ts-Vulnerability Lake

To assess the SBOMs managed within the TrustSource platform, we collect vulnerability information from various sources. We push all data into a single index, which we use for our matching with components. Our specific mechanisms allow searching precisely by version and quality of matches. Different confidence levels allow reducing the amount of false positives while preventing misses in the same time.

This involves a plethora of crawlers, monitoring, and a database for collecting all the information gathered as well as a lot of compute power to execute every few hours. You may do this as well, or you may use our database. TrustSource Vulnerability Lake is available as an API or you may use it as part of the TrustSource platform. For small use cases, it is also available as a free public solution.