New Release v1.6 available

We are happy to announce availability of v1.6! Also v1.6 comes with massive new features, focused on process improvements. Read more:

New Features

  • Vulnerability-alert -  It took us quiet a bit, to get the matching towards a reasonable quality, but we manged it after all. You will now get notified by TrustSource, if new vulnerabilities appear for components that you are using in your most recent build.
  • "Action required" items in inbox - Especially for our compliance managers we provide an in box on the dashboard listing all open approval requests. This allows you to immediately see, where action is required.
  • Dependency graph - The so called dependency list is a flat list of all components entering the project even through transitive dependencies. To allow a better understanding of the impact this component has, the graphical display allows to actually _see_ the position within the dependency graph. You may modify the appearance and expand or shrink single nodes for better visibility.

Improvements

  • Improve rule sets - Based on customer feedback and own research, we were able to improve the analysis results of several licenses.
  • Improved maven Plugin - The maven plugin has been extended to support the check functionality allowing to verify components on dev-desktop without the need to push a scan.
  • Improved Jenkins Plugin - Also the Jenkins plugin has been extended to use the transient version of the check-API.

Fixes

  • Add name in register form - Changing your name after having been invited while login in the first time is possible now.
  • Propagate deletion of all members - Changing members of a project respectively a all modules within a project at once has been introduced since a while. But it has not been recognized that the propagation of an empty list does not immediately take effect. This has been fixed now.

Our next version v1.7 will focus on security and extend the login capabilities. We will introduce alternative ways to authenticate and simplify corporate SSO. The given role model has been reviewed and will be tuned towards more flexibility.

If you want to get an overview or some insights in to our roadmap, feel free contacting our sales team! They will be happy presenting you the upcoming steps.

If you feel like there should be some features you do not see on the horizon, please let us know! Our business development or your engagement manager will be happy to hear about your ambitions.


Release v1.5 available

We are happy to announce our latest Update v1.5.16. With this release we further strengthen our capabilities in managing vulnerabilities and extend our documentation competencies.

New Features

  • PDF-your-Reports - It is now possible to download your reports as PDF. Timestamp and release number will always be included, so there is not chance for mixing up data.
  • New Bill of Materials Report - With this release we have provided a BoM-report allowing you to request a visual representation of the Bill of Materials of any of your projects.
  • New CVE-Impact Report - With this report you may select a CVE number and immediately see which components in what project are affected by this CVE. From the report you may jump directly to corresponding components and trigger further action.

Improvements

  • Branding changed to TrustSource - from now on we have moved to the new branding schema. Not only the visuals (logo, etc.) changed, but also the URLs. The base URL is no longer https://ecs-app.eacg.de but it is https://app.trustsource.io. The old URLs will remain working, but we suggest to use the new ones.
  • Preview changes in Bulk user upload - The bulk user upload for the corporate and enterprise accounts does have a preview now. So you may see which lines might cause unwanted impacts and dry-run your import before allowing it to take effect.
  • Jira-Status-Report - Jira tickets are now presented in a nicer way according to status. Also it is possible to have project specific reports.

TrustSource Version 1.4 released

We are proud to announce the release of v1.4!

It took some sweat, blood and a lot of testing, but now v 1.4 has been successfully released. There is a basket of new features available that will make your work much more efficient:

  • the new inbox will collect all communication so you will not miss anything anymore.
  • A vulnerability feed will alert you about latest changes or upcoming issues.
  • CVSS-Scores and attack vector information allow a faster identification of critical issues
  • Extended Obligations report - using the new obligation report it will be possible to jump directly to the associated component, so that you may work with it without switching between the two view. Also the report is now available from within the list views.
  • Suitability checks - to further support SHIFT LEFT, we have created a feature which allows you to verify the suitability of not yet built in licenses and/or components. This allows developers to verify the consequences of using a product even before it will be added to the code base. The functionality also is available over the API.
  • Private licenses - You are now able to create private license keys. So you may also manage your own licenses

Also we have added some improvements and Fixes. For example we were able to discover a matching problem in our vulnerability scanner.

Additional information can be found here.