It is a while since we introduced TrustSource. In the beginning it was just something that helped us to manage Java dependencies. Then we recognised that it would be good, having a JavaScript Scanner for the frontend stuff..., this kept going on and the list of supported systems grew and grew.
After a while it turned out that maintaining such a plethora of integrations is a hell of work. And always another integration came down the road. And since every implementation has been provided by another Guru for that particular environment, the set of commands started to vary as well. This makes it hard for CI/CD engineers to provide suitable pipelines.
Thus, we decided in late 2023 that it would make sense to unify the different scanners into one. One Scanner, one command set and only one tool to maintain: ts-scan was born, the Swiss Army Knife of SCA.
With ts-scan we aim to integrate all environments and all capabilities with the goal to unify the handling. So far we already integrated a huge set of tools (file scanning, package scanning, docker image scanning, binary scanning, repository scanning) on different levels (package meta data or file analysis) and several languages (Java, JavaScript, dotNet and Python). See the ts-scan documentation for more details.
PLEASE NOTE:
We support a huge amount of other tools and languages. But we did not yet integrate them all. If you feel like your preferred package management systems is missing, please let us know. We will be adding it for you. However you are also invited to integrate it by yourself. We like contributions.
Alternatively you may want to look at the OSS Review Toolkit (ORT) instead. Sebastian and his teammates did a great job in providing a plethora of package manager systems and keeping them up to date. We have developed a report for ORT allowing to export ORT-results directly into TrustSource.
Comments
0 comments
Article is closed for comments.