Brussels / 3 & 4 February 2024


Make your software products trustable

As organizations start their software supply chain security (SSCS) journey, more and more documents (like SBOMs and VEXs) are being created. But having these documents produced will get us just a half-way through. We need ways to store, index, search and analyze potentially large numbers of SSCS documents to become aware of our vulnerabilities and be able to react to them quickly. Meet trustification (, an open source project that allows us to store and analyze our security data at scale. Trustification allows users to manage their portfolio of applications, containers and products throughout their lifecycle. Providing transparency of their technical make up and dependencies as well as highlighting their vulnerabilities.. In this session, we will describe the Trustification project in detail. We'll start by covering basic requirements for this kind of system. Having a S3 compatible storage, flexible vulnerability collectors, support for powerful query language and ability to find the relationship between different components is the key. We'll go through the architecture and all the services needed to achieve these goals. We'll end up with a brief demo of the working system. After the session you should be able to start using Trustification to make your software products more trusted.


Photo of Marco Rizzi Marco Rizzi
Photo of Dejan Bosanac Dejan Bosanac
Photo of Phil Cattanach Phil Cattanach