should show slim dnaSoftware Bill of MaterialsCreate......maintain...manage...Learn more...



Security & Compliance

Start a Trial...Learn more!

Are you a Developer?

Tired of odd comments from your compliance office?

Keen to understand what you are linking into your project?

Bored of looking up open source details?

Lesen Sie hier die Lösung...

Are you a Corporate Buyer?

Searching for more control over your software suppliers?

Learn more...

Are you a Compliance Manager?

Searching for a way to automate documentation?

Tired of mapping the same tools over and again?

Want to get more support from your organisation?

Click here to learn more...

Version v2.6.30 mit vielen Neuerungen und Erweiterungen

Vulnerability-Fixes, bzw. "bump hints"

Integration von OpenSSF Scorecards

Neue Reports, bspw. verbessertes Portfolio Overview

Mehr erfahren

Bekannte Schwachstellen

automatisch identifiziert!

TrustSourceTrustQuellemore, than just a tool......We will handle your product security challenge!Learn more...

License analysis

TrustSource offers over 150GB knowledge on more than 250.000 OpenSource components, their dependencies and licenses. Also it provides a powerful analysis mechanism to evaluate the real license conditions as well as a continuous search for identifying new components.

Cost reduction > Shift Left

TrustSource and its tools allow developers to learn and decide even during build time about the suitability and risks associated with a particular component, so that no change costs will appear anymore due to such an issue.

TrustSource is developed to support the OpenChain / ISO 5230:2020 conformity across your organisation. Coming with a role model and extensive documentation, the introduction of TrustSource helps you to achieve and maintain ISO 5203 conformity.

License management

TrustSource knows over 300 licenses. It provides a resolution mechnism to determine obligations depending on project, module and component context and resolves them into task lists. Thus allowing a auditable, solution individual checklists, which activates compliance procedures.

Process support

TrustSource provides an integrated platform to manage all tasks in the context of Open Source Compliance. All activities will be logged in the audit log. Direct integrations with Jiora or TeamServcies offer lean and effective processing.

TrustSource can import any CycloneDX format and visualise and analyse the contents of any CycloneDX file. It is also possible to export all project or module data to CycloneDX

Vulnerability analysis

all components of a project will be checked against more than 100,000 known vulnerabilities. When new vulnerabilities appear, you will get notified aboutimpacted components. CVSS scores and attack vectors will help you to evaulate the cirticality of each vulnerability.

Open Source & API

All parts of TrustSource that will be operated by you or integrated into your development process are open source to give you full control. A magnitude of fucntionality of TrusSource is availble through API, so that you may integrate it into your processes.

And for sure we also support the ISO standard for Package Data Exchange. It is possible to import and export data in v2.2 an v2.3.

Read how TrustSource will help you to achieve OpenChain comformity



Whether about scanning (gradle, maven, etc.) or workflow (Jira,TeamServices,…): TrustSource supports many widely spread development support tools and integrates with them. For many tools either we or our customers have provided integrations / plugins.  Search for them on github using “org:eacg-gmbh”.

Check it out, there is a free version to try!