TrustSource is a SaaS platform for implementing and maintaining open source compliance (ISO 5230 compliant) in enterprises.

The solution provides a variety of services to largely automate the many tasks of open source compliance. The solution is based on the Capability Model of the Open Source Tooling Working Group. CI/CD integrated generation of software bill of materials (SBOMs),  analysis of used packages or the determination and evaluation of effective licenses: TrustSource supports all tasks.

In addition, TrustSource has mechanisms that facilitate the implementation of ISO-5230 requirements in companies. By increasing transparency, designing a consistent UI for all participating groups, as well as introducing logging and other compliance mechanisms. It has been designed to motivate all process participants to behave in a compliant manner.

TrustSource also integrates well with other tools. It can import CycloneDX and SPDX documents, match them with its own information and add them to projects as modules. Thus, containers, binaries as well as own source code can be easily scanned and examined for license components.

In addition to this, since Q3/2019 TrustSource also provides a medical edition, allowing MDD-relevant COTS management and IEC-compliant SOUP lists management to be created from the automatically determined parts lists.


to try
  • 1 month free access (all features)
  • just register and start getting compliant!
  • We will contact you, to clarify the rest


for companies
2.699.- EUR monthly
  • Common SaaS subscription
  • Standard service levels & support
  • 25.000 Transactions per month


for conglomerates
tbdIndividual agreement
  • LDAP/SSO integration / Identity Management
  • multi-company user with several roles
  • Individual service levels and terms

Medical Addon

for MDD compliance
2.199.-EUR monthly
  • optional package for medical features
  • COTS components management
  • Generator for IEC compliant SOUP-lists

We offer special discounts or even free versions to public services, universities and OpenSource projects. Please get in touch with our sales team to learn more about this option.

A tool can only be part of the solution - Compliance is a process!

TrustSource offers a comprehensive set of tools and process support, automating or at least simplifying many tasks as well as the corporate wide rollout. But we would be lying, if we would let you believe the tooling would do the job without further change in your organization.

To support this, TrustSource provides a stack of OpenChain compliant materials and resources. But we advise to run at least a workshop with an expert or consultant like EACG, our mother company to get a guide on the journey. Information on our trainings you may find here.