Skip to main content

Changelog

  • Package Versions support - 22 Aug, 2024 Trusty now supports package versions (information, scores, security checks, etc.), across all of our available ecosystems.

  • License Information - 14 Aug, 2024 Trusty now shows license information for a package. For more details see Trusty License Information

  • OSV Vulnerability integration - 14 Aug, 2024 Trusty regularly ingests and parses data about vulnerabilities from the open source OSV.dev database.

  • OSV integration - 7 May, 2024 Trusty regularly ingests data about malicious packages from the open source OSV.dev database.

  • OSS Trust Graph Beta - Apr 17, 2024 Trusty now includes an OSS Trust Graph (beta release) which models the open-source ecosystem as a large graph, and runs a trust propagation algorithm to compute scores for packages, projects and contributors.

  • Go support - Feb 2, 2024 Trusty now supports the Golang ecosystem, analyzing Go modules and producing Trusty Scores for them.

  • Historical Provenance - Jan 15, 2024
    Trusty Scores now include "Historical Provenance", a unique way to tie a package back to the Git repository that produced it. Historical Provenance is useful for packages that are not yet signing with Sigstore. Read more on the Stacklok blog.

  • Score Details - Jan 12, 2024
    Trusty now displays the individual components that make up a Trusty Score. Examining the Score Details will show repository activity, typosquatting risk, author activity, and provenance.

  • Java support - Dec 20, 2023
    Trusty now analyzes Maven packages in the Maven Central Repository and produces Trusty Scores for Java Packages. Read more in our blog post.

  • Stacklok Discord - Dec 18, 2023
    Stacklok now has a Community Discord Server to discuss Trusty, Minder, and securing the software supply chain.