Skip to content
Stacklok Cloud

Stacklok Cloud

A centralized platform to integrate open source software security tools and manage policy across the SDLC

by stacklok175 installs

About

GitHub has verified that the publisher controls the domain and meets other requirements.

Stacklok Cloud makes it easier to establish and manage policies across open source dependencies, source code repositories, build environments and CI/CD pipelines with more automation and less effort.

Stacklok Cloud Features

Repository configuration and security

Most development teams have multiple repos—averaging 6x the number of developers. Stacklok Cloud helps you simplify configuration and management of security policies and settings across multiple project repos.

Proactive security enforcement

Continuously enforce security best practices like secret scanning, branch protections, artifact signing and more by setting granular policies to alert or auto-remediate.

Artifact attestation

Make sure your artifacts are tamper-proof by setting a policy to verify that all artifacts are signed using Sigstore, and display signature and verification status for those artifacts.

Dependency and license management

Manage your dependency security posture and supported licenses by helping developers make better choices and enforcing controls. Stacklok Cloud integrates with Trusty to enable policy-driven management based on dependency risk level.

Security profiles — built-in and custom profiles

Pricing and setup

Free for open source projects and public repositories

$0

Open Source

Free for open source projects and public repositories

  • Unlimited public repositories
  • Integration with GitHub Security features
  • Custom policies for your organization
  • Automatic remediation

Next: Confirm your installation location

Stacklok Cloud is provided by a third-party and is governed by separate privacy policy and support documentation