What we’re about
Hello and welcome to the Stacklok User Group (SUG) Meetup, where we focus on discussions and hands-on activities (intro to advanced) related to securing the software development lifecycle (SDLC), open source, supply chain security, and more. Join us as we cover topics like GitHub repository management, dependency management, artifact attestation, GitHub Action Security, Acronym Soup (let’s talk about SLSA, SOSS, GUAC, OpenSSF) and so much more!
Stacklok Open Source projects include:
📌 Minder: an open source platform that helps dev teams & OSS communities build more secure software, and prove to others that what you’ve built is secure. Learn more here: https://github.com/stacklok/minder
📌 Frizbee: a command-line tool to help you increase the security of GitHub Actions by helping you pin actions to commit SHAs (or checksums). Pinning actions to commit SHAs - rather than tags, which can be moved - ensures that you’re always pointing to the same known-good version of the code. Frisbee also provides checksums for container images, and includes a set of libraries for working with tags and checksums. Learn more here: https://github.com/stacklok/frizbee
Stacklok Free-to-use Products:
📌 Minder Cloud: helps open source developers and communities use open source security tools and standards to continuously secure their software projects, and provide proof of that security to their downstream consumers. Try it out here: cloud.stacklok.com
📌 Trusty: A free-to-use service to help developers vet the supply chain risk of OSS packages. Try it out here: https://trustypkg.dev/
Connect with us!
🌐 Find company & project updates on our website: stacklok.com
📰 Read the latest news, tips, and ideas about open source and supply chain security on our Blog.
💬 Join the conversation in our Discord Server
📺 Subscribe to our YouTube Channel at www.youtube.com/@Stacklok and watch previously recorded SUG sessions here.
