Security & Governance · Reviewed May 23, 2026

Stacklok

Stacklok is the AI and open-source supply-chain security company founded by Heptio's Craig McLuckie. $17.5M Series A; backed by Madrona and Index Ventures.

Pricing
Freemium
Rating
4.48/ 5 · 108 reviews
Last reviewed
May 23, 2026
Channels
Visit Website
Stacklok security & governance tool screenshot
01

Overview

Stacklok: AI & Open Source Supply Chain Security

Stacklok is AI and open-source supply chain security platform. AI coding tools have raced ahead of security tooling — engineers paste secrets into AI prompts and accept completions that pull in untrusted open-source packages. Stacklok's pitch is the security layer for the AI coding era: CodeGate intercepts risky AI completions, Trusty evaluates open-source packages, Minder enforces supply-chain policy — by the team that brought Kubernetes to production.

Key Features

  • AI and open-source supply chain security platform
  • Founded in 2023 by Craig McLuckie (Heptio co-founder, Kubernetes co-creator) and Luke Hinds
  • Approximately $17.5M Series A; backed by Madrona Venture Group and Index Ventures
  • Minder is the open-source policy engine for software supply chain configuration
  • CodeGate sits between developers and AI coding tools to prevent secret leakage and risky completions
  • Trusty evaluates open-source packages for trustworthiness and supply-chain risk
  • Used by engineering organizations adopting AI coding tools and managing open-source dependencies

Ideal Use Case

Engineering organizations that have rolled out AI coding tools (Cursor, Copilot, Cline) and now need guardrails against secret leakage, risky completions, and untrusted open-source dependencies — particularly companies in regulated industries.

Why Use Stacklok

AI coding tools have raced ahead of security tooling — engineers paste secrets into AI prompts and accept completions that pull in untrusted open-source packages. Stacklok's pitch is the security layer for the AI coding era: CodeGate intercepts risky AI completions, Trusty evaluates open-source packages, Minder enforces supply-chain policy — by the team that brought Kubernetes to production.

FAQ

Q: Who founded Stacklok? A: Craig McLuckie (Heptio co-founder and Kubernetes co-creator) and Luke Hinds co-founded Stacklok in 2023.

Q: How much has Stacklok raised? A: Approximately $17.5M Series A with Madrona Venture Group and Index Ventures participating.

Q: What is CodeGate? A: CodeGate is Stacklok's product that sits between developers and AI coding tools (Cursor, Copilot, Cline) to prevent secret leakage and risky completions before they reach the AI provider.

Q: What is Minder? A: Minder is Stacklok's open-source policy engine for software supply-chain configuration — enforcing policies across repositories, dependencies, and CI/CD pipelines.

Q: Stacklok vs Snyk vs Endor Labs? A: Snyk and Endor Labs focus on traditional code and dependency security. Stacklok's differentiation is the AI-coding angle — CodeGate intercepts risky AI completions, which traditional security tools weren't built to handle.

tl;dr

Stacklok is the AI and open-source supply-chain security company founded by Heptio co-founder Craig McLuckie. ~$17.5M Series A; Madrona + Index Ventures-backed. CodeGate intercepts risky AI completions; Trusty evaluates packages; Minder enforces policy.

Related

Looking for more options? Browse the Security & Governance directory or read our best AI security tools listicle. Stacklok is also tracked on Crunchbase.

02

Why Use Stacklok

Rating
4.48
Across 108 verified reviews
Saved
95
By ToolDirectory readers
Pricing
Freemium
Publisher-listed pricing model
Listed
Since 2026
Continuously re-reviewed by editors
Category
Security & Governance
Primary listing
Verified by editors during the most recent review · ToolDirectory.AI
Stacklok security & governance tool screenshot
03

User Reviews

4.48
Out of 5 · 108 ratings
5
68
4
28
3
9
2
2
1
1
04

Similar Tools

Anduril Industries security & governance tool screenshot
Security & Governance
Anduril Industries security & governance tool logo
Anduril Industries
Anduril builds AI-powered autonomous defense systems including Lattice OS, Ghost drone, Sentry tower, and Roadrunner. Founded by Palmer Luckey; $30B+ valua
Paid
4.92493
Nightfall AI - Secure and Compliant Data Leak Prevention
Security & Governance
Nightfall AI security & governance tool logo
Nightfall AI
A trusted DLP platform for SaaS and cloud apps
Paid
4.79275
Transmit Security's platform showcasing its advanced CIAM services.
Security & Governance
Transmit Security security & governance tool logo
Transmit Security
Transmit Security offers cloud-native CIAM services, focusing on uncompromising security, fraud prevention, and enhanced customer experience through orchestrated identity services.
Paid
4.93496
Vectra AI Cybersecurity Platform
Security & Governance
Vectra AI security & governance tool logo
Vectra AI
Vectra AI offers advanced Attack Signal Intelligence for real-time cyberattack detection and response.
Paid
4.93476
Riskified E-commerce Fraud Prevention Interface
Security & Governance
Riskified security & governance tool logo
Riskified
AI-driven fraud prevention platform for e-commerce businesses to secure transactions and optimize customer experience.
Paid
4.93476

Sign up for our newsletter

Receive weekly updates so you can stay up-to-date with the world of AI

Discover, explore, and compare the most innovative AI tools in the industry

Explore

Top 100 AI tools

Curated collections

AI tool alternatives

AI categories

Pricing

AI glossary

Compare AI tools

Blog

Methodology

Editorial team

AI graveyard

Latest collections
Policy

Terms & conditions

Privacy policy

FAQ

Refund policy

Affiliate disclosure