with the open source project sigstore.
Stacklok is announcing the launch of two new capabilities to help detect and prevent supply chain attacks that build on tools like sigstore. Over time, we believe these capabilities will help mitigate newly emerging techniques that are threatening the health of open source ecosystems.
The OSS Trust Graph is an implementation of the Proof-of-Diligence algorithm created at Stacklok. Proof-of-Diligence (PoD) provides a robust mechanism to model trust, quality and maintainability in open source ecosystems. This blog post provides details on the reasoning behind the algorithm, how it is implemented, and how it can be used.