We are introducing Trustcenter/Teams, a software component security and risk analysis platform. Trustcenter/Teams helps identify and reduce risk in the software supply chain. Above all, it supports pointing to the source code repository or image registry, automatically analyzing the software components, and conducting vulnerability scans. The platform also supports manual analysis of vulnerabilities and decision-making regarding further actions.
Trustcenter/Teams is a complementary product to Trustcenter/Enterprise. We are addressing this product to small and medium teams and organizations, whereas Trustcenter/Enterprise has been designed for large enterprises.
Trustcenter/Teams is an innovative solution that has many use cases, as it:
- by using advanced analytics tools, provides organizations with increased transparency into their projects and helps them understand the impact of vulnerabilities on their systems,
- is a simple tool that automates tasks such as tracking emerging threats in form of vulnerabilities and shortens the time to respond to issues,
- helps organizations comply with industry standards and regulations related to cybersecurity. One of the most significant uses of Trustcenter/Teams is in complying with the NIST SSDF or the SLSA framework, which is a framework for information security management,
- additionally, with the recent executive order by Biden on SBOMs, helps organizations stay ahead of the curve by providing solutions that allow them to keep track of their software supply chain and identify potential risks and threats.
Overall, Trustcenter/Teams is a must-have for organizations looking to stay ahead of the game in terms of cybersecurity and ensure the safety of their data and systems.
In case you want to start a trial right away: Start the Trustcenter/Teams free trial
Let’s start introducing the key elements of Trustcenter/Teams.
Dashboard view
The Risk Management dashboard is the main interface for users to monitor and manage their risk exposure. Here you will find information on the total number of portfolio vulnerabilities in your projects, the number of vulnerable components, and much more.
The Portfolio section displays all projects with a summary of their components, vulnerabilities, and licenses. A project in Trustcenter/Teams is a collection of software components used in a specific application or service.
Work with Trustcenter project
Creating a project involves entering the project name, description, and other information through a form wizard. To import a project, you select the integration type and point to a repository or image.
The Project Details page displays a summary of the project and time series graphs of vulnerabilities, components, and auditing progress. Therefore you can do an overview of the project, see a table with components (SBOM, Software Bill of Materials), and view the graph of dependencies.
The Audit Vulnerabilities tab allows for manual analysis of vulnerabilities detected in the project. For example, you can see the list of vulnerabilities detected in the project and their status. Also here you see the CVEs associated with the vulnerabilities. In addition, you can import earlier manual or automatic analyses (as a VEX) and export the results of your analysis.
The Exploit Predictions graph plots CVSS (x-axis) against EPSS (y-axis). In other words, it shows the relationship between the severity of the vulnerability and the likelihood that the vulnerability will be exploited. Therefore, the vulnerabilities are plotted as dots on the graph. For example, ones that are in the top right corner of the graph are the most severe and exploitable.
In Trustcenter/Teams, you will also find Components, Vulnerabilities, and Licenses sections where you can view descriptions and references to the web materials regarding the ideas used in your project. Moreover, Trustcenter/Teams allows for rich customization. For example, you can add vulnerability scanning databases, integrations, users, and teams, and configure notifications.
The minimum system requirements for running Trustcenter/Teams include an environment with VMware virtual machines that are comparable to vSphere 6.0 or higher.
The VM needs 2 CPU cores, 4.5 GB of RAM, and a minimum disk space of 40 GB.
Summary
To conclude, we are introducing Trustcenter/Teams, a comprehensive software component analysis platform designed for any range of teams and organizations. The platform supports point-and-click functionality for source code repositories and images.
Moreover, it provides online vulnerability scanning via a multitude of sources and insights into the security of your code.
