EN/DE Start free trial
Vulnerabilities

Vulnerability Identification & Remediation

Vulnerability management comes down to three tasks: identify, assess and communicate. TrustSource covers all three — from its own vulnerability database to the automated generation of VEX documents and CSAF advisories.

Try the Vulnerability Lake for free →
Vulnerability Identification & Remediation

At a Glance

Vulnerability Lake

Own aggregation of OSV, NVD, CISA KEV and further sources — continuously updated for maximum coverage of all relevant vulnerabilities.

CVSS v2, v3 & v4 + EPSS

Scoring across all current standards including Environmental Scores and EPSS exploitability — for well-founded prioritisation.

CISA KEV & Alerts

Direct integration of CISA Known Exploited Vulnerabilities and current security alerts — actively exploited vulnerabilities always in view.

Holistic Attack Surface

Components, source code, middleware and infrastructure in one view — whether MongoDB, Redis or classic libraries.

Outbound CSAF & VEX

Automated communication: tickets to dev teams, VEX documents and CSAF advisories — triggered by a single click.

API & Integration

All features available as API — TrustSource integrates seamlessly into existing processes, ticketing systems and workflows.

The Challenge

New vulnerabilities are published daily — hundreds per week, spread across dozens of databases. The real work starts after that: which ones actually affect my software? How critical are they in the specific deployment context? Who needs to be informed, and by when? Without structured processes, vulnerability management quickly becomes a reactive treadmill.

Identify: the TrustSource Vulnerability Lake

TrustSource aggregates vulnerability data from OSV, NVD, CISA KEV and further environment-specific sources in its own Vulnerability Lake. The result: a complete, deduplicated view of all vulnerabilities relevant to your dependencies — without the overhead of maintaining the data yourself.

The Vulnerability Lake is also available as a standalone service — vl.trustsource.io ↗

Assess: from CVSS to EPSS

Not every critical vulnerability is critical in your context. TrustSource supports CVSS v2, v3 and v4 including Environmental Scores — so the severity reflects your actual environment. The EPSS score shows the statistical probability of active exploitation. CISA KEV entries flag vulnerabilities already being exploited in the wild. Together these dimensions provide a solid foundation for prioritisation.

Holistic attack surface: more than just libraries

Vulnerabilities don't only hide in open-source libraries. TrustSource lets you manage components and source files alongside middleware and infrastructure — whether MongoDB, Redis cache or OS packages. The result is a complete picture of your exposure, not just a partial snapshot.

Communicate: tickets, VEX and CSAF at the click of a button

Dedicated vulnerability reports allow focused analysis of identified issues. Supplementary context information supports assessment and judgement. With one click, tickets are created for dev teams, VEX documents are generated or CSAF advisories are published. A complete audit log ensures transparency and traceability — for internal teams and regulators alike.

All features are also available as an API, allowing TrustSource to integrate seamlessly into existing ticketing systems, SIEM solutions and compliance workflows.