Stacklok, the open source software supply chain company founded by Kubernetes co-creator Craig McLuckie and Sigstore creator Luke Hinds, has donated Minder, one of its key projects, to the Open Source Security Foundation (OpenSSF). This move is set to boost supply chain security in the tech industry.

Minder is a platform that helps development teams set up a system of proactive checks and policies to minimize supply chain risks by enforcing best practices and ensuring that all packages built by developers are cryptographically signed. The platform is extensible, and the Stacklok team hopes it will become a point of integration for other OpenSSF projects, making it easier to operationalize security tools.

The importance of supply chain security has been highlighted by recent attacks, such as SolarWinds, and the increasing sophistication of nation-state actors. Minder is designed to intercept attacks at the IDE, in the inner development loop, and can apply controls across the entire application lifecycle.

McLuckie emphasized that Minder is meant to be a community-centric platform, and Stacklok will continue to support it while also commercializing it. The company hopes that Minder will become a widely adopted standard for supply chain security, similar to Kubernetes' impact on container orchestration.

Google, McLuckie's former employer, is also supporting the project, and Stacklok has built integrations with services like the open source vulnerability database. The company is open to collaborations with other communities to build integrations with GitLab, BitBucket, and similar tools.

This move is significant for the tech and startup community, as it highlights the importance of supply chain security and the need for collaborative efforts to address this critical issue.