Overview

ts-scan is the ultimate scanner resulting from several years of experience with scanning code for license information, vulnerabilities or malware across a plethora of sources, be it plain text files, packages, docker images or even binaries across as many environments as possible.

Thus, we strive to provide a sort of a suiss army knife for scanning in the most comprehensive and comfortable way. And since we were not educated to do all day long this sort of work, we designed it to support automation.

This help has been designed to support you in making the best use of it. To get a quick entry we outline different use cases and describe how to achieve the particular goal. A general article will give you an overview of the design and another article explains how to use ts-scan together with the TrustSource platform. However, ts-scan is standalone and can be used with every backend.

To get a quick intro, jump to any of the following use cases:

• Architecture Overview & supported Ecosystems
• Installation

• Capabilities

  • See Usage page on general guidance
  • Scanning for dependencies (creating SBOMs)
  • Scanning for licenses
  • Scanning for encryption
  • Scan for Known Vulnerabilities
  • Scan for malware
  • Scan for known software snippets

• Operations examples

• Scanning different artefacts
• Auto-create SBOMs
• Prevent check-in of vulnerable dependencies
• Converting between different SBOM formats

Getting Support

ts-scan is open source and supported through this repository. As a TrustSource subscriber, you may contact TrustSource support for help. As a community user, please file a ticket with the repo.

You may also find additional information and learning materials on specific scanning issues/topics in our open TrustSource Knowledgebase.

Reporting Vulnerabilities

TrustSource supports a coordinated vulnerability disclosure procedure for its platform. ts-scan follows that schema and vulnerabilities identified should follow this procedure. Please find all details in our Security Policy.