Skip to main content

Changelog

  • Go support - Feb 2, 2024 Trusty now supports the Golang ecosystem, analyzing Go modules and producing Trusty Scores for them.

  • Historical Provenance - Jan 15, 2024
    Trusty Scores now include "Historical Provenance", a unique way to tie a package back to the Git repository that produced it. Historical Provenance is useful for packages that are not yet signing with Sigstore. Read more on the Stacklok blog.

  • Score Details - Jan 12, 2024
    Trusty now displays the individual components that make up a Trusty Score. Examining the Score Details will show repository activity, typosquatting risk, author activity, and provenance.

  • Java support - Dec 20, 2023
    Trusty now analyzes Maven packages in the Maven Central Repository and produces Trusty Scores for Java Packages. Read more in our blog post.

  • Stacklok Discord - Dec 18, 2023
    Stacklok now has a Community Discord Server to discuss Trusty, Minder, and securing the software supply chain.