Manage CRA Requirements and Software Supply Chain Security with a few clicks
Benefits of choosing TrustSource
- Fully integrated with your CI/CD flows / DevOps delivery cycles
- Automated assessments against Known Vulnerability Information of all in-the-field versions
- Excellent Management reporting capabilities including drill downs
- Open for all sort of scanners
- Open Source, thus no vendor binding
Questions and Answers
TrustSource is and will remain an open source solution. Thus, you may use it as you like. You also may use it for free at your own effort. Selecting the TrustSource Managed Service Subscription will free your resources from handling the operational integration work, from updates and from securing the operations.
To get a better understanding of all the tools required to arrange a sound and secure software supply chain monitoring, see this blog, describing the challenges and solutions for securing modern Software Supply Chains.
- TrustSource is Open Source:
You can see the code, you will be able to launch and operate it by yourself. It is a whole set of components that interact with each other. But we invest efforts to simplify operations. To get a good overview, read this article. However, you also may want to give it a try using our hosted version. There we will take care for the proper operation of the components. - TrustSource is open:
We try to cover the complete stack of tools required to cope with the challenge of Software Supply Chain Security and Open Source Compliance. But we do not bind you to the solution. There is a whole set of Standards in the field (CSAF2.0, SPDX, CycloneDX, CBOMs, EOX, SARIF, etc. ), which we do support. Besides this it is always possible to take our code and just integrate whatever extension you desire. - TrustSource is sound:
Many tools cover a particular space: Security, Quality, Comliance, you name it. And most tools have the tendency to become an expert in their specific domain. This is excellent, if you focus in building this expertise. However, it leads to a plethora of tools to be integrated on user’s side. With its role models, the general approach and ist openness, TrustSource is a real integrator, a generalist serving many purposes to reduce the need for more tools.
TrustSource has been designed with Security in mind. The SaaS solution is setup for high availability and massive loads, capable to scale to several thousands of parallel transactions. The multi service concept is widely stateless and thus simple scalable. The solution provides mechanisms to ensure integrity and prevents authentication through state of the art identity management solutions with support for SAML & OID.
The TrustSource team has put a lot of effort in defining a Shared Security Responsibility Model (SSRM), which can be found here. This is reflected in TrustSource’s technical Operating Model (TOM). We also have defined a Privacy Policy, to support building Trust. We host our services within secured Tier 4 datacenters at leading edge providers owning the highest and most Security Certifications only within datacenters operated on German ground. The list of of applied 3rd party supporting services can be found in our Data processing agreement.
In addition TrustSource takes its responsibility for securing the Application level serious. Thus we challenge ourselves regularly through 3rd party penetration tests and Compliance with Certifcation Schemes like C5 or Cloud Security Stars. We maintain our ITSM, provide regular Risk Assessments and use a secure Development Lifecycle supported by TrustSource. Reach out to learn more.