For #opensource maintainers with projects spanning 20+ repos, it's often manual and time-consuming to manage repo configuration. We built a policy template in Minder to automate this—you can customize it and apply it to your repos for free: cloud.stacklok.com

I've only added one rule in Minder by stacklok and it's already finding stuff.

The stacklok team has been working hard to launch 🚀Minder Cloud over the past few months. With this release we aim to make it easier for #OSS projects to implement software supply chain best practices. Check it out: stacklok.com/blog/announcin…

I got some questions about protobom during Open Source Summit from Help Net Security , here's the write up.

(1/2) 👋 We made some big announcements today at the #OSSummit . Here's the first.

Today, we're introducing the OSS Trust Graph, a way to model trust in #opensource ecosystems. It maps the connections between open source contributors and projects, and, through our…

(2/2) Our second announcement: Minder Cloud!

Having high-quality intelligence about open source packages is only as useful as an organization’s or a community’s ability to drive policies that shape developer behavior. That’s why we launched the open source software security…

Busy day at stacklok , we also released Minder Cloud today. Craft custom policies for remediation at scale. The GitHub provider implementation is in place with a UI to compliment the CLI. stacklok.com/blog/announcin…

#heptio 🎉
A bunch of which are now working on stacklok

Definitely keep an eye on what’s happening there!

stacklok booth is busy as always. Drop by tomorrow if in town. We are revealing a new project for software supply chain security + more minder goodness. I have not been this excited about a project since sigstore came about. #OSSummit

We're excited to see the open source Protobom project, originally created by Stacklok engineer puerco , officially launching today through a partnership with CISA, OpenSSF, and the Dept of Homeland Security.

SBOMs can be complex to use, because they have multiple data formats…

I'm looking forward to attending Open Source Summit NA this week. I'll be at the stacklok booth, so swing by to say hi and learn about some new bits we'll be demoing.
#OSSummit The Linux Foundation

Yay, Kate Stewart just announced at the OpenSSF SOSS day that SPDX3 is getting tagged this week! 🥲

Who's going to The Linux Foundation #OSSummit ? I've connected with quite a few of you - I don't want to miss any of you like I did at #kubecon !

I'll be at the stacklok booth. And I'm open for coffee, lunch, and (always!) happy hour wine. Let's get some stuff going!
You…

Get ready, Open Source Summit North America attendees! Don't miss Craig McLuckie's keynote speech on the 17th at 10:20 AM PST! See details and add it to your schedule here: hubs.la/Q02sBzml0
#SoftwareSupplyChain #OpenSource Security #Sigstore #OpenSource #DeveloperCommunity

We'll be at Open Source Summit North America!
#opensourcesoftware #SoftwareSupplyChain #CyberSecurity #OpenSource Security #SecureCoding #Sigstore #OpenSource #DeveloperCommunity

Quick teardown of the XZ situation.

youtube.com/watch?v=DWkQHF…