Meanwhile we provide support for several languages and package managers. Click on any of the following logos to get the details on how to integrate with your desired environment. If your environment is not present or you feel unhappy with the documentation, please do not hesitate contacting us. We are keen to improve the experience of integrating our solution with every CI/CD solution.
To simplify the development of further integrations, we decided to provide a multi-layer approach. So we seggregated a client and the package manager plugin. The plugin is integrating with the package manager and retrieving the transitive dependencies. Then it hands this list to the client. The client will transform the input into the TrustSource format and send it to the TrustSource Scan-API.
PLEASE NOTE: With v2.0 of TrustSource we also provide a -p option allowing to print instead of transfer the generated dependency lists.
This separation of responsibilities allows to focus on the package manager specifics without paying much attention to transfer and security handling. Currently there are two client implementations available, one in Java and one in Python.
Currently supported languages:
PLEASE NOTE: The integration with C, C++ or C# depend on the way you are developing your projects. If you are not using the Visual Studio builds but Make-File based building, you might prefer to use Repository based analysis using our DeepScan-Service for repository scans.
Existing integrations for CI/CD task runners:
If you want to make decisions within the CI/CD process depending on particular results or want to display results in the process or environment, we recommend to trigger actions using the TrustSource API directly. A few common actions and representation have been realized for the following task runners:
Currently supported Package Managers: