Vulnerabilities

Vulnerabilities in open source software can pose significant security risks, potentially allowing attackers to exploit them to gain unauthorized access, cause data breaches, or disrupt systems.

How Trusty identifies vulnerabilities

Trusty integrates with OSV.dev, a distributed vulnerability database for open source software, to gather and process vulnerability data. The OSV database aggregates security advisories from multiple sources and standardizes the data in the OpenSSF OSV format. Trusty retrieves and updates this information hourly, ensuring you receive the latest vulnerability data for all packages and versions.

For affected package version(s), Trusty reports a summary of the identified vulnerability, its severity, and a link to the original report at OSV.dev so you can make an informed decision about using or avoiding the package.

How Trusty identifies vulnerabilities​

How Trusty identifies vulnerabilities