{"id":26949793,"url":"https://github.com/trustsource/ts-core-ce","last_synced_at":"2026-02-05T21:32:04.923Z","repository":{"id":99726751,"uuid":"249995103","full_name":"TrustSource/ts-core-ce","owner":"TrustSource","description":"Core of TrustSource, managing most of the service functionality, especially flow logic. See trustsource.io for more details.","archived":false,"fork":false,"pushed_at":"2025-06-29T00:03:58.000Z","size":9413,"stargazers_count":1,"open_issues_count":10,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-07-26T21:33:06.052Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/TrustSource.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-03-25T14:06:12.000Z","updated_at":"2025-04-01T10:26:06.000Z","dependencies_parsed_at":null,"dependency_job_id":"29556536-c94e-4f62-8d28-b936bd8ac6f4","html_url":"https://github.com/TrustSource/ts-core-ce","commit_stats":null,"previous_names":["trustsource/ts-core-ce"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/TrustSource/ts-core-ce","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TrustSource%2Fts-core-ce","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TrustSource%2Fts-core-ce/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TrustSource%2Fts-core-ce/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TrustSource%2Fts-core-ce/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/TrustSource","download_url":"https://codeload.github.com/TrustSource/ts-core-ce/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TrustSource%2Fts-core-ce/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29135047,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-05T20:50:26.975Z","status":"ssl_error","status_checked_at":"2026-02-05T20:49:26.082Z","response_time":65,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-04-02T22:17:44.023Z","updated_at":"2026-02-05T21:32:04.882Z","avatar_url":"https://github.com/TrustSource.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Gitter](https://badges.gitter.im/TrustSource/community.svg)](https://gitter.im/TrustSource/community?utm_source=badge\u0026utm_medium=badge\u0026utm_campaign=pr-badge)\n\n# ts-core - the heart of TrustSource\nThis is the core of TrustSource, which is organising most of the service functionality, especially UI and flow logic. See https://support.trustsource.io for more details.  \n\n## About\nTrustSource is an open source solution for managing Software Supply Chain Security and Software Compliance like [OpenChain](https://www.openchianproject.org) compliant processes. It currently is availabe as source code (this repo) for an on-premises setup as self managed installation or as [managed service](https://app.trustsource.io). We plan to also provide a hosted version as an AWS or Azure marketplace offering. Learn more about the different options [here](https://www.trustsource.io/editions). It is also possible to obtain a support contract or [request consulting](https://www.eacg.de/contact).\n\nTrainings and further materials can be found at the publicly accessible [TrustSource Knowledgebase](https://support.trustsource.io). \n\nTo become part of the TrustSource eco-system feel free to reach out to the TrustSource Team at ecosys @ trustsource.io.\n\n## Getting started\nFor over 10 years meanwhile we are involved with the topics of open source compliance, software security and test automation. Since then the landscape has evolved and we have made many experiences. However, the complexity remains high. To simplfy the entry, we have provided some materials to support your compliance endeavour. We would suggest the following sequence:\n  1. [Learn about OS compliance](https://www.slideshare.net/JanThielscher/open-source-governance-erfahrungen) - (a presentation held by [Jan](https://www.linkedin.com/in/jthielscher/) to the opensource workgroup of the Bitkom 2018)\n  2. Setup TrustSource (see below)\n  3. Integrate TrustSource with your [CI/CD chain](https://trustsource.github.io/ts-scan) \n\n\n## Setup of TrustSource\nAs TrustSource is not just a tool you download and start querying through its CLI, it requires a bit of preparation and planning. TrustSource comprises of several services following partly the functional seggregation defined by the [OC-Tooling Working Group Capabilities Map](https://github.com/Open-Source-Compliance/Sharing-creates-value/tree/master/Tooling-Landscape). \nThe following diagram gives an overview of the maximal installation:\n(deployment_max_img)\nThe core (this) component will provide the UI, user management, roles, logging, basic API, flow-logic, most business logic, black \u0026 white lists, all governance and reporting features. It requires a Mongo-DB to start up.\n\n### 1. Provide a mongo DB-Service \n```\n$ docker pull mongo\n...\n$ docker run --name some-mongo -d mongo:latest\n```\nWhere ```some-mongo```shall be the name you want your mongo image to operate. \n\n### 2. Provide TS-Core-Service\nPLEASE NOTE: In our operational environments we make use of AWS services like KMS and Secrets Manager. However, for our developers we have a switch to allow providing local configurations\n\nYou may choose to build it from this repository or use an image from docker hub:\n```\n$ docker pull ts-core\n...\n$ docker run --name ts-core -d -e ts-core:latest\n```\nYou may consider putting all images into a separate network. However, if you plan to provide the services across your organization you will need an endpoint that you will publish. Make sure, the services will be able to reach each other.\n\nTodo:\n  Access port?\n  first user? Link to role management\n\nNow you may login to TrustSource app and start using the core services. But yet there is not much content available. To change this, additional services need to be set up:\n\n### 3. Launching component crawlers\nSee [ts-crawlers](https://github.com/trustsource/ts-crawlers) repository for details.\n\n### 4. Launching vulnerability crawler\nSee [ts-vulncrawler](https://github.com/trustsource/ts-vulncrawler) repository for details.\n\n### 5. Providing TS-LegalCheck-Service\nSee [ts-legalcheck](https://github.com/trustsource/ts-legalcheck) repository for more information.\n\n### 6. Provide TS-SPDX-Im\u0026Export-Service (optional)\nSee [ts-spdx](https://github.com/trustsource/ts-spdx) repository for more details.\n\n### 7. Integrate with your CI/CD chain\nDepending on your programming language you will require different toolsets. [This article](https://support.trustsource.io/hc/en-us/articles/115003456825-Which-integrations-are-available-for-TrustSource-) gives an overview how integrations may be achieved and links to the different repositories.  \n\n## Future directions\nTo learn more about the future directions, please see our [Roadmap](https://support.trustsource.io/hc/en-us/articles/360011448239-Roadmap)\nFeel free to use this repository to suggest features, improvements or bugs. Every \"issue\" is welcome. Please use tags accodingly to help indentify what it is about.\n\n## Contribute \u0026 Communicate\nWe highly encourage all sorts of communication. We are here to help your compliance efforts taking up. For sure we also need to make our living, thus support contracts are welcome. But we also want to give back to the community that has offered so much to allow our work. If you want to reach out to us, please use one of the following channels:\n- our [FAQ](https://support.trustsource.io/hc/en-us/sections/115000775369-TrustSource-FAQ)\n- the [Knowledgbase](https://support.trustsource.io)\n- [Issues](https://github.com/trustsource/ts-core/issues) - please use the correct repository!   \n- [Support subscriptions](https://www.trustsource.io/support)\n- [DevChannel](https://gitter.im/TrustSource/community) 4 contributors (via gitter) \n    \nIn case you plan to contribute, you are highly welcome! We maintain a taskboard on Jira, which is linked to the issues of the correpsonding repos. Thus it is reltively simple to join work. However, some setup for the different developments might be required. Shortly we will provide a description on how to setup a dev env for each of the different environments. Meanwhile feel free to fork the repo and start working. We will be happy to receive your pull request. The pull request should provide the typical information such as \n* What has changed?\n* Why?\n* How has it been tested?\n    \nPLEASE NOTE: Whenever you will be contributing something, you will have to state that you will comply with the contribution agreement. This means you will hand an non-exclusive, irrevocable, unlimited right to use, modify and distribute your contribution to the TrustSource project. For further details, please see the [contribution agreement](https://github.com/trustsource/CONTRIBUTION) in this repository.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrustsource%2Fts-core-ce","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrustsource%2Fts-core-ce","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrustsource%2Fts-core-ce/lists"}