The ts-scan scans your project for all package depedencies. It supports following build systems
- Python (wheel)
- Maven
- Nuget
- NPM
The collected information is stored locally as JSON structure and can be posted to the TrustSource service for the analysis.
- pip - is often already contained in the Python distribution but in some cases, please, follow the pip's installation instruction
pip install ts-scan
cd <path to the ts-pip-plugin>
pip install ./ --process-dependency-links
ts-scan --help
ts-scan scan -o <path to the output file> <path to the project directory>
More info
ts-scan scan --help
ts-scan upload --project-name <TrustSource project name> --api-key <TrustSource API key> <path to the scan JSON file>
ts-scan upload --help
Supported formats
- SPDX RDF (spdx-rdf)
- SPDX JSON (spdx-json)
- CycloneDX (cyclonedx)
ts-scan import -f <SBOM format> -v <SBOM format version> --module <SBOM module name> --module-id <SBOM module id> --project-name <TrustSource project name> --api-key <TrustSource API key> <path to the SBOM file>
ts-scan import --help