TrustSource 2.0 comes with new look & feel

We are proud to announce availability of the upcoming v2.0 of TrustSource by May 7th.

Since the list of features has become a bit crowded over the last few versions, we have arranged the navigation area into groups. These are organized according to the phases of value creation, which helps to find your way more quickly: Scanners in the Inbound group, Vulnerability Information and Project Management Tasks goes into Internal, or Notice File Generation you will find in Outbound.

More focus in work

Furthermore, we help our customers to focus. Especially in larger organizations with extensive project portfolios, it becomes important to move quickly and focus. With the help of the “Pin to Dashboard” function, it is now possible to pin projects directly to the dashboard, enabling direct link with just a few clicks. Also included in this segment is the ability to tag projects and modules. Table views can be filtered with the help of tags, which quickly provides more visibility. In later expansion stages, the tags will also be usable in the reports and other overviews.

Vulnerability Lake

To simplify your daily work, we have included a complete replica of the NVD data. Updated every two hours you can now browse through the CVEs, research by organisation, product and versions (CPEs) from within TrustSource or through our API. It is our intention to grow the pool of data and make this valuable knowledge available at your fingertips.

New import API for CycloneDX SBOMs

We have also taken into account the developments on the market and included the CycloneDX standard, which is establishing itself more and more quickly. It is now possible to import CycloneDX documents. This means that all CycloneDX-compatible scanners can also be used to work with TrustSource. The documents only have to be transferred to the new API /import/scan/cyclonedx.

Improvements

In addition to that, we also will introduce a row of improvements

• It will now possible to jump back and forth between the scan – the raw data introduced to TrustSource by any scanner or the CycloneDX SBOM upload – and the analysed dependency view. This will help to understand the dependency hierarchy.
• We have improved the speed of loading the analysis selector. Daily scanned but never changed projects had a tendency to produce a heavy latency.
• DeepLinks from DeepScan results view into the repository are now also supported for specific branches

Fixes

The following fixes will be provided:

• Deletion of license alias in a non sequential order will not produce empty aliases anymore
• Preventing an internal error when module or component names were extraordinarily long during Scans
• Date representation in Safari sometimes did not work correctly
• Some adjustments to component crawlers and the storage of results will reduce the amount of buggy data