About

Stacklok focuses on improving software supply chain security by helping developers and open-source communities ensure their software and dependencies are secure. Its main product, Trusty, features an "Activity Scoring" system called the Trusty Score, which analyzes public GitHub data to assess the trustworthiness of software repositories. Trusty also verifies the authenticity of software packages using Sigstore and employs generative AI to recommend safer package alternatives. By offering Trusty as a free service through a web app and Visual Studio Code extension, Stacklok aims to build trust within the developer community.

Simplify's Take

What believers are saying

• Increased Sigstore adoption boosts Trusty's credibility and potential user base.
• Generative AI trends align with Trusty's package recommendation feature, enhancing its relevance.
• Growing open-source security focus creates demand for Stacklok's Trusty solutions.

What critics are saying

• New CNCF members may increase competition in cloud-native and open-source sectors.
• Reliance on generative AI could lead to security risks if models are outdated.
• Free Trusty model may limit revenue unless premium features are adopted.

What makes Stacklok unique

• Stacklok's Trusty uses Sigstore for package provenance, ensuring software authenticity.
• Trusty Score benchmarks GitHub repository activity, aiding in assessing software trustworthiness.
• Generative AI in Trusty suggests safer package alternatives, enhancing security choices.

Help us improve and share your feedback! Did you find this helpful?

YesNo