Internal — Day-to-Day Compliance Work¶
This is the largest chapter in the TrustSource documentation. It covers everything you do between bringing data in (Inbound) and generating compliance documents (Outbound).
In this chapter¶
| Section | What it covers | Key roles |
|---|---|---|
| Projects | Create, configure and manage projects — the organisational containers for your modules. 12 settings tabs. | manager, account_admin |
| Modules | The unit of analysis — components, licenses, vulnerabilities, dependencies. 8 detail tabs, 18 settings tabs. | developer, compliance_manager |
| Products | CRA-classified products with contacts, photos, documents, misuse cases and solution links. | developer + (license: products) |
| Analysis Reports | Hub page linking to all report types (SBOM, SOUP, Notice, CSAF). | compliance_manager + |
| Risks | Risk register with financial metrics, portfolio views and task management. | developer + (license: risks) |
| Approvals | Formal release approvals with eight review tabs — the quality gate before shipping. | compliance_manager |
| Releases | Published releases with frozen SBOMs and post-release vulnerability monitoring. | developer + |
| Threat Models | STRIDE and LINDDUN threat modelling (BETA). | developer + (license: threat) |
| Settings & Templates | Cross-reference to Administration → Templates for company-wide configuration. | account_admin |
| Vulnerabilities Activity | Company-wide vulnerability feed for security managers. | company_security_manager |
| Critical Components | Components flagged as critical across the company portfolio. | company_component_manager |
[!TIP] The typical workflow is: create a project → add modules → scan → review findings → approve → release → generate documents. Follow the sections in order for a natural progression through that flow.