Are you a Developer?
Tired of odd comments from your compliance office?
Keen to understand what you are linking into your project?
Bored of looking up open source details?
Lesen Sie hier die Lösung...Are you a Compliance Manager?
Searching for a way to automate documentation?
Tired of mapping the same tools over and again?
Want to get more support from your organisation?
Click here to learn more...Version v2.6.30 mit vielen Neuerungen und Erweiterungen
Vulnerability-Fixes, bzw. "bump hints"
Integration von OpenSSF Scorecards
Neue Reports, bspw. verbessertes Portfolio Overview
Mehr erfahrenBekannte Schwachstellen
automatisch identifiziert!
License analysis
TrustSource offers over 150GB knowledge on more than 250.000 OpenSource components, their dependencies and licenses. Also it provides a powerful analysis mechanism to evaluate the real license conditions as well as a continuous search for identifying new components.
Cost reduction > Shift Left
TrustSource and its tools allow developers to learn and decide even during build time about the suitability and risks associated with a particular component, so that no change costs will appear anymore due to such an issue.
TrustSource is developed to support the OpenChain / ISO 5230:2020 conformity across your organisation. Coming with a role model and extensive documentation, the introduction of TrustSource helps you to achieve and maintain ISO 5203 conformity.
License management
TrustSource knows over 300 licenses. It provides a resolution mechnism to determine obligations depending on project, module and component context and resolves them into task lists. Thus allowing a auditable, solution individual checklists, which activates compliance procedures.
Process support
TrustSource provides an integrated platform to manage all tasks in the context of Open Source Compliance. All activities will be logged in the audit log. Direct integrations with Jiora or TeamServcies offer lean and effective processing.
TrustSource can import any CycloneDX format and visualise and analyse the contents of any CycloneDX file. It is also possible to export all project or module data to CycloneDX
Vulnerability analysis
all components of a project will be checked against more than 100,000 known vulnerabilities. When new vulnerabilities appear, you will get notified aboutimpacted components. CVSS scores and attack vectors will help you to evaulate the cirticality of each vulnerability.
Open Source & API
All parts of TrustSource that will be operated by you or integrated into your development process are open source to give you full control. A magnitude of fucntionality of TrusSource is availble through API, so that you may integrate it into your processes.
And for sure we also support the ISO standard for Package Data Exchange. It is possible to import and export data in v2.2 an v2.3.
TrustSource adds OpenSSF Scorecards
November 23, 2022
TrustSource adds OpneSSF Scorecards. This does not only comprise the total score, but also the detailed test results are available. Read more...
TrustSource @ LSEC on SBOMs
November 8, 2022
Jan will talk about SBOMs and their evolvement over time throughout the life-cycle of a solution. Join this interactive session on SBOM creation!
TrustSource and SCANOSS will work closer in supporting Open Source Compliance
September 12, 2022
TrustSource to co-operate closer with SCANOSS - We want to bring the best data and the best process support to simplify every OSPOs work. Checkout the tools at https://github.com/trustsource, learn more at https://www.trustsource.io or just start using at https://app.trustsource.io
TrustSource Upgrade to v2.5.59
April 25, 2022
TrustSource Update to v2.5.59. View Changelog for details.
Free Vulnerability Lake Search – Better identify potentially vulnerable Components and other Tools
February 16, 2022
Managing Vulnerabilities across product lifespan must not be a challenge. TrustSource Software Supply Chain Security & Compliance. Know, where you really R!
Read how TrustSource will help you to achieve OpenChain comformity
Integrations
Whether about scanning (gradle, maven, etc.) or workflow (Jira,TeamServices,…): TrustSource supports many widely spread development support tools and integrates with them. For many tools either we or our customers have provided integrations / plugins. Search for them on github using “org:eacg-gmbh”.