Highlights:

  • Stacklok builds on the accomplishments of Hinds’s Sigstore.
  • Developers will now have access to the strength of open-source security technologies through Stacklok, enabling them to secure software supply chains.

Stacklok, a new software supply chain company, was unveiled by Kubernetes co-founder Craig McLuckie and Sigstore founder Luke Hinds. The company had previously raised USD 17.5 million in venture capital funding.

Stacklok is marketed as providing developers with access to the strength of open-source security technologies so they can secure software supply chains. The company is developing open-source software in response to a growing demand from developers to understand their open-source dependencies better and take charge of their development practices.

In a blog post, McLuckie emphasizes the significance of supply chain security and the need for us to work together to address the threats posed by advanced persistent threats to the software industry and the open-source community. Although he acknowledges that it is still difficult to tell whether an entity is trustworthy, McLuckie contends that the solution lies in cryptography, which protects the confidentiality and integrity of information.

Stacklok expands on the accomplishments of Hinds. It is an open-source initiative to increase the security of the software supply chain by making it simple to adopt cryptographic software signing, supported by transparency log technologies. Google LLC, Red Hat Inc., GitHub Inc., Chainguard Inc., and Sonatype Inc. are just a few of the companies that support Sigstore, which records important provenance during software development in a tamper-resistant ledger and enables organizations to display their work transparently and abide by policies.

McLuckie said, “It is my belief that it is truly going to ‘take a village’ to address the deep challenges that are emerging to the open-source technologies that power the world and the proprietary technologies that power our industries. It is also my belief that the only way to make substantial, sustained progress against some of the deepest challenges in this space are through open-source collaboration.”

According to a reputable news source, Madrona Venture Group LLC and Accel Partners LLC both took part in the Series A round, which was led by Accel Partners LLC. McLuckie was a former entrepreneur in residence at Accel, and Stacklok broke with convention by forgoing seed funding in favor of a Series A round.