ts-scan available as github-action
Streamline Your Supply Chain Security: TrustSource’s ts-scan Now Available as a GitHub Action
We are thrilled to announce that TrustSource’s powerful Software Composition Analysis (SCA) tool, ts-scan, is now available directly within the GitHub Marketplace. Integrating robust security scanning and compliance into your CI/CD pipeline has never been easier.
The new ts-scan-action allows developers to automatically generate Software Bill of Materials (SBOMs) in standard formats—including SPDX and CycloneDX—directly within their workflows directly from the Github Marketplace.
Crucially, ts-scan is designed for simplicity and privacy. It operates entirely locally, meaning no API keys required for the basic actions and no data leaves your environment during the scan process, as long as you do not want to make use of the additional TrustSource SaaS offerings, such as risk management, automated legal compliance or approval flows. (learn more at https://www.trustsource.io )
Intelligent, Zero-Config Scanning
The unique selling proposition of ts-scan is its intelligent autodetection capability. Unlike many tools that require tedious configuration to define scope, ts-scan is capable of scanning almost all target types automatically without needing explicit direction.
Whether you are targeting common package management systems, specific files, entire repositories, or Docker images, ts-scan identifies the structure and performs the analysis seamlessly.
Get Started
Elevate your project’s transparency and security today by integrating TrustSource into your GitHub workflows.
-
Get the GitHub Action: Start using it immediately via the marketplace: https://github.com/trustsource/ts-scan-action
-
Deep Dive: Learn more about the tool’s extensive capabilities in our documentation: https://trustsource.github.io/ts-scan
-
Explore the Code: Check out the core tool repository on GitHub: https://github.com/trustsource/ts-scan
TrustSource @ FOSDEM 2021
TrustSource @ FOSDEM 2021
we are looking forward to the presentations of @Jan Thielscher & @Grigory Markin at FOSDEM 2021.
Open Source Compliance Tooling – Capability Reference Architecture
Jan will present the Open Source Tooling Workgroup‘s reference model in the OpenChain Dev-Room , which outlines domain-specific capabilities and their interrelationships. The model has been created over the last two years by members of the workgroup and is intended to provide an overview of the required tasks that will be needed in the context of open source compliance. It is also useful for mapping the different tools or being clear about what functionality they cover. See the complete video here.
During the talk Jan will also try to motivate tool vendors to map their tools against the model.
In a second talk, Grigory Markin will present the TrustSource DeepScan open source tool and the free online service DeepScan of the same name in the Dev-Room Software Composition. This solution has been developed to support open source users in identifying the effective licenses and attribution information (license & copyright) :
TrustSource DeepScan – How to effectively excavate effective licenses
In this 15 minute talk, Grigory and Jan will briefly outline the challenge of “effective” licenses and discuss the various technical possibilities and challenges of automated license analysis using similarity analysis, among other things. Finally, the tool, the current state of work and the next steps will be briefly presented.
