New release v1.7 introduces Notice-file-Generator

We are proud to announce the long awaited Notice File Generator. With this tool the time consuming digging through files and collection of license information belongs to the past. With the Notice-File Generator it will be available in only one click!

For all scanned projects TrustSource evaluates resulting obligations depending on project context. For each license-component combination the resulting documentation requirements are derived and the information will be assembled into the Notice-File. Wherever change notices or author credits will be required, TrustSource will try to fill the information from its Knowledgebase or outline a Todo. So the Compliance Managers work can focus on closing the gaps. Due to our shared open source component base, digging for authorship or copyright information must not be done, where another customer already did the job. This will reduce clearing time a lot!

In addition to that we renovated and extended some of our plugins. Now it is possible to break your build based on the results of a scan, e.g. on violations using most of the plugins. This extends your compliance  control over the CI/CD chains. Also proxy capability has been added, so that a use behind corporate firewalls is possible as well.

The new user management allows free accounts to login using Github or LinkedIn-accounts.  Also the new Identity Management introduces the option, to add multiple roles to a single user inside the same  company.  This increases the flexibility of your role design. Starting from corporate versions on, also Multi-factor-authentication is available. Integration of LDAP and other identity providers is available as well.

Read more about the features in our Knowledge base.


.Net-Core Support available

We are proud to announce new tools to support scanning of .Net-Core projects today. You will find the platform independent tool in our public repository on Github.

The tool allows to scan .Net-core projects and transfers the list of dependencies to our platform for further analysis. There the identified components will be reseached for license and vulnerability information and legal obligations depending on the usage context will be derived.

It consists of two parts: The first part is the Scanner itself. This part is taking care for the dependency resolution and assembly of all relevant data. The second part is the Console App, which is developed to allow command line interaction with the scanner.If executed from within the project path, an execution might be triggered with a statement as simple as

$ dotnet TS-NetCore-Scanner.dll -user “user@domain.com” -key “TrustSource Key”

While the console application itself is written in .Net-Core and thus more or less platform independent, the corresponding Visual Studio plugin is available for the Windows platform only. If you feel like the Visual Studio Plugin for .Net-Core should be available on other platforms as well, please let us know!

Finally we close this relevant gap in our tooling landscape. Together with the new Nuget-crawler we have provided, the .Net-Core-Developer now can experience the same level of quality, like other Developers already do quiet a while. But this is not enough. There is more to come:

In a next step we will extend the plugin with the capability to also scan .Net-Framework projects as well. This will bind the solution to the windows platform, which is where we see most of the Visual Studio developers delivering.

We hope those of you enjoying the Microsoft development world now will start enjoying TrustSource as well. Please feel free to reach out in case of questions or ideas on how we may improve the plugins! We are happy to learn about your usage experiences.