About

Stacklok focuses on improving software supply chain security by helping developers and open-source communities ensure their software and dependencies are secure. Its main product, Trusty, features an "Activity Scoring" system called the Trusty Score, which benchmarks software repository activity using public GitHub data. Trusty also verifies the authenticity of software packages through Sigstore and uses generative AI to recommend safer package alternatives. By offering Trusty as a free service, Stacklok aims to build trust within the developer community while addressing the growing cybersecurity threats in the software industry.

Simplify's Take

What believers are saying

• The recent $17.5M Series A funding round, backed by prominent investors like Madrona and Accel, provides strong financial backing for future growth and innovation.
• The leadership team, including founders of Kubernetes and Sigstore, brings unparalleled expertise and credibility in the software security domain.
• Trusty's free service model helps build a large user base, potentially paving the way for premium features or enterprise solutions in the future.

What critics are saying

• The crowded cybersecurity market requires Stacklok to continuously innovate to maintain its competitive edge.
• Relying on a free service model initially may delay revenue generation, impacting financial sustainability.

What makes Stacklok unique

• Stacklok's Trusty leverages statistical analysis of GitHub data to provide a unique 'Trusty Score,' setting it apart from competitors who may not offer such granular insights.
• The integration of Sigstore for package provenance ensures tamper-proof software packages, a feature not commonly found in other supply chain security solutions.
• Stacklok's use of generative AI for package recommendations provides an innovative approach to identifying safer software dependencies.

Help us improve and share your feedback! Did you find this helpful?

YesNo