Stacklok Builds on Sigstore to Identify Safe Open Source Libraries
Craig McLuckie, one of the co-founders of Google’s Kubernetes project, has co-started a new company, Stacklok, that aims to bring supply chain security to developers through the Sigstore open source project, created by the other Stacklok founder Luke Hinds, who serves as CTO for the new company.
On Tuesday, the company launched two projects Trusty and Minder. Trusty is a free service for developers to holistically assess the dependency risk of a software package and Minder is a platform for library creators to automate and enforce artifact signing and verification across multiple repositories.
The company wants to move users away from a static way of thinking about security vulnerabilities, largely based on CVE scores.
“The primary currency of security has been the CVE,” McLuckie said. “It’s increasingly failing the developers and increasingly failing the enterprise organization.”
The absence of a CVE is no guarantee that a given piece of software is actually safe (especially if a developer is tricked into downloading a near-identical piece of software that is most definitely malicious). And even if a software package has a CVE, it not be an issue depending on how it is being used.
Stacklok has developed a rating system for software packages that goes beyond the CVE score to attempt to offer a more wide-arranging assessment of the risk an organization takes on by using an open source package. SigStore serves as a base of operations.
Sigstore as a Base
Created in 2020, Sigstore provides a way for developers to sign software artifacts, using OpenID Connect, so that third-party users be assured the software has not been tampered with somewhere in transit, or has been forged by a malicious actor. The open source technology is now managed by the Linux Foundation’s Open Source Security Foundation (OpenSSF).
Both Kubernetes and the NPM project have since adopted SigStore to verify the authenticity of software artifacts. Google plans to use the technology to sign AI models. It also proves the essential mechanism of verifying authenticity that allows StackLok to help make a determination about third-party open source software packages used by the developers.
Enter Trusty
Few developers check to ensure the open source software libraries they embed in their own code are from legitimate sources, in McLuckie’s estimation. Hence the need for Trusty and Minder.
With a rating score ranging from 1-10 (10 being the safest), Trusty provides an assessment of a software package, using signatures along with secrets scanning, vulnerability reports and known dependencies. It even looks at repo activity and author and contributor reputation.
This holistic approach proves a more thorough view of open source packages, beyond that of CVE scores. For instance, a popular software package can be replaced by a malicious forgery (a practice called “starjacking”).
An example provided by McLuckie was a 2022 forgery of the popular marked.js Node package. The markedjs forgery had identical metadata to the original and the only way to determine it was a fake was that it was not getting the millions of weekly downloads.
Trusty, available as a web application and as an IDE plug-in for VS Code, runs on a rating system that is built on public GitHub package data, evaluating factors such as package provenance, malicious activity warnings, and package metadata and package alternatives.
… And Minder
Over the past few years, enterprises have been using software bills of material, or listings of all the third-party libraries that have gone into a software application, as a way to ensure no malicious packages have snuck in. But what can a developer do with this information?
For package developers, Minder offers auto-remediation of security policies: Artifact signing (using Sigstore), secrets scanning, Dependabot configuration, vulnerability and dependency management. The software passes all these tests and receives certifications for downstream consumers. It also interfaces with Trusty, allowing users to block software with low Trusty scores.
Minder is free to use. It can be deployed as a Helm chart, and Stacklok also provides a hosted version.”
The Importance of a Good Package Management System
Initially, Stacklok focused on the JavaScript-based NPM ecosystem and this release will also support Python (through the PyPI packaging system) and Rust (crates). With the evaluative analytics and platform in place, the company can expand the service to other languages, though they may vary differently in need, McLuckie noted.
The C/C++ community does not have a centralized package manager, for instance, so it will be difficult to help that sprawling community. On the other hand, the Go Language community does such a good job at policing against starjacking and other malicious attacks that it may have less need for a tool such as Trusty.
“Unfortunately, not everything is written in Go. So we have some work to do to help the Python and the JavaScript communities kind of reach the same level of sophistication,” McLuckie said.
