Stacklok

Among the fastest growing threats to software security are the AI coding assistants and LLMs that 90% of developers use every day. And so today we released CodeGate, the first open source, locally deployed privacy controls for AI-enabled developers. CodeGate is a single container that sits between the AI coding assistant and LLM; it encrypts secrets before they find their way into prompts, and alerts you to dangerous dependencies before they find their way into your code. Since CodeGate is open source, it's easy to explore and get involved with the project. Start at https://codegate.ai

We ARE LIVE! Join us for today's Minder Monday: A Deep Dive - The Minder Ontology (Minder's view of the world)!

Minder Monday: The Minder Ontology (A Deep Dive) 🗓️ December 16, 2024 🕰️ 6:30am PT | 8:30am CT | 9:30am ET | 3pm GMT | 5pm EET -------------------------------------------- What is Minder? Minder is an OpenSSF Sandbox project within the Security Tooling Working Group. Minder is a supply chain security platform to enable teams and organizations to define security policies in a consistent way across multiple supply chain assets. Minder helps project owners proactively manage their security posture by providing a set of checks and policies to minimize risk along the software supply chain, and attest their security practices to downstream consumers. The goal is to make it easy and efficient to adopt existing security tools across many users. Session Details: Join Juan Antonio “Ozz” Osorio, Staff Engineer at Stacklok, as he dives deep into Minder’s view of the world and explains the different concepts (such as Entities, Providers and Data Sources) it introduces to map your supply chain and secure it. -------------------------------------------- Resources: - Minder GitHub Repo: https://lnkd.in/egNTZk-c - Minder Docs: https://lnkd.in/erTmReu4 - OpenSSF Slack (channel: #minder): openssf.slack.com (if you need an invite to OpenSSF slack you can request one here: http://slack.openssf.org/)

Join us Monday, December 16 for another #MinderMonday session! This time Juan Antonio "Ozz" Osorio will be getting philosophical and diving deep into Minder’s view of the world. Ozz explains the different concepts (such as Entities, Providers and Data Sources) #Minder introduces to map your supply chain and secure it. #SoftwareSupplyChain #SoftwareSecurity

AI is transforming developer workflows—but it’s also introducing new risks. In this interview, Craig McLuckie, co-founder of Kubernetes and CEO of Staklok, explains how AI impacts software development and why traditional security measures like CVEs are no longer enough. Craig also introduces Minder, an open source tool to automate security policy enforcement across the SDLC and secure your supply chain. Learn how open source solutions are helping organizations tackle AI-driven challenges. 🎥 Watch now: https://buff.ly/4199peP #WeLoveOpenSource #AI #Cybersecurity #SoftwareDevelopment #OpenSource

During this episode of Securi-Taco Tuesdays, we’re diving into the world of SBOMs and the OpenSSF sandbox project bomctl. We’re joined this month by bomctl Maintainers and members of Lockheed Martin’s Open Source Ecoysystem Team: Ian Dunbar-Hall, Jonathan Howard, and Allen Shearin. They’ll give us a brief intro to SBOMs, how to make SBOM’s useful for your project or organization, explain what bomctl is all about and how it helps to simplify your SBOM life! Speakers: Ian Dunbar-Hall, Allen Shearin, and Jonathan Howard Lockheed Martin Ian leads Lockheed Martin's Open Source Program Office and specializes in DevSecOps and full stack engineering. Additionally he is a maintainer on SBOMit and bomctl. He is also an OpenSSF Governing Board General Member Representative. Allen is a member of the Lockheed Martin Open Source Ecosystem Team. Still pretty new to the open source community, only a couple years in, but have made contributions to a few OpenSSF projects. Happy to be a part of the OpenSSF Family with bomctl. Passionate about making powerful tools that make software more secure and make it easy to do so.

🌮 It's Securi-Taco Tuesday! 🌮 Join Stackers Adolfo García Veytia and Stacey Potter along with the Maintainers of the OpenSSF Project: bomctl Ian Dunbar-Hall, Jonathan Howard, and Allen Shearin. 🗓️ November 19 @ 11am PT / 2pm ET / 7pm GMT They’ll give us a brief intro to SBOMs, how to make SBOM’s useful for your project or organization, explain what bomctl is all about and how it helps to simplify your SBOM life! 📺 YouTube Livestream: https://lnkd.in/e28WSRA8 🖥️ LinkedIn Livestream: https://lnkd.in/erwdphHm #sbom #SoftwareSupplyChain #SecureOpenSource #soss #OpenSource

Minder Monday: Writing Rules & Profiles in Minder 🗓️ November 18, 2024 🕰️ 7am PT | 8am CT | 10am ET | 3pm GMT | 5pm EET -------------------------------------------- What is Minder? Minder is an OpenSSF Sandbox project within the Security Tooling Working Group. Minder is a supply chain security platform to enable teams and organizations to define security policies in a consistent way across multiple supply chain assets. Minder helps project owners proactively manage their security posture by providing a set of checks and policies to minimize risk along the software supply chain, and attest their security practices to downstream consumers. The goal is to make it easy and efficient to adopt existing security tools across many users. Session Details: Join Juan Antonio “Ozz” Osorio, Staff Engineer at Stacklok, as he dives into the some key vocabulary for the project, how Minder works, prerequisites, and then how you too can write your own rules and profiles. About our Speaker: Juan Antonio "Ozz" Osorio is a Mexican software engineer living in Finland. He has worked in security with cloud-related open source projects such as OpenStack and Kubernetes, as well as security for bare metal environments. He's currently working at Stacklok building tools to make software supply chain security easier and friendlier.

Join us today at 10am ET for another edition of #MinderMonday. In this episode we'll dive into writing rules and profiles in the OpenSSF sandbox project #Minder, with Juan Antonio "Ozz" Osorio. See you there!

AI is transforming developer workflows and opening new cracks for threat actors to expose. Our CEO, Craig McLuckie, sits down with the All Things Open team after his event keynote. https://lnkd.in/gQAMKZmr