# Install minder with Homebrew, apt, dnf, Nix, pacman, winget, zypper

CLI for interacting with Stacklok's Minder platform. Version 0.1.2 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:minder
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install minder
```

  Evidence: local Homebrew formula metadata

### Linux

- Debian apt (92%):

```sh
sudo apt install minder
```

  Evidence: Debian stable package indexes: minder from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- dnf (92%):

```sh
sudo dnf install minder
```

  Evidence: Fedora Rawhide package metadata: minder from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

- Nix (92%):

```sh
nix profile install nixpkgs#minder
```

  Evidence: nixpkgs package indexes: pkgs/by-name/mi/minder/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- pacman (92%):

```sh
sudo pacman -S minder
```

  Evidence: Arch Linux sync databases: minder from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

- zypper (92%):

```sh
sudo zypper install minder
```

  Evidence: openSUSE Tumbleweed package metadata: minder from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

### Windows

- winget (92%):

```sh
winget install --id mindersec.minder -e
```

  Evidence: Windows Package Manager source index: mindersec.minder from https://cdn.winget.microsoft.com/cache/source.msix

## Package facts

- **Package key:** brew:minder
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/minder>
- **Version:** 0.1.2
- **Source summary:** CLI for interacting with Stacklok's Minder platform
- **Homepage:** <https://mindersec.github.io/>
- **Repository:** <https://github.com/mindersec/minder>
- **Upstream docs:** <https://docs.mindersec.dev/>
- **License:** Apache-2.0
- **Source archive:** <https://github.com/mindersec/minder/archive/refs/tags/v0.1.2.tar.gz>
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- minder (cli)
- minder (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 0.1.2
- Local data: ok
- Upstream repository: https://github.com/mindersec/minder
- Upstream latest detected: v0.1.2 (current)
- info: No package-manager update timestamp was available.
## Project history and usage

Minder is a software supply-chain security platform originally associated with Stacklok and later contributed to the Open Source Security Foundation. The project describes its goal as helping development teams and open source communities build more secure software and prove their security posture through checks, policies, and attestations.

### Project history

The platform enrolls repositories and applies policy to repositories, pull requests, dependencies, and artifacts. Rules can alert or auto-remediate, and the OpenSSF announcement specifically connects Minder with tools and standards such as OSV, OpenSSF Scorecard, and Sigstore. In October 2024, OpenSSF announced Minder as a sandbox project contributed by Stacklok.

### How it is used

The `minder` package is the CLI face of that platform. Its quickstart flow creates a profile, registers repositories, and enables a secret-scanning rule; the profile-and-rules model is the core usage pattern for teams that want policy-as-code checks over GitHub repositories and supply-chain artifacts.

### Sources

- <https://docs.mindersec.dev/getting_started/install_cli>
- <https://docs.mindersec.dev/understand/profiles>
- <https://github.com/mindersec/minder>
- <https://openssf.org/blog/2024/10/28/openssf-adds-minder-as-sandbox-project-to-simplify-the-integration-and-use-of-open-source-security-tools/>
- <https://openssf.org/tag/minder/>


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: $PWD/config.yaml
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** minder
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Debian apt - minder - 1.17.0-1: normalized package name match | Debian stable package indexes: minder from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Mind-mapping application | https://github.com/phase1geo/Minder
- Nix - minder: normalized package name match | nixpkgs package indexes: pkgs/by-name/mi/minder/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- Ubuntu apt - minder - 1.16.2-1build2: normalized package name match | Ubuntu 24.04 LTS package indexes: minder from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | Mind-mapping application | https://github.com/phase1geo/Minder
- dnf - minder - 2.0.9-1.fc45: normalized package name match | Fedora Rawhide package metadata: minder from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | Mind-mapping application | https://github.com/phase1geo/Minder
- pacman - minder - 2.0.9-1: normalized package name match | Arch Linux sync databases: minder from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | Mind-mapping application designed for Pantheon | https://github.com/phase1geo/Minder
- zypper - minder - 2.0.9-1.2: normalized package name match | openSUSE Tumbleweed package metadata: minder from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Mind-mapping app | https://github.com/phase1geo/Minder
- zypper - minder-lang - 2.0.9-1.2: normalized package name match | openSUSE Tumbleweed package metadata: minder-lang from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Translations for package minder | https://github.com/phase1geo/Minder
- winget - mindersec.minder: normalized package name match | Windows Package Manager source index: mindersec.minder from https://cdn.winget.microsoft.com/cache/source.msix
- winget - stacklok.minder: normalized package name match | Windows Package Manager source index: stacklok.minder from https://cdn.winget.microsoft.com/cache/source.msix


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [malcontent](https://www.automicvault.com/pkg/brew/malcontent/) - Shares av.db curated category or tags: cli, security, supply-chain-security.
- [sh4d0wup](https://www.automicvault.com/pkg/brew/sh4d0wup/) - Shares av.db curated category or tags: cli, security, supply-chain-security.
- [vet](https://www.automicvault.com/pkg/brew/vet/) - Shares av.db curated category or tags: cli, policy-as-code, security, supply-chain-security.
- [chain-bench](https://www.automicvault.com/pkg/brew/chain-bench/) - Shares av.db curated category or tags: cli, security, supply-chain-security.
- [gittuf](https://www.automicvault.com/pkg/brew/gittuf/) - Shares av.db curated category or tags: cli, security, supply-chain-security.
- [intercept](https://www.automicvault.com/pkg/brew/intercept/) - Shares av.db curated category or tags: cli, policy-as-code, security.
- [zizmor](https://www.automicvault.com/pkg/brew/zizmor/) - Shares av.db curated category or tags: cli, security, supply-chain-security.
- [aide](https://www.automicvault.com/pkg/brew/aide/) - Shares av.db curated category or tags: cli, security.
- [chainloop-cli](https://www.automicvault.com/pkg/brew/chainloop-cli/) - Security-sensitive metadata or terminology overlaps. Shared terms: attestation, chain, cli, code, interacting.

## Combined YAML source

View the package source record on GitHub. [combined/minder.yml](https://github.com/automic-vault/db/blob/main/combined/minder.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
