THE MODERN ART OF

OPEN SOURCE COMPLIANCE

BEKANNTE SCHWACHSTELLEN

schnell identifiziert!

License analysis

TrustSource offers over 150GB knowledge on more than 250.000 OpenSource components, their dependencies and licenses. Also it provides a powerful analysis mechanism to evaluate the real license conditions as well as a continuous search for identifying new components.

Cost reduction > Shift Left

TrustSource and its tools allow developers to learn and decide even during build time about the suitability and risks associated with a particular component, so that no change costs will appear anymore due to such an issue.

License management

TrustSource knows over 300 licenses. It provides a resolution mechnism to determine obligations depending on project, module and component context and resolves them into task lists. Thus allowing a auditable, solution individual checklists, which activates compliance procedures.

Process support

TrustSource provides an integrated platform to manage all tasks in the context of Open Source Compliance. All activities will be logged in the audit log. Direct integrations with Jiora or TeamServcies offer lean and effective processing.

Vulnerability analysis

all components of a project will be checked against more than 100,000 known vulnerabilities. When new vulnerabilities appear, you will get notified aboutimpacted components. CVSS scores and attack vectors will help you to evaulate the cirticality of each vulnerability.

Open Source & API

All parts of TrustSource that will be operated by you or integrated into your development process are open source to give you full control. A magnitude of fucntionality of TrusSource is availble through API, so that you may integrate it into your processes.

Check it out now, there is a free version to try!

try now!

Read how TrustSource will help you to achieve OpenChain comformity

Read more...

Integrations

Whether about scanning (gradle, maven, etc.) or workflow (Jira,TeamServices,…): TrustSource supports many widely spread development support tools and integrates with them. For many tools either we or our customers have provided integrations / plugins.  Search for them on github using “org:eacg-gmbh”.