Show HN: Trusty – Dependency Software Supply Chain Security
trustypkg.devTrusty - Search for an open source package to understand its trustworthiness based on activity, provenance, and more. Brought to you by the founders of projects such as Kubernetes and Sigstore.
Hey, Luke here the CTO of stacklok. This is an early experimental preview of Trusty. We use statistical analysis to observe millions of packages and found that Malware typically follows certain patterns. We found this tool really useful to help understand the packages we our pulling into our software and wanted to share it with others.
It's still early in and we have a lot more features that will be landing weekly.
No comments yet.