Are you a Developer?
Tired of odd comments from your compliance office?
Keen to understand what you are linking into your project?
Bored of looking up open source details?
Are you a Compliance Manager?
Searching for a way to automate documentation?
Tired of mapping the same tools over and again?
Want to get more support from your organisation?
Version v2.6.30 mit vielen Neuerungen und Erweiterungen
Vulnerability-Fixes, bzw. "bump hints"
Integration von OpenSSF Scorecards
Neue Reports, bspw. verbessertes Portfolio Overview
Bekannte Schwachstellen
automatisch identifiziert!
License analysis
TrustSource offers over 150GB knowledge on more than 250.000 OpenSource components, their dependencies and licenses. Also it provides a powerful analysis mechanism to evaluate the real license conditions as well as a continuous search for identifying new components.
Cost reduction > Shift Left
TrustSource and its tools allow developers to learn and decide even during build time about the suitability and risks associated with a particular component, so that no change costs will appear anymore due to such an issue.
TrustSource is developed to support the OpenChain / ISO 5230:2020 conformity across your organisation. Coming with a role model and extensive documentation, the introduction of TrustSource helps you to achieve and maintain ISO 5203 conformity.
License management
TrustSource knows over 300 licenses. It provides a resolution mechnism to determine obligations depending on project, module and component context and resolves them into task lists. Thus allowing a auditable, solution individual checklists, which activates compliance procedures.
Process support
TrustSource provides an integrated platform to manage all tasks in the context of Open Source Compliance. All activities will be logged in the audit log. Direct integrations with Jiora or TeamServcies offer lean and effective processing.
TrustSource can import any CycloneDX format and visualise and analyse the contents of any CycloneDX file. It is also possible to export all project or module data to CycloneDX
Vulnerability analysis
all components of a project will be checked against more than 100,000 known vulnerabilities. When new vulnerabilities appear, you will get notified aboutimpacted components. CVSS scores and attack vectors will help you to evaulate the cirticality of each vulnerability.
Open Source & API
All parts of TrustSource that will be operated by you or integrated into your development process are open source to give you full control. A magnitude of fucntionality of TrusSource is availble through API, so that you may integrate it into your processes.
And for sure we also support the ISO standard for Package Data Exchange. It is possible to import and export data in v2.2 an v2.3.
Read how TrustSource will help you to achieve OpenChain comformity
Integrations
Whether about scanning (gradle, maven, etc.) or workflow (Jira,TeamServices,…): TrustSource supports many widely spread development support tools and integrates with them. For many tools either we or our customers have provided integrations / plugins. Search for them on github using “org:eacg-gmbh”.
