Stacklok

An Introduction to Minder 🗓️ October 14, 2024 🕰️ 7am PT | 10am ET | 3pm BST | 5pm EEST -------------------------------------------- Minder is a supply chain security platform to enable teams and organizations to define security policies in a consistent way across multiple supply chain assets. Minder helps project owners proactively manage their security posture by providing a set of checks and policies to minimize risk along the software supply chain, and attest their security practices to downstream consumers. The goal is to make it easy and efficient to adopt existing security tools across many users. Register your repositories and set guidelines to keep all your repos and artifacts consistent and secure. Policies can either send out alerts or fix problems automatically. There's a predefined set of rules, but you can also customize them to fit your specific needs. Join Juan Antonio “Ozz” Osorio, Staff Engineer at Stacklok, as he walks you through a high level overview of Minder, how it works, it’s features, benefits, and how you can get started with Minder OSS or Minder Cloud today! -------------------------------------------- About our Speaker: Juan Antonio "Ozz" Osorio is a Mexican software engineer living in Finland. He has worked in security with cloud-related open source projects such as OpenStack and Kubernetes, as well as security for bare metal environments. He's currently working at Stacklok building tools to make software supply chain security easier and friendlier.

Join Stacker Juan Antonio "Ozz" Osorio for an Intro to Minder today at 10am ET / 3pm BST / 5pm EEST to get a high-level overview and demo of the project. See you there! #SupplyChainSecurity #DevSecOps #ShiftLeft

Check out the latest edition of This Month in Minder, highlighting our latest project updates and community contributions! Along with new feature highlights, Stacklok is thrilled to welcome Vyom Yadav as the first external maintainer for #Minder! Read all about it on the Stacklok blog: https://lnkd.in/eWQEaRCT

Following up from a huge gathering last night DevSecOps - London Gathering Already looking at how we can learn from and adopt some of these practices. Brilliant, engaging and informative talks from ControlPlane, Google and Stacklok A huge thanks to all for an excellent event.

Now available in #Minder, profile selectors give you the flexibility to customize how and when policies are applied to your projects. When it comes to enforcing security and compliance policies, a one-size-fits-all approach just doesn't work. With profile selectors, you can easily customize how Minder profiles are applied to your projects, so you can apply the right rules to the right resources. Learn how to use profile selectors in our latest blog post: https://lnkd.in/ebzRen2u

📣 TODAY at #SOSSCommunity Day Europe: join Adolfo García Veytia as he dives into how to build a trusted end-to-end VEX stream, from code to scanner diving deep into a VEX document and explores other highlights of the OpenVEX ecosystem. Thu. Sep 19 at 10:40am CEST https://sched.co/1gb7z

Shanis is an outstanding leader and adored member of our team. This is a great window into her mindset and motivation.

If you're In London: our CTO Luke Hinds will be keynoting DevSecOps - London Gathering tonight with a talk on "Secure Repo Management as Scale, with Minder" at Google's (Central Saint Giles) London Office, doors open at 5:45pm. Sign up here👇 https://lnkd.in/eAmhTNhk

During this episode of 🔒 Securi-Taco Tuesdays 🌮 we’re diving into the world of software trust and security with this introductory level discussion on software attestations and the open source project in-toto (a Cloud Native Computing Foundation (CNCF) incubating project). We’ll explore how software attestations provide critical insights into the integrity and authenticity of code, and how the in-toto project’s comprehensive framework ensures secure supply chains. We’ll talk about practical strategies for implementing these tools to protect against vulnerabilities, ensuring that every step of your software’s lifecycle meets the ultimate standards of trust and security. About our Speaker: Santiago Torres Arias is an Assistant Professor at Purdue's Electrical and Computer Engineering Department. His interests include binary analysis, cryptography, distributed systems, and security-oriented software engineering. His current research focuses on securing the software development lifecycle, cloud security, and update systems. Santiago is a member of the Arch Linux security team and has contributed patches to F/OSS projects on various degrees of scale, including Git, the Linux Kernel, Reproducible Builds, NeoMutt, and the Briar project. Santiago is also a maintainer for Cloud Native Computing Foundation's project The Update Framework (TUF) as well as lead the in-toto and Sigstore projects.

⏱️ Livestream begins in 2 short hours, grab your 🌮 tacos and meet us there! Securi-Taco Tuesdays hosts Adolfo García Veytia & Stacey Potter bring you "Understanding Software Trust: Let’s explore Secure Attestations & the in-toto framework" with special guest Santiago Torres Arias. We’ll explore how software attestations provide critical insights into the integrity and authenticity of code, and how the in-toto project’s comprehensive framework ensures secure supply chains. We’ll talk about practical strategies for implementing these tools to protect against vulnerabilities, ensuring that every step of your software’s lifecycle meets the ultimate standards of trust and security. https://lnkd.in/enSRzCSH