TrustSource (https://www.trustsource.io) is a legal resolver and OpenChain compliant workflow engine that allows you to manage your open source dependencies, provide legal compliance and create bill of materials.
TrustSource Java client is a java library to transfer dependency information to TrustSource-Server via its REST-API. There are several plugins available that use (wrap) this library to integrate with different build tools:
Please see the following links for more details on the corresponding package manager:
- Ivy/Ant (Java)
- Maven (Java)
- Gradle (Java)
- Kobalt (Java)
- Node (JScript)
- Grunt (JScript) could also be used for gulp (see here)
- PIP (Python)
- Bundler (Ruby)
- Composer (PHP)
- SPM (Swift)
- nuget (.NET)
However, since it became difficult to pre-set CI/CD-pipelines with all the different tools, we decided to unify the different tools under the umbrella of new ts-scan project. Stepwise we will migrate the different environments there and stop continuing the development of the different tools.
There is a Jenkins Plugin, which can trigger most of the scanners listed above. You will find further information on this plugin at Jenkins plugin or directly on the Jenkins Plugin Marketplace. PLEASE NOTE: Development for the Jenkins-Plugin has been discontinued. We recognized the delta in demands from different organisations are too big. That is why we decided to focus on a suitable API and provisioning of an SDK. Shortly we will provide our API v2, which comes with predefined SDKs.
TrustSource provide a free version. You may tregister and select the egar wheel on the upper right side and select API keys from the menu. Then select API-Key and generate the key. Paste user & API key into your local settings file and run your scan. Be compliant ;-)
Write us an email to support@trustsurce.io. We will be happy to hear from you. Or visit our knowledgebase at https://support.trustsource.io for more insights and tutorials.