Skip to main content

Roadmap

About this roadmap

This roadmap should serve as a reference point for Trusty users to understand where the product is heading. The roadmap is where you can learn about what features we're working on, what stage they're in, and when we expect to bring them to you. Priorities and requirements may change based on community feedback, roadblocks encountered, community contributions, and other factors.

How to contribute

Have any questions or comments about items on the Trusty roadmap? Share your feedback via GitHub discussions or join our Community Discord Server.

Last updated: January 2024

In progress

  • Improved package refresh: Trusty will queue package updates more often for frequently visited packages to ensure that they remain up-to-date.
  • Add more features to repo and author Activity score: Bolster depth of Activity score by adding more features, e.g. information on package maintainers.
  • Sigstore Provenance for Python and Rust packages: Enable provenance data from Sigstore for Python and Rust packages, based on Sigstore community efforts.

Next

  • Include additional metadata on packages: Provide more information on packages including known vulnerabilities from OSV, license information, and additional information from Sigstore.
  • New scoring dimension: Transitive dependencies: Introduce a new scoring dimension that incorporates factors such as the quality of a package’s dependencies and which other packages use the package as a dependency.
  • New scoring dimension: Risk flags: Introduce a new scoring dimension that incorporates factors such as the depth of the package description and the frequency of releases.
  • Show dependencies and dependents of package: List the dependencies included in a package, and which other packages use the package as a dependency (with links to Trusty detailed pages).
  • Show trend graph of scores over time: Enable users to understand how a package’s score has changed over time.
  • Show Minder badge in UI: Show a package’s Minder 'badge/certification' that shows what practices the project followed.

Future considerations

  • Expand support to additional languages: Add additional packages based on an expanded set of languages (e.g., NuGet, Homebrew).
  • New scoring dimension: Popularity/community: Introduce a new scoring dimension that incorporates factors such as community ratings, social media sentiment, and number of stars.
  • Score package versions separately: Create separate Trusty scores for each version of a package.
  • Receive emails when favorite package scores change: Users are able to set up email alerts based on Trusty score trends for favorite packages.
  • Additional package form factors: Expand Trusty to support additional package form factors such as machine learning models and container images.
  • Refine search parameters and package recommendations: Enable users to refine search criteria based on package metadata, such as number of GitHub stars.
  • User profile page and preferences: Enable user to create their own Trusty profile page and set user preferences.