Changelog
-
Package Versions support - 22 Aug, 2024 Trusty now supports package versions (information, scores, security checks, etc.), across all of our available ecosystems.
-
License Information - 14 Aug, 2024 Trusty now shows license information for a package. For more details see Trusty License Information
-
OSV Vulnerability integration - 14 Aug, 2024 Trusty regularly ingests and parses data about vulnerabilities from the open source OSV.dev database.
-
OSV integration - 7 May, 2024 Trusty regularly ingests data about malicious packages from the open source OSV.dev database.
-
OSS Trust Graph Beta - Apr 17, 2024 Trusty now includes an OSS Trust Graph (beta release) which models the open-source ecosystem as a large graph, and runs a trust propagation algorithm to compute scores for packages, projects and contributors.
-
Go support - Feb 2, 2024 Trusty now supports the Golang ecosystem, analyzing Go modules and producing Trusty Scores for them.
-
Historical Provenance - Jan 15, 2024
Trusty Scores now include "Historical Provenance", a unique way to tie a package back to the Git repository that produced it. Historical Provenance is useful for packages that are not yet signing with Sigstore. Read more on the Stacklok blog. -
Score Details - Jan 12, 2024
Trusty now displays the individual components that make up a Trusty Score. Examining the Score Details will show repository activity, typosquatting risk, author activity, and provenance. -
Java support - Dec 20, 2023
Trusty now analyzes Maven packages in the Maven Central Repository and produces Trusty Scores for Java Packages. Read more in our blog post. -
Stacklok Discord - Dec 18, 2023
Stacklok now has a Community Discord Server to discuss Trusty, Minder, and securing the software supply chain.