Skip to main content

Changelog

  • Introducing Stacklok Insight - 5 Dec, 2024
    Trusty is now known as Stacklok Insight! The web interface URL is now located at https://insight.stacklok.com/ and the API endpoint is now https://api.insight.stacklok.com/. Redirects from the previous trustypkg.com domain have been added for backwards compatibility.

  • Transitive dependencies - 11 Nov, 2024
    Trusty now supports transitive dependencies for a package version across all of our package ecosystems.

  • API v2 - 11 Nov, 2024
    Version 2 of the Trusty API is now available. The v1 API is now considered deprecated and will be removed at a later date.

  • Package Versions support - 22 Aug, 2024
    Trusty now supports package versions (information, scores, security checks, etc.), across all of our available ecosystems.

  • License Information - 14 Aug, 2024
    Trusty now shows license information for a package. For more details see Trusty License Information.

  • OSV Vulnerability integration - 14 Aug, 2024
    Trusty regularly ingests and parses data about vulnerabilities from the open source OSV.dev database.

  • OSV integration - 7 May, 2024
    Trusty regularly ingests data about malicious packages from the open source OSV.dev database.

  • OSS Trust Graph Beta - Apr 17, 2024
    Trusty now includes an OSS Trust Graph (beta release) which models the open source ecosystem as a large graph, and runs a trust propagation algorithm to compute scores for packages, projects and contributors.

  • Go support - Feb 2, 2024
    Trusty now supports the Golang ecosystem, analyzing Go modules and producing Trusty Scores for them.

  • Historical Provenance - Jan 15, 2024
    Trusty Scores now include "Historical Provenance", a unique way to tie a package back to the Git repository that produced it. Historical Provenance is useful for packages that are not yet signing with Sigstore. Read more on the Stacklok blog.

  • Score Details - Jan 12, 2024
    Trusty now displays the individual components that make up a Trusty Score. Examining the Score Details will show repository activity, typosquatting risk, author activity, and provenance.

  • Java support - Dec 20, 2023
    Trusty now analyzes Maven packages in the Maven Central Repository and produces Trusty Scores for Java Packages. Read more in our blog post.

  • Stacklok Discord - Dec 18, 2023
    Stacklok now has a Community Discord Server to discuss Trusty, Minder, and securing the software supply chain.