ts-scan available as github-action
Streamline Your Supply Chain Security: TrustSource’s ts-scan Now Available as a GitHub Action
We are thrilled to announce that TrustSource’s powerful Software Composition Analysis (SCA) tool, ts-scan, is now available directly within the GitHub Marketplace. Integrating robust security scanning and compliance into your CI/CD pipeline has never been easier.
The new ts-scan-action allows developers to automatically generate Software Bill of Materials (SBOMs) in standard formats—including SPDX and CycloneDX—directly within their workflows directly from the Github Marketplace.
Crucially, ts-scan is designed for simplicity and privacy. It operates entirely locally, meaning no API keys required for the basic actions and no data leaves your environment during the scan process, as long as you do not want to make use of the additional TrustSource SaaS offerings, such as risk management, automated legal compliance or approval flows. (learn more at https://www.trustsource.io )
Intelligent, Zero-Config Scanning
The unique selling proposition of ts-scan is its intelligent autodetection capability. Unlike many tools that require tedious configuration to define scope, ts-scan is capable of scanning almost all target types automatically without needing explicit direction.
Whether you are targeting common package management systems, specific files, entire repositories, or Docker images, ts-scan identifies the structure and performs the analysis seamlessly.
Get Started
Elevate your project’s transparency and security today by integrating TrustSource into your GitHub workflows.
-
Get the GitHub Action: Start using it immediately via the marketplace: https://github.com/trustsource/ts-scan-action
-
Deep Dive: Learn more about the tool’s extensive capabilities in our documentation: https://trustsource.github.io/ts-scan
-
Explore the Code: Check out the core tool repository on GitHub: https://github.com/trustsource/ts-scan
