Using Trusty
Trusty can be used programmatically through the REST API to gather package security signals. This data can be added to an existing data lake or consumed as part of the software development process, for example, by blocking pull requests containing risky dependencies. Example integrations include:
- Minder by Stacklok
- Trusty Github Action
- Other CI/CD policy enforcement tools via custom automation
Trusty can also be used interactively via the interactive web interface.
How-to guides
📄️ Account management
Log in to Trusty and manage your account
📄️ Find a package
How to search for a package in Trusty's database
📄️ Assess a package
View package details, security signals, and risk intelligence
📄️ Find an alternative package
Identify potential alternative packages to meet your needs
📄️ Manage favorites
Bookmark your favorite packages for quick retrieval
📄️ Send feedback
Provide feedback to Stacklok about package data