
Are you a Compliance Manager?
Searching for a way to automate documentation?
Tired of mapping the same tools over and again?
Want to get more support from your organisation?
Click here to learn more...
Are you a Developer?
Tired of odd comments from your compliance office?
Keen to understand what you are linking into your project?
Bored of looking up open source details?
Read how to resolve...
Version v1.9.x mit vielen Ergänzungen
Verbesserter Approval-Flow
DeepScan-Service
MDD-Unterstützung (SOUP, COTS)
Mehr erfahren
Bekannte Schwachstellen
automatisch identifiziert!
License analysis
TrustSource offers over 150GB knowledge on more than 250.000 OpenSource components, their dependencies and licenses. Also it provides a powerful analysis mechanism to evaluate the real license conditions as well as a continuous search for identifying new components.
Cost reduction > Shift Left
TrustSource and its tools allow developers to learn and decide even during build time about the suitability and risks associated with a particular component, so that no change costs will appear anymore due to such an issue.
License management
TrustSource knows over 300 licenses. It provides a resolution mechnism to determine obligations depending on project, module and component context and resolves them into task lists. Thus allowing a auditable, solution individual checklists, which activates compliance procedures.
Process support
TrustSource provides an integrated platform to manage all tasks in the context of Open Source Compliance. All activities will be logged in the audit log. Direct integrations with Jiora or TeamServcies offer lean and effective processing.
Vulnerability analysis
all components of a project will be checked against more than 100,000 known vulnerabilities. When new vulnerabilities appear, you will get notified aboutimpacted components. CVSS scores and attack vectors will help you to evaulate the cirticality of each vulnerability.
Open Source & API
All parts of TrustSource that will be operated by you or integrated into your development process are open source to give you full control. A magnitude of fucntionality of TrusSource is availble through API, so that you may integrate it into your processes.
117000
vulnerabilities assigned
18,5Mil
artefacts scanned
468Mil
dependencies identified
Visual Studio plugin extension for .Net-framework available
March 5, 2019
The extended version of our Visual Studio plugin allows to scan .Net-core and .Net-framework projects using one plugin only. Learn more and where to obtain in this article.
New release v1.7 introduces Notice-file-Generator
February 11, 2019
Even the v1.7 release comes with many new features: Besides the new killer feature Notice-file Generator we also introduce a new Identity Management. This allows to use TrustSource with your github or LinkedIn-ID. This and more news you will find here...
.Net-Core Support available
February 6, 2019
TrustSource provides new console app and Visual Studio plugin to support the analysis of .Net-Core projects. In combination with the severside nuget-crawler all nuget components can be managed now as well. Read more...
New Release v1.6 available
September 3, 2018
Wow, v1.6 comes with a new vulnerability alert that will also ping you, if older versions are affected by a newly announce vulnerability. This will bring your customer support to new levels In addition your compliance managers will spread happiness because the new inbox provides great support on approval requests...
Understanding the most important vulnerability acronyms
August 17, 2018
Since the Equifax event, the management of known vulnerabilities gain more and more attention. Despite this new interest, the topic already is older. A lot of work has been invested in structuring the effort. This article summarizes the most relevant abbreviations and concepts and directs towards further reading.
EACG and OpenChain agree on partnership
June 19, 2018
EACG - the mother company of TrustSource - agrees with the Linux Foundation on partnership concerning the OpenChain project. OpenChain is creating a specification that gives companies orientation on how to apply open source sustainably and compliant. This strengthens EACGs efforts to support and grow the acceptance of open source as a reliable foundation for growth and innovation even to smaller businesses. The specification supplements the technical solution TrustSource in an optimal way.
Release v1.5 available
June 18, 2018
Version v1.5 has been released! The new version comes with powerful new features such as a CVE impact analysis, showing you on one click the impact a particular CVE has on your complete project portfolio (if managed via TrustSource). Reporting has been even further improved with a new and improved bill of materials as well as PDF-capabilities. Read on...
Why does a license matter?
May 27, 2018
The assumption that a published source code on github or sourceforge automatically is a free and open to use source is wrong. This article explains the background and shows how to cope with the challenges resulting from the legal situation.
TrustSource Version 1.4 released
May 14, 2018
the new release (v1.4) of TrustSource is there! Besides some improvements and fixes, especially in the vulnerability matching, we have added many new features improving work efficiency. An inbox has been added as well as CVSS scores, attack vector information and a new vulnerability feed...
Read how TrustSource will help you to achieve OpenChain comformity
Integrations
Whether about scanning (gradle, maven, etc.) or workflow (Jira,TeamServices,…): TrustSource supports many widely spread development support tools and integrates with them. For many tools either we or our customers have provided integrations / plugins. Search for them on github using “org:eacg-gmbh”.