diff --git a/.env.example b/.env.example index e7bb2561..94d88343 100644 --- a/.env.example +++ b/.env.example @@ -25,15 +25,18 @@ TLS_EMAIL= # Traefik log level: DEBUG | INFO | WARN | ERROR. INFO is the safe default. TRAEFIK_LOG_LEVEL=INFO # IMAGE_REGISTRY is the namespace the production compose stack pulls images -# from: /backend, /backend-worker, /frontend. -# Default is GitHub Container Registry under the trustedoss org, published by -# .github/workflows/release.yml on each vX.Y.Z tag. Override only for a fork, -# a private mirror, or an air-gapped registry. +# from: /trusca-backend, /trusca-backend-worker, +# /trusca-frontend. Default is GitHub Container Registry under the +# trustedoss org, published by .github/workflows/release.yml on each vX.Y.Z +# tag. Override only for a fork, a private mirror, or an air-gapped registry. +# (Releases <= 0.10.0 were published under the pre-rename names backend / +# backend-worker / frontend; those tags stay where they are.) IMAGE_REGISTRY=ghcr.io/trustedoss # IMAGE_TAG pins the container tags pulled by the production compose stack. # Bump this on every release; never use :latest. The release workflow -# publishes both an immutable X.Y.Z tag and a movable X.Y tag. -IMAGE_TAG=0.10.0 +# publishes both an immutable X.Y.Z tag and a movable X.Y tag. 0.11.0 is the +# first release published under the trusca-* image names. +IMAGE_TAG=0.11.0 # ---------- Evaluation (lightweight 2 vCPU / 4 GB profile) ---------- # Used by the eval overlay + scripts/eval-up.sh: @@ -570,7 +573,7 @@ COSIGN_TIMEOUT_SECONDS=120 # a vendor-neutral URN; override to name your own deployment so a verifier can # pin provenance to a known builder (e.g. https://ci.example.com/trustedoss). # Build-platform identity, NOT a secret. Read at call time (rule #11). -SLSA_BUILDER_ID=https://github.com/trustedoss/trustedoss-portal/worker +SLSA_BUILDER_ID=https://github.com/trustedoss/trusca/worker # Version stamped into the provenance builder.version + SBOM generation context # (satisfies the CISA-2025 / NTIA "tool name + version" element from the # attestation alone). Defaults to the bundled portal version; set to the exact diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml index 1d360d6e..de5bb26d 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.yml +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -9,8 +9,8 @@ body: Thanks for taking the time to file a bug report. Before submitting, please: - - Search [existing issues](https://github.com/trustedoss/trustedoss-portal/issues?q=is%3Aissue) to avoid duplicates. - - **Do not file security vulnerabilities here.** See [SECURITY.md](https://github.com/trustedoss/trustedoss-portal/blob/main/SECURITY.md) for the responsible disclosure process. + - Search [existing issues](https://github.com/trustedoss/trusca/issues?q=is%3Aissue) to avoid duplicates. + - **Do not file security vulnerabilities here.** See [SECURITY.md](https://github.com/trustedoss/trusca/blob/main/SECURITY.md) for the responsible disclosure process. - type: textarea id: summary diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml index 70ed93a7..3713d8fa 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.yml +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -9,8 +9,8 @@ body: Thanks for proposing a new feature. Before submitting, please: - - Search [existing issues](https://github.com/trustedoss/trustedoss-portal/issues?q=is%3Aissue) and [discussions](https://github.com/trustedoss/trustedoss-portal/discussions) to avoid duplicates. - - Check the [v2 execution plan](https://github.com/trustedoss/trustedoss-portal/blob/main/docs/v2-execution-plan.md) — your idea may already be on the roadmap. + - Search [existing issues](https://github.com/trustedoss/trusca/issues?q=is%3Aissue) and [discussions](https://github.com/trustedoss/trusca/discussions) to avoid duplicates. + - Check the [v2 execution plan](https://github.com/trustedoss/trusca/blob/main/docs/v2-execution-plan.md) — your idea may already be on the roadmap. - type: textarea id: problem diff --git a/.github/ISSUE_TEMPLATE/security.yml b/.github/ISSUE_TEMPLATE/security.yml index 39a6aa55..6fd88674 100644 --- a/.github/ISSUE_TEMPLATE/security.yml +++ b/.github/ISSUE_TEMPLATE/security.yml @@ -10,9 +10,9 @@ body: **Do NOT file a public issue for an unpatched vulnerability.** - For confidential vulnerability reports, please use one of these private channels (see [SECURITY.md](https://github.com/trustedoss/trustedoss-portal/blob/main/SECURITY.md) for details): + For confidential vulnerability reports, please use one of these private channels (see [SECURITY.md](https://github.com/trustedoss/trusca/blob/main/SECURITY.md) for details): - - **GitHub private vulnerability reporting** — [Report a vulnerability](https://github.com/trustedoss/trustedoss-portal/security/advisories/new) (preferred) + - **GitHub private vulnerability reporting** — [Report a vulnerability](https://github.com/trustedoss/trusca/security/advisories/new) (preferred) - **Encrypted email** — `security@trustedoss.io` (PGP key fingerprint in SECURITY.md) Use this **public** template only for: diff --git a/.github/workflows/dogfood-scan.yml b/.github/workflows/dogfood-scan.yml index 431998a7..2bd52cb0 100644 --- a/.github/workflows/dogfood-scan.yml +++ b/.github/workflows/dogfood-scan.yml @@ -139,7 +139,7 @@ jobs: project_id=$(curl -fsS -X POST "$api/v1/projects" \ -H "Authorization: Bearer $jwt" -H 'Content-Type: application/json' \ -d "$(jq -nc --arg t "$team_id" \ - '{team_id: $t, name: "Dogfood Self-Scan", slug: "dogfood-self-scan", git_url: "https://github.com/trustedoss/trustedoss-portal.git"}')" \ + '{team_id: $t, name: "Dogfood Self-Scan", slug: "dogfood-self-scan", git_url: "https://github.com/trustedoss/trusca.git"}')" \ | jq -r '.id') [ -n "$project_id" ] && [ "$project_id" != "null" ] || { echo "::error::project create failed"; exit 1; } diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4869203e..f8b45d41 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,9 +9,13 @@ name: Release (publish container images) # that gap by publishing three multi-arch images to GitHub Container Registry # on every `vX.Y.Z` tag: # -# ghcr.io/trustedoss/backend ← apps/backend/Dockerfile.prod -# ghcr.io/trustedoss/backend-worker ← apps/backend/Dockerfile.worker -# ghcr.io/trustedoss/frontend ← apps/frontend/Dockerfile.prod +# ghcr.io/trustedoss/trusca-backend ← apps/backend/Dockerfile.prod +# ghcr.io/trustedoss/trusca-backend-worker ← apps/backend/Dockerfile.worker +# ghcr.io/trustedoss/trusca-frontend ← apps/frontend/Dockerfile.prod +# +# Image names carry the trusca- prefix from v0.11.0 onwards (TRUSCA rebrand +# W4). Releases <= 0.10.0 stay under the pre-rename names backend / +# backend-worker / frontend so that older pinned compose files keep pulling. # # Tag strategy (CLAUDE.md core rule #9 — NEVER `:latest`): # git tag v2.0.1 → image tags `2.0.1` (immutable) and `2.0` (movable minor). @@ -60,18 +64,18 @@ jobs: fail-fast: false matrix: include: - - image: backend + - image: trusca-backend dockerfile: apps/backend/Dockerfile.prod context: apps/backend - description: TrustedOSS Portal backend (FastAPI API). - - image: backend-worker + description: TRUSCA backend (FastAPI API). + - image: trusca-backend-worker dockerfile: apps/backend/Dockerfile.worker context: apps/backend - description: TrustedOSS Portal Celery worker (cdxgen / scancode / Trivy / JRE). - - image: frontend + description: TRUSCA Celery worker (cdxgen / scancode / Trivy / JRE). + - image: trusca-frontend dockerfile: apps/frontend/Dockerfile.prod context: apps/frontend - description: TrustedOSS Portal frontend (React SPA on nginx). + description: TRUSCA frontend (React SPA on nginx). steps: - name: Checkout uses: actions/checkout@v4 @@ -105,9 +109,9 @@ jobs: type=semver,pattern={{version}},value=${{ github.event.inputs.tag }} type=semver,pattern={{major}}.{{minor}},value=${{ github.event.inputs.tag }} labels: | - org.opencontainers.image.title=trustedoss-${{ matrix.image }} + org.opencontainers.image.title=${{ matrix.image }} org.opencontainers.image.description=${{ matrix.description }} - org.opencontainers.image.source=https://github.com/trustedoss/trustedoss-portal + org.opencontainers.image.source=https://github.com/trustedoss/trusca org.opencontainers.image.licenses=Apache-2.0 - name: Build & push (linux/amd64, linux/arm64) diff --git a/.github/workflows/sca-self.yml b/.github/workflows/sca-self.yml index 4b07c077..4fffde0a 100644 --- a/.github/workflows/sca-self.yml +++ b/.github/workflows/sca-self.yml @@ -144,7 +144,7 @@ jobs: The nightly SCA self-scan (\`.github/workflows/sca-self.yml\`, run [\`${GITHUB_RUN_ID}\`](${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID})) detected **${CRITICAL_COUNT}** Critical-severity vulnerabilities in the - dependency tree of \`trustedoss-portal\` itself. + dependency tree of \`trusca\` itself. ## Findings diff --git a/.gitleaks.toml b/.gitleaks.toml index 42e41721..edb54a33 100644 --- a/.gitleaks.toml +++ b/.gitleaks.toml @@ -1,4 +1,4 @@ -# gitleaks configuration for trustedoss-portal. +# gitleaks configuration for trusca. # # Extends the upstream default ruleset and adds an allowlist for known # non-secrets that the generic high-entropy rules flag: synthetic fixtures @@ -12,7 +12,7 @@ # Only provably non-secret values (test fixtures, CI dummies, placeholders) # belong in this allowlist. -title = "trustedoss-portal gitleaks config" +title = "trusca gitleaks config" [extend] useDefault = true diff --git a/CHANGELOG.md b/CHANGELOG.md index 3c1ff991..6a4239e6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,70 @@ All notable changes to TrustedOSS Portal are documented in this file. The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and the project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [0.11.0] — 2026-06-12 + +The first post-GA feature release. Headlines: the product is **renamed to +TRUSCA**, a public **read-only demo SaaS** deployable to a single Hetzner +server, a UI **craft pass** (W11–W12), and a hardening sweep from an external +verification campaign. + +### Renamed — TrustedOSS Portal is now TRUSCA + +**TRUSCA** (Trust + SCA) is the new product name — *the SCA tool of the +TrustedOSS initiative*. The umbrella initiative keeps the TrustedOSS name; the +tool gets its own. What changes for you: + +- **Repository**: `github.com/trustedoss/trustedoss-portal` → + `github.com/trustedoss/trusca`. Git remotes and old web links redirect + automatically. +- **Docs site path**: `trustedoss.github.io/trustedoss-portal/` → + `trustedoss.github.io/trusca/` (GitHub Pages does **not** redirect the old + path — update bookmarks). +- **Container images** (BREAKING for upgrades): from 0.11.0 images publish as + `ghcr.io/trustedoss/trusca-backend`, `trusca-backend-worker`, and + `trusca-frontend`. Releases ≤ 0.10.0 keep their old image names, and an + upgrade via `git checkout v0.11.0 && bash scripts/upgrade.sh` switches + automatically (the new compose file pins the new names). Only custom + overlays that hardcode the old image names need a manual edit. +- **Unchanged on purpose**: database user/roles, the Celery app name, the + compose network, demo account e-mails, and `urn:trustedoss:*` problem URNs + are internal identifiers that match the umbrella name and stay as-is. +- New brand: the "Hex Check" mark (package hexagon + verification check) and + the first frontend favicon. + +### Added +- **Public read-only demo mode** — `DEMO_READ_ONLY` makes the backend serve all + reads but reject every write (allow-listing only the auth login/refresh/logout + flow) with an RFC 7807 403. The SPA surfaces it as a banner, a login-page + credentials hint, and a dedicated "read-only demo" toast on blocked writes. +- **Hetzner demo provisioning** — cloud-init, an operator runbook (EN/KO), an + idempotent `seed_demo` dataset, a daily `reset_demo` wipe-and-reseed timer, and + a daily backup timer. +- **Optional SSH-based CD** (`deploy-hetzner.yml`) — one-click / on-release deploy + to the demo host via the existing `upgrade.sh`, with strict tag validation and + host-key pinning. +- **Day-2 operations** — opt-in offsite backup (`backup-offsite.sh`, rclone), a + backstop uptime canary workflow, and a Korean translation-style linter for the + docs site. + +### Changed +- **Visual & craft pass (W11–W12)** — modern-enterprise theme (warm near-black + primary, off-white canvas), Inter/JetBrains-Mono typography system, an + in-house global toast, CSS-only route/motion transitions with a reduced-motion + guard, and richer empty/loading states. + +### Fixed +- Drawer obligations, CVE deep-links, and the Compliance NOTICE toolbar + (M-20/M-21/M-22). Relative-time displays now always carry an absolute-time title. + +### Security +- Revoke the entire refresh-token family on reuse detection (C-1). +- Redact embedded `git_url` credentials on the read API and in audit logs (C-2). +- Enforce the project boundary for project-scoped API keys (M-2) and scope + `GET /v1/audit` reads to the caller's team for team admins (M-3). +- Codified five testing-hardening rules and vendored the verification team's + deterministic specs as a nightly regression gate. + ## [0.10.0] — 2026-05-31 First public release of TrustedOSS Portal. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 79e8d276..1aa3ea4b 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -43,8 +43,8 @@ This project adheres to the [Contributor Covenant 2.1](CODE_OF_CONDUCT.md). By p ### Bootstrap the dev stack ```bash -git clone https://github.com/trustedoss/trustedoss-portal.git -cd trustedoss-portal +git clone https://github.com/trustedoss/trusca.git +cd trusca cp .env.example .env # adjust as needed docker-compose -f docker-compose.dev.yml up -d ``` @@ -74,7 +74,7 @@ npm run test -- --coverage ### Picking work -- Browse open issues labeled `good first issue` or `help wanted` in the [issue tracker](https://github.com/trustedoss/trustedoss-portal/issues). +- Browse open issues labeled `good first issue` or `help wanted` in the [issue tracker](https://github.com/trustedoss/trusca/issues). - For larger features, open a discussion or feature-request issue first so we can align on scope before you write code. ### Keeping in sync diff --git a/GOVERNANCE.md b/GOVERNANCE.md index 2095ab1c..5c8aa0d3 100644 --- a/GOVERNANCE.md +++ b/GOVERNANCE.md @@ -81,7 +81,7 @@ re-activation is welcome. The lifecycle for a non-trivial change is: 1. **Open an issue** describing the problem and the proposed direction. -2. **Discuss** on the issue or in [GitHub Discussions](https://github.com/trustedoss/trustedoss-portal/discussions) +2. **Discuss** on the issue or in [GitHub Discussions](https://github.com/trustedoss/trusca/discussions) until the approach has rough agreement. 3. **Open a pull request** that implements the agreed approach, following [`CONTRIBUTING.md`](CONTRIBUTING.md). diff --git a/NOTICE b/NOTICE index 7ebab7ec..2a7eac72 100644 --- a/NOTICE +++ b/NOTICE @@ -2,7 +2,7 @@ TRUSCA Copyright 2026 TRUSCA contributors This product includes software developed at the TRUSCA project -(https://github.com/trustedoss/trustedoss-portal). +(https://github.com/trustedoss/trusca). Licensed under the Apache License, Version 2.0 (the "License"). You may obtain a copy of the License at: diff --git a/README.md b/README.md index 98aaf198..eefcb5d3 100644 --- a/README.md +++ b/README.md @@ -2,14 +2,14 @@ [![License: Apache 2.0](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](LICENSE) [![Release](https://img.shields.io/badge/release-v0.10.0-2563eb.svg)](CHANGELOG.md) -[![Docs](https://img.shields.io/badge/docs-trustedoss.github.io-0f172a.svg)](https://trustedoss.github.io/trustedoss-portal/) +[![Docs](https://img.shields.io/badge/docs-trustedoss.github.io-0f172a.svg)](https://trustedoss.github.io/trusca/) [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/13060/badge)](https://www.bestpractices.dev/projects/13060) > Open-source enterprise SCA portal — manage CVEs, license compliance, and SBOMs in one self-hosted UI. **TRUSCA** — the SCA tool of the [TrustedOSS](https://trustedoss.github.io/) initiative — is an Apache-2.0 licensed, self-hosted alternative to commercial Software Composition Analysis (SCA) products. It unifies vulnerability tracking (CVE), license compliance, and Software Bill of Materials (SBOM) management for engineering and legal teams. -> **🔭 Live demo:** *Coming soon.* A hosted read-only demo will be published shortly; until then you can run a local read-only demo with `DEMO_READ_ONLY=true`. See [Live demo](https://trustedoss.github.io/trustedoss-portal/docs/installation/live-demo). +> **🔭 Live demo:** *Coming soon.* A hosted read-only demo will be published shortly; until then you can run a local read-only demo with `DEMO_READ_ONLY=true`. See [Live demo](https://trustedoss.github.io/trusca/docs/installation/live-demo). --- @@ -69,8 +69,8 @@ ## Quick start (development) ```bash -git clone https://github.com/trustedoss/trustedoss-portal.git -cd trustedoss-portal +git clone https://github.com/trustedoss/trusca.git +cd trusca cp .env.example .env docker-compose -f docker-compose.dev.yml up @@ -81,15 +81,15 @@ After roughly 30 seconds the dev containers (`postgres`, `redis`, `backend`, `ce ### Other ways to run it -- **Production (Docker Compose)** — use the bundled `docker-compose.yml` (Traefik + Let's Encrypt). See the [installation guide](https://trustedoss.github.io/trustedoss-portal/docs/installation/docker-compose). -- **Production (Kubernetes / Helm)** — the production-grade chart (`charts/trustedoss`) ships bundled-or-external PostgreSQL & Redis, an Ingress with cert-manager TLS, and a migration Job. See the [Helm / Kubernetes guide](https://trustedoss.github.io/trustedoss-portal/docs/installation/helm). -- **Read-only live demo** — run any deploy with `DEMO_READ_ONLY=true`. See [Live demo](https://trustedoss.github.io/trustedoss-portal/docs/installation/live-demo). -- **API reference** — the hosted OpenAPI reference is at [`/reference/api`](https://trustedoss.github.io/trustedoss-portal/reference/api). +- **Production (Docker Compose)** — use the bundled `docker-compose.yml` (Traefik + Let's Encrypt). See the [installation guide](https://trustedoss.github.io/trusca/docs/installation/docker-compose). +- **Production (Kubernetes / Helm)** — the production-grade chart (`charts/trustedoss`) ships bundled-or-external PostgreSQL & Redis, an Ingress with cert-manager TLS, and a migration Job. See the [Helm / Kubernetes guide](https://trustedoss.github.io/trusca/docs/installation/helm). +- **Read-only live demo** — run any deploy with `DEMO_READ_ONLY=true`. See [Live demo](https://trustedoss.github.io/trusca/docs/installation/live-demo). +- **API reference** — the hosted OpenAPI reference is at [`/reference/api`](https://trustedoss.github.io/trusca/reference/api). ## Repository layout ``` -trustedoss-portal/ +trusca/ ├── apps/ │ ├── backend/ FastAPI app (api, core, models, services, tasks, integrations) │ └── frontend/ React + Vite + shadcn/ui app @@ -102,7 +102,7 @@ trustedoss-portal/ ## Documentation -- **[Documentation site](https://trustedoss.github.io/trustedoss-portal/)** — install, scan, operate, and integrate (English + Korean) +- **[Documentation site](https://trustedoss.github.io/trusca/)** — install, scan, operate, and integrate (English + Korean) - [`ROADMAP.md`](ROADMAP.md) — public roadmap - [`CHANGELOG.md`](CHANGELOG.md) — release history @@ -119,7 +119,7 @@ Contributions are welcome — code, documentation, translations, bug reports, an ## SCA self-scan -[![SCA self-scan](https://github.com/trustedoss/trustedoss-portal/actions/workflows/sca-self.yml/badge.svg)](https://github.com/trustedoss/trustedoss-portal/actions/workflows/sca-self.yml) +[![SCA self-scan](https://github.com/trustedoss/trusca/actions/workflows/sca-self.yml/badge.svg)](https://github.com/trustedoss/trusca/actions/workflows/sca-self.yml) The portal dog-foods its own toolchain. A nightly GitHub Actions workflow ([`.github/workflows/sca-self.yml`](.github/workflows/sca-self.yml)) generates a CycloneDX SBOM with cdxgen, runs Trivy against it, and auto-opens / closes a labelled GitHub issue when Critical CVEs appear in our dependency tree. diff --git a/ROADMAP.md b/ROADMAP.md index 66babb24..99fe01e5 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -68,4 +68,4 @@ SSO / OIDC, native Jenkins plugin, Excel reports, compliance PDF, historical-sca --- -Roadmap items are proposals, not commitments — dates are deliberately omitted. Feedback and contributions are welcome: open a [discussion](https://github.com/trustedoss/trustedoss-portal/discussions) or an issue referencing the relevant section. +Roadmap items are proposals, not commitments — dates are deliberately omitted. Feedback and contributions are welcome: open a [discussion](https://github.com/trustedoss/trusca/discussions) or an issue referencing the relevant section. diff --git a/SECURITY.md b/SECURITY.md index 6d2d64c5..8e845c6e 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -14,7 +14,7 @@ The TRUSCA team takes the security of our software and our users seriously. This The fastest, most reliable channel is GitHub's built-in private vulnerability reporting: -→ **[Report a vulnerability](https://github.com/trustedoss/trustedoss-portal/security/advisories/new)** +→ **[Report a vulnerability](https://github.com/trustedoss/trusca/security/advisories/new)** This creates a private security advisory visible only to you and the maintainers. Use this channel whenever possible. @@ -139,7 +139,7 @@ Verification instructions will be published in the release notes. | Topic | Channel | |---|---| -| **Vulnerability report** | [GitHub Private Vulnerability Reporting](https://github.com/trustedoss/trustedoss-portal/security/advisories/new) → fall back to `security@trustedoss.io` | +| **Vulnerability report** | [GitHub Private Vulnerability Reporting](https://github.com/trustedoss/trusca/security/advisories/new) → fall back to `security@trustedoss.io` | | Security policy questions | `security@trustedoss.io` (no encryption needed) | | Conduct concerns | `conduct@trustedoss.io` (see [`CODE_OF_CONDUCT.md`](CODE_OF_CONDUCT.md)) | | Everything else | GitHub Issues / Discussions | diff --git a/SUPPORT.md b/SUPPORT.md index 3f906f93..d19d8e73 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -7,7 +7,7 @@ each kind of request so you get an answer quickly. Most "how do I…" answers are in the documentation site: -→ **https://trustedoss.github.io/trustedoss-portal/** +→ **https://trustedoss.github.io/trusca/** It covers installation, running scans, reading results, admin operations, and CI integration, in English and Korean. Start there before opening an issue. @@ -17,7 +17,7 @@ integration, in English and Korean. Start there before opening an issue. For usage questions, ideas, "is this the right approach", and show-and-tell, use **GitHub Discussions**: -→ **https://github.com/trustedoss/trustedoss-portal/discussions** +→ **https://github.com/trustedoss/trusca/discussions** Discussions are the best place when you are not yet sure whether something is a bug. @@ -27,7 +27,7 @@ bug. If you have found a reproducible bug or want to request a feature, open a **GitHub Issue** using the issue templates: -→ **https://github.com/trustedoss/trustedoss-portal/issues** +→ **https://github.com/trustedoss/trusca/issues** A good report includes your version (release tag or Git SHA), deployment mode (Docker Compose / Helm), steps to reproduce, what you expected, and what @@ -38,7 +38,7 @@ happened. Logs and screenshots help. **Do not** report security issues in public Issues or Discussions. Follow the private disclosure process in [`SECURITY.md`](SECURITY.md): -→ [Report a vulnerability privately](https://github.com/trustedoss/trustedoss-portal/security/advisories/new) +→ [Report a vulnerability privately](https://github.com/trustedoss/trusca/security/advisories/new) ## Roadmap and project direction diff --git a/apps/backend/core/config.py b/apps/backend/core/config.py index b9fd74f6..0b088e3e 100644 --- a/apps/backend/core/config.py +++ b/apps/backend/core/config.py @@ -741,7 +741,7 @@ def slsa_builder_id() -> str: """ raw = os.getenv("SLSA_BUILDER_ID") if raw is None or raw.strip() == "": - return "https://github.com/trustedoss/trustedoss-portal/worker" + return "https://github.com/trustedoss/trusca/worker" return raw.strip() diff --git a/apps/backend/integrations/attestation.py b/apps/backend/integrations/attestation.py index dd72b578..5dcfe7f2 100644 --- a/apps/backend/integrations/attestation.py +++ b/apps/backend/integrations/attestation.py @@ -60,7 +60,7 @@ # cdxgen → SBOM). Verifiers key their expectations off this, so it is a stable # vendor URI, not configurable. TRUSTEDOSS_SOURCE_SCAN_BUILD_TYPE = ( - "https://github.com/trustedoss/trustedoss-portal/buildtypes/source-scan@v1" + "https://github.com/trustedoss/trusca/buildtypes/source-scan@v1" ) # Defensive caps on the only two caller-supplied free-text fields. The SBOM file diff --git a/apps/backend/integrations/license_fetcher/base.py b/apps/backend/integrations/license_fetcher/base.py index d3d13208..a9c6ca85 100644 --- a/apps/backend/integrations/license_fetcher/base.py +++ b/apps/backend/integrations/license_fetcher/base.py @@ -60,7 +60,7 @@ USER_AGENT = ( "TrustedOSS-Portal/0.1 " - "(+https://github.com/trustedoss/trustedoss-portal; license-fetcher)" + "(+https://github.com/trustedoss/trusca; license-fetcher)" ) diff --git a/apps/backend/tests/unit/core/test_slsa_config.py b/apps/backend/tests/unit/core/test_slsa_config.py index 7c116d06..76159258 100644 --- a/apps/backend/tests/unit/core/test_slsa_config.py +++ b/apps/backend/tests/unit/core/test_slsa_config.py @@ -16,12 +16,12 @@ def test_builder_id_default_when_unset(monkeypatch: pytest.MonkeyPatch) -> None: monkeypatch.delenv("SLSA_BUILDER_ID", raising=False) - assert slsa_builder_id() == "https://github.com/trustedoss/trustedoss-portal/worker" + assert slsa_builder_id() == "https://github.com/trustedoss/trusca/worker" def test_builder_id_blank_falls_back_to_default(monkeypatch: pytest.MonkeyPatch) -> None: monkeypatch.setenv("SLSA_BUILDER_ID", " ") - assert slsa_builder_id() == "https://github.com/trustedoss/trustedoss-portal/worker" + assert slsa_builder_id() == "https://github.com/trustedoss/trusca/worker" def test_builder_id_override_trimmed(monkeypatch: pytest.MonkeyPatch) -> None: diff --git a/apps/backend/tests/unit/integrations/test_attestation.py b/apps/backend/tests/unit/integrations/test_attestation.py index afd01a92..df200987 100644 --- a/apps/backend/tests/unit/integrations/test_attestation.py +++ b/apps/backend/tests/unit/integrations/test_attestation.py @@ -31,7 +31,7 @@ def _build(**overrides: object) -> dict: "sbom_sha256": "a" * 64, "scan_id": "11111111-1111-1111-1111-111111111111", "project_id": "22222222-2222-2222-2222-222222222222", - "builder_id": "https://github.com/trustedoss/trustedoss-portal/worker", + "builder_id": "https://github.com/trustedoss/trusca/worker", "builder_version": "2.3.0-dev", } kwargs.update(overrides) @@ -68,7 +68,7 @@ def test_predicate_run_details_carries_builder_and_metadata() -> None: finished = datetime(2026, 5, 25, 10, 5, 0, tzinfo=UTC) stmt = _build(started_on=started, finished_on=finished) run = stmt["predicate"]["runDetails"] - assert run["builder"]["id"] == "https://github.com/trustedoss/trustedoss-portal/worker" + assert run["builder"]["id"] == "https://github.com/trustedoss/trusca/worker" assert run["builder"]["version"]["trustedoss"] == "2.3.0-dev" assert run["metadata"]["invocationId"] == "11111111-1111-1111-1111-111111111111" assert run["metadata"]["startedOn"] == "2026-05-25T10:00:00Z" diff --git a/charts/trustedoss/Chart.yaml b/charts/trustedoss/Chart.yaml index 312e03f4..ef8ce0ca 100644 --- a/charts/trustedoss/Chart.yaml +++ b/charts/trustedoss/Chart.yaml @@ -11,25 +11,25 @@ description: >- type: application # Chart version is the packaging version (SemVer); bump on every chart change. -# Aligned with the application version for the first public release. -version: 0.10.0 +# Kept aligned with the application version while the two release in lock-step. +version: 0.11.0 # appVersion tracks the released container image tag (image.tag default). # Keep in lock-step with .env.example IMAGE_TAG / docker-compose IMAGE_TAG and # the .github/workflows/release.yml image tags. -appVersion: "0.10.0" +appVersion: "0.11.0" keywords: - sca - sbom - vulnerability - license-compliance -home: https://github.com/trustedoss/trustedoss-portal +home: https://github.com/trustedoss/trusca sources: - - https://github.com/trustedoss/trustedoss-portal + - https://github.com/trustedoss/trusca maintainers: - name: TrustedOSS -icon: https://raw.githubusercontent.com/trustedoss/trustedoss-portal/main/docs/static/img/logo.png +icon: https://raw.githubusercontent.com/trustedoss/trusca/main/docs/static/img/logo.png # ArtifactHub metadata (https://artifacthub.io/docs/topics/annotations/helm/). # Surfaced on the ArtifactHub package page once the OCI repo is registered (a @@ -38,14 +38,14 @@ annotations: artifacthub.io/license: Apache-2.0 artifacthub.io/links: | - name: source - url: https://github.com/trustedoss/trustedoss-portal + url: https://github.com/trustedoss/trusca - name: documentation - url: https://trustedoss.github.io/trustedoss-portal + url: https://trustedoss.github.io/trusca artifacthub.io/maintainers: | - name: TrustedOSS email: maintainers@trustedoss.dev artifacthub.io/prerelease: "false" artifacthub.io/containsSecurityUpdates: "false" artifacthub.io/changes: | - - kind: added - description: "First public release of the TrustedOSS Portal chart" + - kind: changed + description: "TRUSCA rebrand W4 — image repositories renamed to ghcr.io/trustedoss/trusca-{backend,backend-worker,frontend} (chart name unchanged; rename planned for v0.12.0)" diff --git a/charts/trustedoss/README.md b/charts/trustedoss/README.md index f53317b6..51e6a7ac 100644 --- a/charts/trustedoss/README.md +++ b/charts/trustedoss/README.md @@ -1,6 +1,6 @@ # TrustedOSS Portal Helm chart -Production-complete Kubernetes deployment of [TrustedOSS Portal](https://github.com/trustedoss/trustedoss-portal) +Production-complete Kubernetes deployment of [TrustedOSS Portal](https://github.com/trustedoss/trusca) — enterprise open-source risk management (SCA: CVE, license compliance, SBOM). - **Chart version:** see `Chart.yaml` `version` @@ -23,7 +23,7 @@ Production-complete Kubernetes deployment of [TrustedOSS Portal](https://github. Vulnerability matching runs from the worker via `trivy sbom` against the locally-cached Trivy DB — no external engine. Air-gapped sites override the upstream OCI registry with `env.trivy.dbRepository`. See -[ADR-0001 — Dependency-Track removal](https://github.com/trustedoss/trustedoss-portal/blob/main/docs/decisions/0001-replace-dt-with-trivy.md). +[ADR-0001 — Dependency-Track removal](https://github.com/trustedoss/trusca/blob/main/docs/decisions/0001-replace-dt-with-trivy.md). ## Quick start (bundled datastores, evaluation) @@ -87,10 +87,10 @@ connections before alembic runs. | Key | Default | Description | |---|---|---| -| `image.backendRepository` | `ghcr.io/trustedoss/backend` | API image. | -| `image.workerRepository` | `ghcr.io/trustedoss/backend-worker` | Worker/beat/migrate image (ships alembic). | -| `image.frontendRepository` | `ghcr.io/trustedoss/frontend` | SPA image. | -| `image.tag` | `0.10.0` | Tag for all three (lock-step with `appVersion`). Never `:latest`. | +| `image.backendRepository` | `ghcr.io/trustedoss/trusca-backend` | API image. | +| `image.workerRepository` | `ghcr.io/trustedoss/trusca-backend-worker` | Worker/beat/migrate image (ships alembic). | +| `image.frontendRepository` | `ghcr.io/trustedoss/trusca-frontend` | SPA image. | +| `image.tag` | `0.11.0` | Tag for all three (lock-step with `appVersion`). Never `:latest`. | | `image.pullPolicy` | `IfNotPresent` | | | `imagePullSecrets` | `[]` | Private-registry pull secrets. | diff --git a/charts/trustedoss/values.yaml b/charts/trustedoss/values.yaml index e3065928..d40f1928 100644 --- a/charts/trustedoss/values.yaml +++ b/charts/trustedoss/values.yaml @@ -23,14 +23,14 @@ fullnameOverride: "" # repositories for a fork / private mirror / air-gapped registry. image: # API image (FastAPI). Slim, no SCA toolchain. - backendRepository: ghcr.io/trustedoss/backend + backendRepository: ghcr.io/trustedoss/trusca-backend # Worker image (carries cdxgen / scancode / Trivy / JRE). Heavier. Also used # by the beat scheduler and the migration Job (alembic ships in this image). - workerRepository: ghcr.io/trustedoss/backend-worker + workerRepository: ghcr.io/trustedoss/trusca-backend-worker # Frontend image (React SPA on nginx, listens on :8080). - frontendRepository: ghcr.io/trustedoss/frontend + frontendRepository: ghcr.io/trustedoss/trusca-frontend # Tag applied to ALL three images. Kept in lock-step with Chart.yaml appVersion. - tag: "0.10.0" + tag: "0.11.0" pullPolicy: IfNotPresent # -- Image pull secrets for private registries (list of {name: ...}). imagePullSecrets: [] diff --git a/deploy/hetzner/trustedoss-backup.service b/deploy/hetzner/trustedoss-backup.service index 2ac45f5e..b5ca8fca 100644 --- a/deploy/hetzner/trustedoss-backup.service +++ b/deploy/hetzner/trustedoss-backup.service @@ -10,7 +10,7 @@ # Paired timer: trustedoss-backup.timer. [Unit] Description=TrustedOSS daily local backup (pg_dump + workspace) -Documentation=https://github.com/trustedoss/trustedoss-portal/blob/main/docs/operator-runbook-hetzner.md +Documentation=https://github.com/trustedoss/trusca/blob/main/docs/operator-runbook-hetzner.md After=docker.service Requires=docker.service diff --git a/deploy/hetzner/trustedoss-demo-reset.service b/deploy/hetzner/trustedoss-demo-reset.service index 987b1967..12875b47 100644 --- a/deploy/hetzner/trustedoss-demo-reset.service +++ b/deploy/hetzner/trustedoss-demo-reset.service @@ -10,7 +10,7 @@ # Paired timer: trustedoss-demo-reset.timer. [Unit] Description=TrustedOSS demo dataset daily reset -Documentation=https://github.com/trustedoss/trustedoss-portal/blob/main/docs/operator-runbook-hetzner.md +Documentation=https://github.com/trustedoss/trusca/blob/main/docs/operator-runbook-hetzner.md After=docker.service Requires=docker.service diff --git a/docker-compose.yml b/docker-compose.yml index 16cd0eef..783cdee8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -20,18 +20,18 @@ # publishes :80 and :443 only. # postgres — PostgreSQL 17.2-alpine, primary store, named volume. # redis — Redis 7.4-alpine, Celery broker + result backend. -# backend — FastAPI image (ghcr.io/trustedoss/backend:${IMAGE_TAG}), 4 +# backend — FastAPI image (ghcr.io/trustedoss/trusca-backend:${IMAGE_TAG}), 4 # uvicorn workers. Reachable only inside the compose network; # Traefik routes `/v1`, `/auth`, `/ws`, `/health`. A backend # `/metrics` endpoint (Prometheus exporter) is not implemented # in this release, so it is intentionally NOT routed. # worker — Celery worker on the heavier image -# (ghcr.io/trustedoss/backend-worker:${IMAGE_TAG}) which carries +# (ghcr.io/trustedoss/trusca-backend-worker:${IMAGE_TAG}) which carries # cdxgen / scancode / Trivy / JRE. # beat — Celery Beat scheduler (vulnerability re-match every 6 h, Trivy # DB refresh weekly, workspace orphan cleanup, source-archive # retention) — same worker image, separate process. -# frontend — nginx + Vite static bundle (ghcr.io/trustedoss/frontend: +# frontend — nginx + Vite static bundle (ghcr.io/trustedoss/trusca-frontend: # ${IMAGE_TAG}). Reachable only inside the compose network; # Traefik routes `/`. # @@ -266,7 +266,7 @@ services: # API — FastAPI + uvicorn, fronted by Traefik on /api and /health. # --------------------------------------------------------------------------- backend: - image: ${IMAGE_REGISTRY:-ghcr.io/trustedoss}/backend:${IMAGE_TAG:-0.10.0} + image: ${IMAGE_REGISTRY:-ghcr.io/trustedoss}/trusca-backend:${IMAGE_TAG:-0.11.0} restart: unless-stopped environment: <<: *backend-env @@ -370,7 +370,7 @@ services: # with CELERY_CONCURRENCY; the SCANCODE_* guards cap per-task blowups. # --------------------------------------------------------------------------- worker: - image: ${IMAGE_REGISTRY:-ghcr.io/trustedoss}/backend-worker:${IMAGE_TAG:-0.10.0} + image: ${IMAGE_REGISTRY:-ghcr.io/trustedoss}/trusca-backend-worker:${IMAGE_TAG:-0.11.0} restart: unless-stopped command: celery -A tasks.celery_app worker --loglevel=info --concurrency=${CELERY_CONCURRENCY:-2} environment: @@ -446,7 +446,7 @@ services: # workspace orphan cleaner, source-archive retention). # --------------------------------------------------------------------------- beat: - image: ${IMAGE_REGISTRY:-ghcr.io/trustedoss}/backend-worker:${IMAGE_TAG:-0.10.0} + image: ${IMAGE_REGISTRY:-ghcr.io/trustedoss}/trusca-backend-worker:${IMAGE_TAG:-0.11.0} restart: unless-stopped command: celery -A tasks.celery_app beat --loglevel=info --schedule=/tmp/celerybeat-schedule environment: @@ -487,7 +487,7 @@ services: # SPA — Vite bundle served by nginx, fronted by Traefik on `/`. # --------------------------------------------------------------------------- frontend: - image: ${IMAGE_REGISTRY:-ghcr.io/trustedoss}/frontend:${IMAGE_TAG:-0.10.0} + image: ${IMAGE_REGISTRY:-ghcr.io/trustedoss}/trusca-frontend:${IMAGE_TAG:-0.11.0} restart: unless-stopped networks: - trustedoss diff --git a/docs-site/docs/admin-guide/vulnerability-data.md b/docs-site/docs/admin-guide/vulnerability-data.md index d5cd37a2..22a9c7ba 100644 --- a/docs-site/docs/admin-guide/vulnerability-data.md +++ b/docs-site/docs/admin-guide/vulnerability-data.md @@ -15,7 +15,7 @@ Starting with **v0.10.0**, TRUSCA correlates SBOMs against CVEs using a single e ::: :::tip Replaces the Dependency-Track connector -v0.10.0 removed Dependency-Track (DT) and the `/admin/dt` connector page. The Trivy DB does the same job — correlate SBOMs against CVEs — with a ~500 MB footprint instead of a 4 GB JVM and an H2 database. See [ADR-0001](https://github.com/trustedoss/trustedoss-portal/blob/main/docs/decisions/0001-replace-dt-with-trivy.md) for the decision. +v0.10.0 removed Dependency-Track (DT) and the `/admin/dt` connector page. The Trivy DB does the same job — correlate SBOMs against CVEs — with a ~500 MB footprint instead of a 4 GB JVM and an H2 database. See [ADR-0001](https://github.com/trustedoss/trusca/blob/main/docs/decisions/0001-replace-dt-with-trivy.md) for the decision. ::: ## How the lifecycle works @@ -187,7 +187,7 @@ Run on a host that **can** reach `ghcr.io` (a build server, a developer laptop, docker run --rm \ -v trivy-cache-export:/var/lib/trivy \ -e TRIVY_CACHE_DIR=/var/lib/trivy \ - ghcr.io/trustedoss/backend-worker:2.4.0 \ + ghcr.io/trustedoss/trusca-backend-worker:0.11.0 \ trivy --quiet image --download-db-only # Pack the populated volume into a tarball. @@ -348,4 +348,4 @@ Channels: email (SMTP), Slack webhook, MS Teams webhook. Configure in `.env` (`S - [Data sources reference](../reference/data-sources.md) — per-source coverage matrix. - [Environment variables](../reference/env-variables.md#vulnerability-data) — every `TRIVY_*` key. - [System health dashboard](./disk-and-health.md) — where the upcoming Trivy DB card lives. -- [ADR-0001 — Dependency-Track removal](https://github.com/trustedoss/trustedoss-portal/blob/main/docs/decisions/0001-replace-dt-with-trivy.md) — why we switched. +- [ADR-0001 — Dependency-Track removal](https://github.com/trustedoss/trusca/blob/main/docs/decisions/0001-replace-dt-with-trivy.md) — why we switched. diff --git a/docs-site/docs/ci-integration/github-actions.md b/docs-site/docs/ci-integration/github-actions.md index c67b52d6..b13a467b 100644 --- a/docs-site/docs/ci-integration/github-actions.md +++ b/docs-site/docs/ci-integration/github-actions.md @@ -15,7 +15,7 @@ Engineers maintaining a GitHub repository that uses GitHub Actions. You need an ::: :::note Action source -Use the in-repo composite action at `actions/scan/action.yml` directly via `uses: trustedoss/trustedoss-portal/actions/scan@v0.10.0` (referenced from this monorepo). A standalone Marketplace publication is on the roadmap. +Use the in-repo composite action at `actions/scan/action.yml` directly via `uses: trustedoss/trusca/actions/scan@v0.10.0` (referenced from this monorepo). A standalone Marketplace publication is on the roadmap. ::: ## Quick start @@ -38,7 +38,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: TRUSCA SCA scan - uses: trustedoss/trustedoss-portal/actions/scan@v0.10.0 + uses: trustedoss/trusca/actions/scan@v0.10.0 with: api-url: https://trustedoss.example.com api-key: ${{ secrets.TRUSTEDOSS_API_KEY }} @@ -108,7 +108,7 @@ Use them in subsequent steps: ```yaml - name: TRUSCA SCA scan id: sca - uses: trustedoss/trustedoss-portal/actions/scan@v0.10.0 + uses: trustedoss/trusca/actions/scan@v0.10.0 with: api-url: https://trustedoss.example.com api-key: ${{ secrets.TRUSTEDOSS_API_KEY }} @@ -129,7 +129,7 @@ Use them in subsequent steps: Useful while you are seeding policies and don't want to block PRs yet: ```yaml -- uses: trustedoss/trustedoss-portal/actions/scan@v0.10.0 +- uses: trustedoss/trusca/actions/scan@v0.10.0 with: api-url: https://trustedoss.example.com api-key: ${{ secrets.TRUSTEDOSS_API_KEY }} @@ -142,7 +142,7 @@ The PR comment still posts; the check stays green. ### Container scan ```yaml -- uses: trustedoss/trustedoss-portal/actions/scan@v0.10.0 +- uses: trustedoss/trusca/actions/scan@v0.10.0 with: api-url: https://trustedoss.example.com api-key: ${{ secrets.TRUSTEDOSS_API_KEY }} @@ -158,7 +158,7 @@ Run two steps with different `id`s: ```yaml - name: SCA — source - uses: trustedoss/trustedoss-portal/actions/scan@v0.10.0 + uses: trustedoss/trusca/actions/scan@v0.10.0 with: api-url: https://trustedoss.example.com api-key: ${{ secrets.TRUSTEDOSS_API_KEY }} @@ -166,7 +166,7 @@ Run two steps with different `id`s: scan-kind: source - name: SCA — container - uses: trustedoss/trustedoss-portal/actions/scan@v0.10.0 + uses: trustedoss/trusca/actions/scan@v0.10.0 with: api-url: https://trustedoss.example.com api-key: ${{ secrets.TRUSTEDOSS_API_KEY }} @@ -181,7 +181,7 @@ Either step failing fails the job by default. Apply the gate only on `main`, advisory on PRs: ```yaml -- uses: trustedoss/trustedoss-portal/actions/scan@v0.10.0 +- uses: trustedoss/trusca/actions/scan@v0.10.0 with: api-url: https://trustedoss.example.com api-key: ${{ secrets.TRUSTEDOSS_API_KEY }} @@ -208,7 +208,7 @@ With the threshold set, the gate also fails when any open finding has `epss_scor The `@v1` tag floats. Pin to a specific commit for reproducibility: ```yaml -- uses: trustedoss/trustedoss-portal/actions/scan@a1b2c3d4e5f6 # v0.10.0 +- uses: trustedoss/trusca/actions/scan@a1b2c3d4e5f6 # v0.10.0 ``` ## How the ref becomes a retention key diff --git a/docs-site/docs/ci-integration/gitlab-ci.md b/docs-site/docs/ci-integration/gitlab-ci.md index ef708c57..45db8ed5 100644 --- a/docs-site/docs/ci-integration/gitlab-ci.md +++ b/docs-site/docs/ci-integration/gitlab-ci.md @@ -24,7 +24,7 @@ Engineers maintaining a GitLab project that uses GitLab CI / CD. You need an API ```yaml # .gitlab-ci.yml include: - - remote: 'https://raw.githubusercontent.com/trustedoss/trustedoss-portal/v0.10.0/templates/gitlab-ci.yml' + - remote: 'https://raw.githubusercontent.com/trustedoss/trusca/v0.10.0/templates/gitlab-ci.yml' variables: TRUSTEDOSS_API_URL: 'https://trustedoss.example.com' @@ -84,7 +84,7 @@ Either way, only `TRUSTEDOSS_API_KEY` must be masked. ```yaml include: - - remote: 'https://raw.githubusercontent.com/trustedoss/trustedoss-portal/v0.10.0/templates/gitlab-ci.yml' + - remote: 'https://raw.githubusercontent.com/trustedoss/trusca/v0.10.0/templates/gitlab-ci.yml' variables: TRUSTEDOSS_API_URL: 'https://trustedoss.example.com' @@ -100,7 +100,7 @@ Override the rules of the included job: ```yaml include: - - remote: 'https://raw.githubusercontent.com/trustedoss/trustedoss-portal/v0.10.0/templates/gitlab-ci.yml' + - remote: 'https://raw.githubusercontent.com/trustedoss/trusca/v0.10.0/templates/gitlab-ci.yml' .trustedoss-sca: rules: @@ -112,7 +112,7 @@ include: ```yaml include: - - remote: 'https://raw.githubusercontent.com/trustedoss/trustedoss-portal/v0.10.0/templates/gitlab-ci.yml' + - remote: 'https://raw.githubusercontent.com/trustedoss/trusca/v0.10.0/templates/gitlab-ci.yml' trustedoss:scan-container: extends: .trustedoss-sca @@ -152,7 +152,7 @@ If you need to copy and inline the job — for instance because your runner cann - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' ``` -The full canonical version lives at [`templates/gitlab-ci.yml`](https://github.com/trustedoss/trustedoss-portal/blob/main/templates/gitlab-ci.yml). Read it before forking — it handles edge cases (network blip during poll, masked-token rotation) you do not want to re-implement. +The full canonical version lives at [`templates/gitlab-ci.yml`](https://github.com/trustedoss/trusca/blob/main/templates/gitlab-ci.yml). Read it before forking — it handles edge cases (network blip during poll, masked-token rotation) you do not want to re-implement. ## How the ref becomes a retention key diff --git a/docs-site/docs/comparison.md b/docs-site/docs/comparison.md index 762f452c..8423b02a 100644 --- a/docs-site/docs/comparison.md +++ b/docs-site/docs/comparison.md @@ -11,7 +11,7 @@ description: An honest comparison of TRUSCA versus commercial SCA (Black Duck, S Engineers, platform owners, and legal/compliance leads deciding whether TRUSCA fits their organization. This page is deliberately honest: it lists what the portal does well **and** what it does not do yet. For the -roadmap behind the "planned" rows, see [`ROADMAP.md`](https://github.com/trustedoss/trustedoss-portal/blob/main/ROADMAP.md). +roadmap behind the "planned" rows, see [`ROADMAP.md`](https://github.com/trustedoss/trusca/blob/main/ROADMAP.md). ::: TRUSCA's core idea is to wrap several best-of-breed open-source @@ -77,7 +77,7 @@ component approval workflow, build-blocking CI gates, and a fully bilingual Dependency-Track (DT) is excellent at what it does — a focused vulnerability intelligence platform for SBOMs you supply. TRUSCA uses Trivy as its single embedded vulnerability engine (see -[ADR-0001](https://github.com/trustedoss/trustedoss-portal/blob/main/docs/decisions/0001-replace-dt-with-trivy.md) +[ADR-0001](https://github.com/trustedoss/trusca/blob/main/docs/decisions/0001-replace-dt-with-trivy.md) for the decision). The question is what shape of platform fits your team. **TRUSCA differs from running DT directly:** @@ -120,7 +120,7 @@ already have a process built around it. ## Current limitations (be aware before you adopt) These are real and intentional gaps. Each is on the -[roadmap](https://github.com/trustedoss/trustedoss-portal/blob/main/ROADMAP.md): +[roadmap](https://github.com/trustedoss/trusca/blob/main/ROADMAP.md): - **Automated remediation pull requests are planned.** The portal detects and gates, and surfaces per-finding `fixed_version` and dependency-graph @@ -144,4 +144,4 @@ These are real and intentional gaps. Each is on the - [Introduction](./intro.md) — what the portal does and does not do - [Glossary](./reference/glossary.md) — SCA, SBOM, VEX, EPSS, and more -- [Roadmap](https://github.com/trustedoss/trustedoss-portal/blob/main/ROADMAP.md) — where the "planned" items land +- [Roadmap](https://github.com/trustedoss/trusca/blob/main/ROADMAP.md) — where the "planned" items land diff --git a/docs-site/docs/contributor-guide/getting-started.md b/docs-site/docs/contributor-guide/getting-started.md index 45461ce1..ff2d9c08 100644 --- a/docs-site/docs/contributor-guide/getting-started.md +++ b/docs-site/docs/contributor-guide/getting-started.md @@ -30,8 +30,8 @@ You can develop without Go if you do not run scans locally — `cdxgen` only nee ## Clone and branch ```bash -git clone https://github.com/trustedoss/trustedoss-portal.git -cd trustedoss-portal +git clone https://github.com/trustedoss/trusca.git +cd trusca # branch naming: feature/* for new features, chore/* for maintenance, # fix/* for bug fixes, docs/* for documentation-only changes. diff --git a/docs-site/docs/installation/docker-compose.md b/docs-site/docs/installation/docker-compose.md index f63a0026..edf61071 100644 --- a/docs-site/docs/installation/docker-compose.md +++ b/docs-site/docs/installation/docker-compose.md @@ -59,8 +59,8 @@ internet. ### Bring up the stack ```bash -git clone https://github.com/trustedoss/trustedoss-portal.git -cd trustedoss-portal +git clone https://github.com/trustedoss/trusca.git +cd trusca cp .env.example .env ``` @@ -154,13 +154,13 @@ does not enter the ACME flow. ## Quick install (no clone) -If you just want the stack running and don't need the helper scripts, you can install directly from the published images without cloning the repository — a single-file install experience. The production images are published to GitHub Container Registry (`ghcr.io/trustedoss/backend`, `…/backend-worker`, `…/frontend`) and pull anonymously. +If you just want the stack running and don't need the helper scripts, you can install directly from the published images without cloning the repository — a single-file install experience. The production images are published to GitHub Container Registry (`ghcr.io/trustedoss/trusca-backend`, `…/trusca-backend-worker`, `…/trusca-frontend`) and pull anonymously. Fetch the three files the compose stack needs (the compose file, the env template, and the one-time Postgres role init script), edit `.env`, then start: ```bash mkdir -p trustedoss && cd trustedoss -BASE=https://raw.githubusercontent.com/trustedoss/trustedoss-portal/v0.10.0 +BASE=https://raw.githubusercontent.com/trustedoss/trusca/v0.10.0 # 1. The self-contained production compose file (no `build:` section — pulls # images from ghcr.io) and the env template. @@ -242,8 +242,8 @@ The `install.sh` wizard (Steps 1–3 below) does all of this for you — secret ## Step 1 — Clone the repository ```bash -git clone https://github.com/trustedoss/trustedoss-portal.git -cd trustedoss-portal +git clone https://github.com/trustedoss/trusca.git +cd trusca ``` If you maintain a fork, clone the fork instead. Pin to a release tag for reproducible installs: @@ -396,13 +396,13 @@ sudo rm -rf /opt/trustedoss/workspace ## Maintainer note — publishing the images (one-time org setup) -The portal images are published to GitHub Container Registry by the [`release.yml`](https://github.com/trustedoss/trustedoss-portal/blob/main/.github/workflows/release.yml) workflow, triggered by pushing a `vX.Y.Z` git tag (or via **Run workflow** with a tag input). For that workflow to push, the **organisation must let GitHub Actions write packages** — Org → Settings → Actions → Workflow permissions → *Read and write permissions* (or grant the repo the *Write* role under the package's *Manage Actions access*). The workflow uses the built-in `GITHUB_TOKEN`; no personal access token is required. +The portal images are published to GitHub Container Registry by the [`release.yml`](https://github.com/trustedoss/trusca/blob/main/.github/workflows/release.yml) workflow, triggered by pushing a `vX.Y.Z` git tag (or via **Run workflow** with a tag input). For that workflow to push, the **organisation must let GitHub Actions write packages** — Org → Settings → Actions → Workflow permissions → *Read and write permissions* (or grant the repo the *Write* role under the package's *Manage Actions access*). The workflow uses the built-in `GITHUB_TOKEN`; no personal access token is required. After the first push, set each package's visibility to **Public** (ghcr package → Package settings → Change visibility → Public) so operators can `docker pull` anonymously — the no-clone quick install relies on this. Each release publishes an immutable `X.Y.Z` tag and a movable `X.Y` tag; there is no `latest` tag (CLAUDE.md rule #9). ## Why docker-compose V1, not V2? -The project's **development and CI** environment standardizes on Compose V1 (`docker-compose`) — V2 syntax differences are not exercised in our internal pipelines, and PRs that introduce `docker compose` (V2) into the dev/CI surface are blocked by review (see [`CLAUDE.md`](https://github.com/trustedoss/trustedoss-portal/blob/main/CLAUDE.md) rule #10). +The project's **development and CI** environment standardizes on Compose V1 (`docker-compose`) — V2 syntax differences are not exercised in our internal pipelines, and PRs that introduce `docker compose` (V2) into the dev/CI surface are blocked by review (see [`CLAUDE.md`](https://github.com/trustedoss/trusca/blob/main/CLAUDE.md) rule #10). That constraint is internal. For **end-user installs**, the `install.sh` wizard prefers V1 but falls back to the V2 plugin (`docker compose`) so a stock modern host — where V1 reached end-of-life in 2023 — works out of the box. The compose files themselves use the V1 file format, which V2 also reads. diff --git a/docs-site/docs/installation/helm.md b/docs-site/docs/installation/helm.md index a417283d..e3618cc9 100644 --- a/docs-site/docs/installation/helm.md +++ b/docs-site/docs/installation/helm.md @@ -178,7 +178,7 @@ upgrading — see [Backup & restore](../admin-guide/backup-and-restore.md). ## Key values -The full table lives in the [chart README](https://github.com/trustedoss/trustedoss-portal/blob/main/charts/trustedoss/README.md). +The full table lives in the [chart README](https://github.com/trustedoss/trusca/blob/main/charts/trustedoss/README.md). The values you most often set: | Key | Default | Purpose | @@ -261,7 +261,7 @@ The values you most often set: ``` If you hit a chart bug, open an issue using the -[bug report template](https://github.com/trustedoss/trustedoss-portal/issues/new/choose). +[bug report template](https://github.com/trustedoss/trusca/issues/new/choose). ## See also diff --git a/docs-site/docs/installation/uat-checklist.md b/docs-site/docs/installation/uat-checklist.md index b7eb13a9..6d709e4c 100644 --- a/docs-site/docs/installation/uat-checklist.md +++ b/docs-site/docs/installation/uat-checklist.md @@ -64,8 +64,8 @@ Clone the repo and run the wizard. Pick **one** of (a) interactive or (b) non-interactive — the latter mirrors what CI runs. ```bash -git clone https://github.com/trustedoss/trustedoss-portal.git -cd trustedoss-portal +git clone https://github.com/trustedoss/trusca.git +cd trusca ``` ### (a) Interactive @@ -161,8 +161,8 @@ scp -r backups/2026-05-09-143022 vm-b:/tmp/backups/ On `vm-b`: ```bash -git clone https://github.com/trustedoss/trustedoss-portal.git -cd trustedoss-portal +git clone https://github.com/trustedoss/trusca.git +cd trusca bash scripts/install.sh --no-prompt mkdir -p backups mv /tmp/backups/2026-05-09-143022 backups/ diff --git a/docs-site/docs/installation/upgrade.md b/docs-site/docs/installation/upgrade.md index f1c2a039..6592879c 100644 --- a/docs-site/docs/installation/upgrade.md +++ b/docs-site/docs/installation/upgrade.md @@ -25,7 +25,7 @@ Operators with `sudo` on the host that runs the portal. Familiarity with `docker - A previous successful install (i.e. `docker-compose -f docker-compose.yml ps` shows healthy services). - `docker-compose` (V1) on PATH. - At least 5 GB free disk for the new image layers and the pre-upgrade backup. -- The intended `IMAGE_TAG` is in `.env` (or the wizard accepts the default `0.10.0`). If you maintain a private registry, `IMAGE_TAG` should match the manifest published there. +- The intended `IMAGE_TAG` is in `.env` (or the wizard accepts the default `0.11.0`). If you maintain a private registry, `IMAGE_TAG` should match the manifest published there. ## Step 1 — Inspect the upgrade window @@ -130,4 +130,4 @@ Then re-run `bash scripts/upgrade.sh`. - [Backup & restore](../admin-guide/backup-and-restore.md) - [System health dashboard](../admin-guide/disk-and-health.md) -- [Release notes](https://github.com/trustedoss/trustedoss-portal/releases) +- [Release notes](https://github.com/trustedoss/trusca/releases) diff --git a/docs-site/docs/intro.md b/docs-site/docs/intro.md index bfa12d1e..f8e00494 100644 --- a/docs-site/docs/intro.md +++ b/docs-site/docs/intro.md @@ -50,7 +50,7 @@ commercial products. ## Project - **License** — Apache-2.0. -- **Source** — [github.com/trustedoss/trustedoss-portal](https://github.com/trustedoss/trustedoss-portal). -- **Roadmap** — [`ROADMAP.md`](https://github.com/trustedoss/trustedoss-portal/blob/main/ROADMAP.md). -- **Security disclosures** — [`SECURITY.md`](https://github.com/trustedoss/trustedoss-portal/blob/main/SECURITY.md). +- **Source** — [github.com/trustedoss/trusca](https://github.com/trustedoss/trusca). +- **Roadmap** — [`ROADMAP.md`](https://github.com/trustedoss/trusca/blob/main/ROADMAP.md). +- **Security disclosures** — [`SECURITY.md`](https://github.com/trustedoss/trusca/blob/main/SECURITY.md). - **Architecture and decisions** — [Architecture reference](./reference/architecture.md). diff --git a/docs-site/docs/quickstart.md b/docs-site/docs/quickstart.md index 514a3371..e7c11dba 100644 --- a/docs-site/docs/quickstart.md +++ b/docs-site/docs/quickstart.md @@ -25,8 +25,8 @@ Clone the repository and create your env file: ```bash -git clone https://github.com/trustedoss/trustedoss-portal.git -cd trustedoss-portal +git clone https://github.com/trustedoss/trusca.git +cd trusca cp .env.example .env ``` diff --git a/docs-site/docs/reference/architecture.md b/docs-site/docs/reference/architecture.md index 21390b81..26354d72 100644 --- a/docs-site/docs/reference/architecture.md +++ b/docs-site/docs/reference/architecture.md @@ -23,15 +23,15 @@ The production stack runs seven container services: | `traefik` | `traefik:v3.2.1` | Edge proxy. TLS termination via Let's Encrypt HTTP-01. HTTP→HTTPS redirect. | | `postgres` | `postgres:17.2-alpine` | Primary store. All persistent state. | | `redis` | `redis:7.4-alpine` | Celery broker + result backend. WebSocket pub/sub. | -| `backend` | `trustedoss/backend:` | FastAPI + uvicorn (4 workers). Reachable via Traefik on `/api`, `/health`. | -| `worker` | `trustedoss/backend-worker:` | Celery worker with `cdxgen`, scancode, Trivy, JRE bundled (JRE is for `cdxgen`'s Maven / Gradle SBOM enumeration). The worker also holds the local **Trivy DB** at `/var/lib/trivy`. | -| `beat` | `trustedoss/backend-worker:` | Celery Beat scheduler. Trivy DB refresh (weekly), vulnerability re-match (after each refresh), backup (daily). | -| `frontend` | `trustedoss/frontend:` | nginx serving the Vite build. Reachable via Traefik on `/`. | +| `backend` | `trustedoss/trusca-backend:` | FastAPI + uvicorn (4 workers). Reachable via Traefik on `/api`, `/health`. | +| `worker` | `trustedoss/trusca-backend-worker:` | Celery worker with `cdxgen`, scancode, Trivy, JRE bundled (JRE is for `cdxgen`'s Maven / Gradle SBOM enumeration). The worker also holds the local **Trivy DB** at `/var/lib/trivy`. | +| `beat` | `trustedoss/trusca-backend-worker:` | Celery Beat scheduler. Trivy DB refresh (weekly), vulnerability re-match (after each refresh), backup (daily). | +| `frontend` | `trustedoss/trusca-frontend:` | nginx serving the Vite build. Reachable via Traefik on `/`. | Image tags are pinned (`CLAUDE.md` rule #9 — never `:latest`). :::note Dependency-Track was removed in v0.10.0 -Earlier releases shipped Dependency-Track as an optional eighth service. v0.10.0 removed it in favour of Trivy as the single vulnerability engine — see [ADR-0001](https://github.com/trustedoss/trustedoss-portal/blob/main/docs/decisions/0001-replace-dt-with-trivy.md) and the [v0.10.0 release notes](../release-notes/v0.10.0.md). The Trivy DB lives inside the worker container; there is no separate vulnerability-engine service. +Earlier releases shipped Dependency-Track as an optional eighth service. v0.10.0 removed it in favour of Trivy as the single vulnerability engine — see [ADR-0001](https://github.com/trustedoss/trusca/blob/main/docs/decisions/0001-replace-dt-with-trivy.md) and the [v0.10.0 release notes](../release-notes/v0.10.0.md). The Trivy DB lives inside the worker container; there is no separate vulnerability-engine service. ::: :::note diff --git a/docs-site/docs/reference/data-sources.md b/docs-site/docs/reference/data-sources.md index 5ab24b4a..2022c56d 100644 --- a/docs-site/docs/reference/data-sources.md +++ b/docs-site/docs/reference/data-sources.md @@ -100,4 +100,4 @@ For the user-facing flow (drawer, VEX state machine, suppression), see [Vulnerab - [Vulnerability data (Trivy DB)](../admin-guide/vulnerability-data.md) — operator-facing lifecycle, air-gapped mirror, troubleshooting. - [Vulnerabilities](../user-guide/vulnerabilities.md) — analyst-facing flow. - [Glossary](./glossary.md#vulnerabilities) — CVE, CWE, NVD, EPSS, KEV definitions. -- [ADR-0001 — Dependency-Track removal](https://github.com/trustedoss/trustedoss-portal/blob/main/docs/decisions/0001-replace-dt-with-trivy.md) — why Trivy is the single engine from v0.10.0. +- [ADR-0001 — Dependency-Track removal](https://github.com/trustedoss/trusca/blob/main/docs/decisions/0001-replace-dt-with-trivy.md) — why Trivy is the single engine from v0.10.0. diff --git a/docs-site/docs/reference/design-system.md b/docs-site/docs/reference/design-system.md index c950d46f..32ca05e6 100644 --- a/docs-site/docs/reference/design-system.md +++ b/docs-site/docs/reference/design-system.md @@ -380,5 +380,5 @@ The previous "BD-style 2015" aesthetic (`#0f172a` navy, pure white canvas, unifo - [Architecture](./architecture.md) — backend / frontend / scan pipeline overview. - [Coding standards](../contributor-guide/coding-standards.md) — formatting, linting, commit conventions. -- [`CLAUDE.md`](https://github.com/trustedoss/trustedoss-portal/blob/main/CLAUDE.md) — top-level project rules. The "디자인 시스템 (v2)" section summarises this page. +- [`CLAUDE.md`](https://github.com/trustedoss/trusca/blob/main/CLAUDE.md) — top-level project rules. The "디자인 시스템 (v2)" section summarises this page. - W11 source-of-truth plan — `docs/ux/design-philosophy-evolution-plan-2026-05-27.md` (in-repo). diff --git a/docs-site/docs/reference/env-variables.md b/docs-site/docs/reference/env-variables.md index 88914a72..49d0bd07 100644 --- a/docs-site/docs/reference/env-variables.md +++ b/docs-site/docs/reference/env-variables.md @@ -40,7 +40,7 @@ These four must be present and non-empty. The wizard sets them. | `APP_ENV` | `dev` | `config.py` | `dev`, `staging`, or `prod`. Drives a few CORS / log defaults. | | `LOG_LEVEL` | `INFO` | `config.py` | `DEBUG`, `INFO`, `WARNING`, `ERROR`. | | `DEMO_READ_ONLY` | `false` | `config.py` | When truthy (`1`/`true`/`yes`/`on`), the backend runs as a **read-only live demo**: every non-auth mutation (POST/PUT/PATCH/DELETE) is rejected with an RFC 7807 `403`. Surfaces on `GET /health` so the SPA shows a banner. See [Live demo](../installation/live-demo.md). | -| `IMAGE_TAG` | `2.0.0` | `docker-compose.yml` | Pinned tag for `trustedoss/backend`, `trustedoss/backend-worker`, `trustedoss/frontend`. | +| `IMAGE_TAG` | `0.11.0` | `docker-compose.yml` | Pinned tag for `ghcr.io/trustedoss/trusca-backend`, `…/trusca-backend-worker`, `…/trusca-frontend`. | ## Database @@ -228,6 +228,6 @@ The startup log emits a single `backend_starting` event with the `app_env` field ## See also -- [`/.env.example`](https://github.com/trustedoss/trustedoss-portal/blob/main/.env.example) — canonical reference, always up to date. +- [`/.env.example`](https://github.com/trustedoss/trusca/blob/main/.env.example) — canonical reference, always up to date. - [Architecture](./architecture.md) - [Install with Docker Compose](../installation/docker-compose.md) diff --git a/docs-site/docs/reference/glossary.md b/docs-site/docs/reference/glossary.md index 10d0edce..fc7e98f2 100644 --- a/docs-site/docs/reference/glossary.md +++ b/docs-site/docs/reference/glossary.md @@ -118,7 +118,7 @@ column. - **DT — Dependency-Track.** Apache-2.0 vulnerability intelligence platform. TRUSCA used DT as its vulnerability engine through and replaced it with Trivy at v0.10.0 — see - [ADR-0001](https://github.com/trustedoss/trustedoss-portal/blob/main/docs/decisions/0001-replace-dt-with-trivy.md) + [ADR-0001](https://github.com/trustedoss/trusca/blob/main/docs/decisions/0001-replace-dt-with-trivy.md) and [Comparison](../comparison.md#vs-dependency-track). The DT term still appears in this glossary because legacy audit-log rows and the comparison page reference it. diff --git a/docs-site/docs/reference/sbom-signature-verification.md b/docs-site/docs/reference/sbom-signature-verification.md index bda68f18..cf84c157 100644 --- a/docs-site/docs/reference/sbom-signature-verification.md +++ b/docs-site/docs/reference/sbom-signature-verification.md @@ -300,4 +300,4 @@ The artifact or bundle exceeds the deployment's configured download size cap. Th - [Glossary](./glossary.md) — SBOM, SCA, VEX, and RBAC role definitions - [Environment variables](./env-variables.md) — the `COSIGN_*` and `SLSA_*` keys - [API reference (Redoc)](pathname:///reference/api) — the generated endpoint contract -- [Report an issue](https://github.com/trustedoss/trustedoss-portal/issues/new/choose) — if verification fails unexpectedly +- [Report an issue](https://github.com/trustedoss/trusca/issues/new/choose) — if verification fails unexpectedly diff --git a/docs-site/docs/release-notes/v0.10.0.md b/docs-site/docs/release-notes/v0.10.0.md index fa4cce19..d446479a 100644 --- a/docs-site/docs/release-notes/v0.10.0.md +++ b/docs-site/docs/release-notes/v0.10.0.md @@ -13,7 +13,7 @@ SCA portal that unifies vulnerability tracking, license compliance, SBOM generation, and CI/CD integration in one UI. The full machine-readable changelog lives in -[`CHANGELOG.md`](https://github.com/trustedoss/trustedoss-portal/blob/main/CHANGELOG.md). +[`CHANGELOG.md`](https://github.com/trustedoss/trusca/blob/main/CHANGELOG.md). This page is the human-readable summary. ## Highlights @@ -98,7 +98,7 @@ that matter most for adoption decisions: - **Reachability analysis.** Findings are listed in full rather than ranked by whether vulnerable code is reachable — planned, best-effort. -See the [roadmap](https://github.com/trustedoss/trustedoss-portal/blob/main/ROADMAP.md) +See the [roadmap](https://github.com/trustedoss/trusca/blob/main/ROADMAP.md) for the full forward plan. ## Install @@ -109,6 +109,6 @@ for the full forward plan. ## See also -- [`CHANGELOG.md`](https://github.com/trustedoss/trustedoss-portal/blob/main/CHANGELOG.md) — the machine-readable changelog. -- [`ROADMAP.md`](https://github.com/trustedoss/trustedoss-portal/blob/main/ROADMAP.md) — what is planned next. +- [`CHANGELOG.md`](https://github.com/trustedoss/trusca/blob/main/CHANGELOG.md) — the machine-readable changelog. +- [`ROADMAP.md`](https://github.com/trustedoss/trusca/blob/main/ROADMAP.md) — what is planned next. - [Comparison](../comparison.md) — how TrustedOSS Portal compares to commercial SCA, Dependency-Track, and SW360. diff --git a/docs-site/docs/user-guide/components-and-licenses.md b/docs-site/docs/user-guide/components-and-licenses.md index c82b3cec..ff631cc3 100644 --- a/docs-site/docs/user-guide/components-and-licenses.md +++ b/docs-site/docs/user-guide/components-and-licenses.md @@ -131,7 +131,7 @@ scancode is **best-effort**. Detected licenses can be absent — which is normal ## Obligations -Each license carries **obligations** — duties you must honor when redistributing the component. The portal tracks seven kinds (see [glossary](https://github.com/trustedoss/trustedoss-portal/blob/main/docs/glossary.md)): +Each license carries **obligations** — duties you must honor when redistributing the component. The portal tracks seven kinds (see [glossary](https://github.com/trustedoss/trusca/blob/main/docs/glossary.md)): - **Attribution** — preserve the upstream copyright notice. - **NOTICE preservation** — carry the upstream `NOTICE` file (Apache-2.0 §4(d)). diff --git a/docs-site/docusaurus.config.ts b/docs-site/docusaurus.config.ts index 33c39511..3ecd4a08 100644 --- a/docs-site/docusaurus.config.ts +++ b/docs-site/docusaurus.config.ts @@ -2,7 +2,7 @@ // // Two locales (en, ko) ship together at GA per CLAUDE.md. The site is built // on every push to `main` by .github/workflows/docs.yml and deployed to -// GitHub Pages at https://trustedoss.github.io/trustedoss-portal/. +// GitHub Pages at https://trustedoss.github.io/trusca/. import { themes as prismThemes } from "prism-react-renderer"; import type { Config } from "@docusaurus/types"; @@ -14,10 +14,10 @@ const config: Config = { favicon: "img/favicon.svg", url: "https://trustedoss.github.io", - baseUrl: "/trustedoss-portal/", + baseUrl: "/trusca/", organizationName: "trustedoss", - projectName: "trustedoss-portal", + projectName: "trusca", deploymentBranch: "gh-pages", trailingSlash: false, @@ -46,7 +46,7 @@ const config: Config = { // Source of truth lives in this monorepo. Doc edits are encouraged // via PR — the "Edit this page" link below targets the right path. editUrl: - "https://github.com/trustedoss/trustedoss-portal/edit/main/docs-site/", + "https://github.com/trustedoss/trusca/edit/main/docs-site/", editLocalizedFiles: true, showLastUpdateAuthor: false, showLastUpdateTime: true, @@ -130,7 +130,7 @@ const config: Config = { }, { type: "localeDropdown", position: "right" }, { - href: "https://github.com/trustedoss/trustedoss-portal", + href: "https://github.com/trustedoss/trusca", label: "GitHub", position: "right", }, @@ -153,15 +153,15 @@ const config: Config = { items: [ { label: "GitHub", - href: "https://github.com/trustedoss/trustedoss-portal", + href: "https://github.com/trustedoss/trusca", }, { label: "Issues", - href: "https://github.com/trustedoss/trustedoss-portal/issues", + href: "https://github.com/trustedoss/trusca/issues", }, { label: "Releases", - href: "https://github.com/trustedoss/trustedoss-portal/releases", + href: "https://github.com/trustedoss/trusca/releases", }, ], }, diff --git a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/admin-guide/vulnerability-data.md b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/admin-guide/vulnerability-data.md index 51074502..98ff1b63 100644 --- a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/admin-guide/vulnerability-data.md +++ b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/admin-guide/vulnerability-data.md @@ -15,7 +15,7 @@ sidebar_position: 2 ::: :::tip Dependency-Track 커넥터 대체 -v0.10.0은 Dependency-Track(DT)과 `/admin/dt` 커넥터 페이지를 제거했습니다. Trivy DB가 같은 역할(SBOM ↔ CVE 매칭)을 4GB JVM + H2 DB 대신 ~500MB 풋프린트로 수행합니다. 결정 배경은 [ADR-0001](https://github.com/trustedoss/trustedoss-portal/blob/main/docs/decisions/0001-replace-dt-with-trivy.md)을 참조하세요. +v0.10.0은 Dependency-Track(DT)과 `/admin/dt` 커넥터 페이지를 제거했습니다. Trivy DB가 같은 역할(SBOM ↔ CVE 매칭)을 4GB JVM + H2 DB 대신 ~500MB 풋프린트로 수행합니다. 결정 배경은 [ADR-0001](https://github.com/trustedoss/trusca/blob/main/docs/decisions/0001-replace-dt-with-trivy.md)을 참조하세요. ::: ## 라이프사이클 동작 @@ -187,7 +187,7 @@ beat 이미지를 리빌드해 `apps/backend/tasks/celery_app.py::_build_beat_sc docker run --rm \ -v trivy-cache-export:/var/lib/trivy \ -e TRIVY_CACHE_DIR=/var/lib/trivy \ - ghcr.io/trustedoss/backend-worker:2.4.0 \ + ghcr.io/trustedoss/trusca-backend-worker:0.11.0 \ trivy --quiet image --download-db-only # 채워진 볼륨을 tarball로 패킹. @@ -347,4 +347,4 @@ TRIVY_TIMEOUT_SECONDS=900 - [데이터 출처 reference](../reference/data-sources.md) — 출처별 커버리지 매트릭스. - [환경 변수](../reference/env-variables.md#취약점-데이터) — 모든 `TRIVY_*` 키. - [시스템 헬스 대시보드](./disk-and-health.md) — Trivy DB 카드가 들어갈 위치. -- [ADR-0001 — Dependency-Track 제거](https://github.com/trustedoss/trustedoss-portal/blob/main/docs/decisions/0001-replace-dt-with-trivy.md) — 교체 배경. +- [ADR-0001 — Dependency-Track 제거](https://github.com/trustedoss/trusca/blob/main/docs/decisions/0001-replace-dt-with-trivy.md) — 교체 배경. diff --git a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/ci-integration/github-actions.md b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/ci-integration/github-actions.md index ded73452..228e7e47 100644 --- a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/ci-integration/github-actions.md +++ b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/ci-integration/github-actions.md @@ -15,7 +15,7 @@ GitHub Actions를 사용하는 GitHub 저장소를 운영하는 엔지니어. ::: :::note 액션 출처 -모노레포의 `actions/scan/action.yml` 컴포지트 액션을 `uses: trustedoss/trustedoss-portal/actions/scan@v0.10.0`로 직접 참조하세요. 독립된 Marketplace 게시는 로드맵에 있습니다. +모노레포의 `actions/scan/action.yml` 컴포지트 액션을 `uses: trustedoss/trusca/actions/scan@v0.10.0`로 직접 참조하세요. 독립된 Marketplace 게시는 로드맵에 있습니다. ::: ## 빠른 시작 @@ -38,7 +38,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: TRUSCA SCA scan - uses: trustedoss/trustedoss-portal/actions/scan@v0.10.0 + uses: trustedoss/trusca/actions/scan@v0.10.0 with: api-url: https://trustedoss.example.com api-key: ${{ secrets.TRUSTEDOSS_API_KEY }} @@ -108,7 +108,7 @@ jobs: ```yaml - name: TRUSCA SCA scan id: sca - uses: trustedoss/trustedoss-portal/actions/scan@v0.10.0 + uses: trustedoss/trusca/actions/scan@v0.10.0 with: api-url: https://trustedoss.example.com api-key: ${{ secrets.TRUSTEDOSS_API_KEY }} @@ -129,7 +129,7 @@ jobs: 정책을 시드하는 동안 PR을 차단하지 않으려는 경우에 유용합니다. ```yaml -- uses: trustedoss/trustedoss-portal/actions/scan@v0.10.0 +- uses: trustedoss/trusca/actions/scan@v0.10.0 with: api-url: https://trustedoss.example.com api-key: ${{ secrets.TRUSTEDOSS_API_KEY }} @@ -142,7 +142,7 @@ PR 코멘트는 그대로 게시되며 체크는 green으로 유지됩니다. ### 컨테이너 스캔 ```yaml -- uses: trustedoss/trustedoss-portal/actions/scan@v0.10.0 +- uses: trustedoss/trusca/actions/scan@v0.10.0 with: api-url: https://trustedoss.example.com api-key: ${{ secrets.TRUSTEDOSS_API_KEY }} @@ -158,7 +158,7 @@ PR 코멘트는 그대로 게시되며 체크는 green으로 유지됩니다. ```yaml - name: SCA — source - uses: trustedoss/trustedoss-portal/actions/scan@v0.10.0 + uses: trustedoss/trusca/actions/scan@v0.10.0 with: api-url: https://trustedoss.example.com api-key: ${{ secrets.TRUSTEDOSS_API_KEY }} @@ -166,7 +166,7 @@ PR 코멘트는 그대로 게시되며 체크는 green으로 유지됩니다. scan-kind: source - name: SCA — container - uses: trustedoss/trustedoss-portal/actions/scan@v0.10.0 + uses: trustedoss/trusca/actions/scan@v0.10.0 with: api-url: https://trustedoss.example.com api-key: ${{ secrets.TRUSTEDOSS_API_KEY }} @@ -181,7 +181,7 @@ PR 코멘트는 그대로 게시되며 체크는 green으로 유지됩니다. `main`에서만 게이트를 적용하고 PR에서는 advisory: ```yaml -- uses: trustedoss/trustedoss-portal/actions/scan@v0.10.0 +- uses: trustedoss/trusca/actions/scan@v0.10.0 with: api-url: https://trustedoss.example.com api-key: ${{ secrets.TRUSTEDOSS_API_KEY }} @@ -208,7 +208,7 @@ GATE_EPSS_THRESHOLD=0.5 `@v1` 태그는 떠 있습니다(floating). 재현성을 위해 특정 커밋에 핀: ```yaml -- uses: trustedoss/trustedoss-portal/actions/scan@a1b2c3d4e5f6 # v0.10.0 +- uses: trustedoss/trusca/actions/scan@a1b2c3d4e5f6 # v0.10.0 ``` ## ref가 보존 키가 되는 방식 {#how-the-ref-becomes-a-retention-key} diff --git a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/ci-integration/gitlab-ci.md b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/ci-integration/gitlab-ci.md index dbbfb00d..8f4112f9 100644 --- a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/ci-integration/gitlab-ci.md +++ b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/ci-integration/gitlab-ci.md @@ -24,7 +24,7 @@ GitLab CI/CD를 사용하는 GitLab 프로젝트를 운영하는 엔지니어. ```yaml # .gitlab-ci.yml include: - - remote: 'https://raw.githubusercontent.com/trustedoss/trustedoss-portal/v0.10.0/templates/gitlab-ci.yml' + - remote: 'https://raw.githubusercontent.com/trustedoss/trusca/v0.10.0/templates/gitlab-ci.yml' variables: TRUSTEDOSS_API_URL: 'https://trustedoss.example.com' @@ -84,7 +84,7 @@ masked 플래그는 잡 로그에 Key가 그대로 노출되는 것을 막습니 ```yaml include: - - remote: 'https://raw.githubusercontent.com/trustedoss/trustedoss-portal/v0.10.0/templates/gitlab-ci.yml' + - remote: 'https://raw.githubusercontent.com/trustedoss/trusca/v0.10.0/templates/gitlab-ci.yml' variables: TRUSTEDOSS_API_URL: 'https://trustedoss.example.com' @@ -100,7 +100,7 @@ include한 잡의 rules를 오버라이드: ```yaml include: - - remote: 'https://raw.githubusercontent.com/trustedoss/trustedoss-portal/v0.10.0/templates/gitlab-ci.yml' + - remote: 'https://raw.githubusercontent.com/trustedoss/trusca/v0.10.0/templates/gitlab-ci.yml' .trustedoss-sca: rules: @@ -112,7 +112,7 @@ include: ```yaml include: - - remote: 'https://raw.githubusercontent.com/trustedoss/trustedoss-portal/v0.10.0/templates/gitlab-ci.yml' + - remote: 'https://raw.githubusercontent.com/trustedoss/trusca/v0.10.0/templates/gitlab-ci.yml' trustedoss:scan-container: extends: .trustedoss-sca @@ -152,7 +152,7 @@ trustedoss:scan-container: - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' ``` -전체 표준 버전은 [`templates/gitlab-ci.yml`](https://github.com/trustedoss/trustedoss-portal/blob/main/templates/gitlab-ci.yml)에 있습니다. fork 전에 읽어 보세요 — 다시 구현하고 싶지 않은 엣지 케이스(폴링 중 네트워크 단절, masked-token 회전)를 다룹니다. +전체 표준 버전은 [`templates/gitlab-ci.yml`](https://github.com/trustedoss/trusca/blob/main/templates/gitlab-ci.yml)에 있습니다. fork 전에 읽어 보세요 — 다시 구현하고 싶지 않은 엣지 케이스(폴링 중 네트워크 단절, masked-token 회전)를 다룹니다. ## ref가 보존 키가 되는 방식 {#how-the-ref-becomes-a-retention-key} diff --git a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/comparison.md b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/comparison.md index 560f4266..df992b9f 100644 --- a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/comparison.md +++ b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/comparison.md @@ -11,7 +11,7 @@ description: TRUSCA와 상용 SCA(Black Duck, Snyk), Dependency-Track, SW360을 TRUSCA가 조직에 적합한지 판단하려는 엔지니어·플랫폼 담당자·법무 및 컴플라이언스 리드. 이 페이지는 의도적으로 정직합니다. 포털이 잘하는 점과 아직 하지 못하는 점을 함께 기재합니다. "로드맵" 항목의 배경은 -[`ROADMAP.md`](https://github.com/trustedoss/trustedoss-portal/blob/main/ROADMAP.md)를 +[`ROADMAP.md`](https://github.com/trustedoss/trusca/blob/main/ROADMAP.md)를 참고하십시오. ::: @@ -72,7 +72,7 @@ UI로 묶는 것입니다. 아래 비교는 그 아이디어를 세 가지 대 Dependency-Track(DT)은 본연의 역할에 탁월합니다 — 사용자가 공급하는 SBOM에 집중한 취약점 인텔리전스 플랫폼. TRUSCA는 Trivy를 단일 내장 취약점 엔진으로 -사용합니다(결정 배경은 [ADR-0001](https://github.com/trustedoss/trustedoss-portal/blob/main/docs/decisions/0001-replace-dt-with-trivy.md) 참조). +사용합니다(결정 배경은 [ADR-0001](https://github.com/trustedoss/trusca/blob/main/docs/decisions/0001-replace-dt-with-trivy.md) 참조). 관건은 어떤 형태의 플랫폼이 팀에 맞는가입니다. **TRUSCA가 DT를 직접 운영하는 것과 다른 점:** @@ -112,7 +112,7 @@ SBOM·컴포넌트가 공급되는 것을 전제하며 스캔보다 clearing을 ## 현재 한계 (도입 전 유의) 다음은 실제이며 의도된 갭입니다. 각 항목은 -[로드맵](https://github.com/trustedoss/trustedoss-portal/blob/main/ROADMAP.md)에 +[로드맵](https://github.com/trustedoss/trusca/blob/main/ROADMAP.md)에 있습니다: - **자동 리메디에이션 PR은 계획 단계.** 탐지·게이트를 하고 finding별 `fixed_version`과 @@ -135,4 +135,4 @@ SBOM·컴포넌트가 공급되는 것을 전제하며 스캔보다 clearing을 - [소개](./intro.md) — 포털이 제공하는 기능과 제공하지 않는 기능 - [용어집](./reference/glossary.md) — SCA, SBOM, VEX, EPSS 등 -- [로드맵](https://github.com/trustedoss/trustedoss-portal/blob/main/ROADMAP.md) — "로드맵" 항목이 도착하는 곳 +- [로드맵](https://github.com/trustedoss/trusca/blob/main/ROADMAP.md) — "로드맵" 항목이 도착하는 곳 diff --git a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/contributor-guide/getting-started.md b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/contributor-guide/getting-started.md index 721de39c..eacf7398 100644 --- a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/contributor-guide/getting-started.md +++ b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/contributor-guide/getting-started.md @@ -30,8 +30,8 @@ Python(FastAPI / Pydantic), TypeScript(React 18 / Vite), Docker, Git에 익숙 ## 클론과 브랜치 ```bash -git clone https://github.com/trustedoss/trustedoss-portal.git -cd trustedoss-portal +git clone https://github.com/trustedoss/trusca.git +cd trusca # 브랜치 명명: 새 기능은 feature/*, 유지보수는 chore/*, # 버그 픽스는 fix/*, 문서 전용 변경은 docs/*. diff --git a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/installation/docker-compose.md b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/installation/docker-compose.md index 2f4dfee4..a00c6dd0 100644 --- a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/installation/docker-compose.md +++ b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/installation/docker-compose.md @@ -58,8 +58,8 @@ df -h / # 20 GB 이상 여유 ### 스택 기동 ```bash -git clone https://github.com/trustedoss/trustedoss-portal.git -cd trustedoss-portal +git clone https://github.com/trustedoss/trusca.git +cd trusca cp .env.example .env ``` @@ -148,13 +148,13 @@ HTTP-only / `localhost` 설치(개발, 망분리 UAT)에는 위 셋이 모두 ## 빠른 설치 (클론 없이) -스택을 바로 띄우기만 하면 되고 보조 스크립트가 필요 없다면, 레포를 클론하지 않고 게시된 이미지로 곧장 설치할 수 있습니다 — 단일 파일 설치 경험입니다. 프로덕션 이미지는 GitHub Container Registry(`ghcr.io/trustedoss/backend`, `…/backend-worker`, `…/frontend`)에 게시되며 익명 pull이 가능합니다. +스택을 바로 띄우기만 하면 되고 보조 스크립트가 필요 없다면, 레포를 클론하지 않고 게시된 이미지로 곧장 설치할 수 있습니다 — 단일 파일 설치 경험입니다. 프로덕션 이미지는 GitHub Container Registry(`ghcr.io/trustedoss/trusca-backend`, `…/trusca-backend-worker`, `…/trusca-frontend`)에 게시되며 익명 pull이 가능합니다. compose 스택에 필요한 세 파일(compose 파일, env 템플릿, 1회용 Postgres 역할 초기화 스크립트)을 받고 `.env`를 편집한 뒤 기동합니다: ```bash mkdir -p trustedoss && cd trustedoss -BASE=https://raw.githubusercontent.com/trustedoss/trustedoss-portal/v0.10.0 +BASE=https://raw.githubusercontent.com/trustedoss/trusca/v0.10.0 # 1. 자기완결적 프로덕션 compose 파일(`build:` 섹션 없음 — ghcr.io에서 이미지 pull) # 과 env 템플릿. @@ -235,8 +235,8 @@ backend healthcheck 는 넉넉한 `start_period`(60s)를 사용합니다. 큰 DB ## 1단계 — 레포 클론 ```bash -git clone https://github.com/trustedoss/trustedoss-portal.git -cd trustedoss-portal +git clone https://github.com/trustedoss/trusca.git +cd trusca ``` 포크를 운영한다면 포크 레포를 클론하세요. 재현 가능한 설치를 위해 릴리스 태그로 체크아웃합니다. @@ -389,13 +389,13 @@ sudo rm -rf /opt/trustedoss/workspace ## 메인테이너 안내 — 이미지 게시 (조직 1회 설정) -포털 이미지는 [`release.yml`](https://github.com/trustedoss/trustedoss-portal/blob/main/.github/workflows/release.yml) 워크플로우가 GitHub Container Registry에 게시하며, `vX.Y.Z` git 태그 push(또는 **Run workflow**에 태그 입력)로 트리거됩니다. 이 워크플로우가 push하려면 **조직이 GitHub Actions의 패키지 쓰기를 허용**해야 합니다 — Org → Settings → Actions → Workflow permissions → *Read and write permissions* (또는 패키지의 *Manage Actions access*에서 해당 레포에 *Write* 부여). 워크플로우는 내장 `GITHUB_TOKEN`을 사용하며 별도 PAT는 필요 없습니다. +포털 이미지는 [`release.yml`](https://github.com/trustedoss/trusca/blob/main/.github/workflows/release.yml) 워크플로우가 GitHub Container Registry에 게시하며, `vX.Y.Z` git 태그 push(또는 **Run workflow**에 태그 입력)로 트리거됩니다. 이 워크플로우가 push하려면 **조직이 GitHub Actions의 패키지 쓰기를 허용**해야 합니다 — Org → Settings → Actions → Workflow permissions → *Read and write permissions* (또는 패키지의 *Manage Actions access*에서 해당 레포에 *Write* 부여). 워크플로우는 내장 `GITHUB_TOKEN`을 사용하며 별도 PAT는 필요 없습니다. 첫 push 이후 각 패키지 가시성을 **Public**(ghcr 패키지 → Package settings → Change visibility → Public)으로 바꿔 운영자가 익명으로 `docker pull` 할 수 있게 합니다 — 클론 없는 빠른 설치가 이에 의존합니다. 릴리스마다 불변 `X.Y.Z` 태그와 이동 가능한 `X.Y` 태그를 게시하며 `latest` 태그는 만들지 않습니다(CLAUDE.md 규칙 #9). ## 왜 docker-compose V1 인가 -본 프로젝트의 **개발·CI** 환경은 Compose V1(`docker-compose`)을 표준으로 합니다 — V2 문법 차이가 내부 파이프라인에서 검증되지 않으며, dev/CI 영역에 `docker compose`(V2)를 도입한 PR은 리뷰에서 차단됩니다([`CLAUDE.md`](https://github.com/trustedoss/trustedoss-portal/blob/main/CLAUDE.md) 규칙 #10). +본 프로젝트의 **개발·CI** 환경은 Compose V1(`docker-compose`)을 표준으로 합니다 — V2 문법 차이가 내부 파이프라인에서 검증되지 않으며, dev/CI 영역에 `docker compose`(V2)를 도입한 PR은 리뷰에서 차단됩니다([`CLAUDE.md`](https://github.com/trustedoss/trusca/blob/main/CLAUDE.md) 규칙 #10). 이 제약은 내부 한정입니다. **최종 사용자 설치**에서는 `install.sh` 마법사가 V1을 우선 사용하되, V1이 2023년 EOL을 맞은 최신 호스트에서도 동작하도록 V2 플러그인(`docker compose`)으로 폴백합니다. compose 파일 자체는 V1 파일 포맷을 쓰며 V2도 이를 읽습니다. diff --git a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/installation/helm.md b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/installation/helm.md index 0248c07e..bf2f06fb 100644 --- a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/installation/helm.md +++ b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/installation/helm.md @@ -178,7 +178,7 @@ pre-upgrade 마이그레이션 Job이 새 파드 롤아웃 전에 새 스키마 ## 주요 values -전체 표는 [차트 README](https://github.com/trustedoss/trustedoss-portal/blob/main/charts/trustedoss/README.md)에 +전체 표는 [차트 README](https://github.com/trustedoss/trusca/blob/main/charts/trustedoss/README.md)에 있습니다. 가장 자주 설정하는 값은 다음과 같습니다. | 키 | 기본값 | 용도 | @@ -259,7 +259,7 @@ pre-upgrade 마이그레이션 Job이 새 파드 롤아웃 전에 새 스키마 kubectl -n trustedoss describe certificate ``` -차트 버그를 만나면 [버그 신고 템플릿](https://github.com/trustedoss/trustedoss-portal/issues/new/choose)으로 +차트 버그를 만나면 [버그 신고 템플릿](https://github.com/trustedoss/trusca/issues/new/choose)으로 이슈를 열어 주십시오. ## 함께 보기 diff --git a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/installation/uat-checklist.md b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/installation/uat-checklist.md index ecf365f7..8d252ec8 100644 --- a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/installation/uat-checklist.md +++ b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/installation/uat-checklist.md @@ -64,8 +64,8 @@ sudo chown -R "$USER":"$USER" /opt/trustedoss **하나**를 선택하세요. 후자는 CI가 실행하는 방식과 동일합니다. ```bash -git clone https://github.com/trustedoss/trustedoss-portal.git -cd trustedoss-portal +git clone https://github.com/trustedoss/trusca.git +cd trusca ``` ### (a) 대화형 @@ -161,8 +161,8 @@ scp -r backups/2026-05-09-143022 vm-b:/tmp/backups/ `vm-b` 에서: ```bash -git clone https://github.com/trustedoss/trustedoss-portal.git -cd trustedoss-portal +git clone https://github.com/trustedoss/trusca.git +cd trusca bash scripts/install.sh --no-prompt mkdir -p backups mv /tmp/backups/2026-05-09-143022 backups/ diff --git a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/installation/upgrade.md b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/installation/upgrade.md index 871c819a..5bb85deb 100644 --- a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/installation/upgrade.md +++ b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/installation/upgrade.md @@ -25,7 +25,7 @@ sidebar_position: 2 - 직전 정상 설치 상태 (즉, `docker-compose -f docker-compose.yml ps` 출력에서 모든 서비스가 healthy). - PATH의 `docker-compose` (V1). - 새 이미지 레이어와 사전 백업을 위해 5 GB 이상 여유 디스크. -- 의도한 `IMAGE_TAG`가 `.env`에 명시 (혹은 마법사 기본값 `0.10.0` 사용). 사설 레지스트리를 운영한다면 `IMAGE_TAG`는 그곳에 게시된 매니페스트와 일치해야 합니다. +- 의도한 `IMAGE_TAG`가 `.env`에 명시 (혹은 마법사 기본값 `0.11.0` 사용). 사설 레지스트리를 운영한다면 `IMAGE_TAG`는 그곳에 게시된 매니페스트와 일치해야 합니다. ## 1단계 — 업그레이드 시점 점검 @@ -130,4 +130,4 @@ docker login - [백업·복원](../admin-guide/backup-and-restore.md) - [시스템 health 대시보드](../admin-guide/disk-and-health.md) -- [릴리스 노트](https://github.com/trustedoss/trustedoss-portal/releases) +- [릴리스 노트](https://github.com/trustedoss/trusca/releases) diff --git a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/intro.md b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/intro.md index afff5bde..58d79839 100644 --- a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/intro.md +++ b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/intro.md @@ -46,7 +46,7 @@ SBOM 관리를 한 화면에서 통합 제공하며, 상용 제품의 좌석당 ## 프로젝트 - **라이선스** — Apache-2.0. -- **소스** — [github.com/trustedoss/trustedoss-portal](https://github.com/trustedoss/trustedoss-portal). -- **로드맵** — [`ROADMAP.md`](https://github.com/trustedoss/trustedoss-portal/blob/main/ROADMAP.md). -- **보안 신고** — [`SECURITY.md`](https://github.com/trustedoss/trustedoss-portal/blob/main/SECURITY.md). +- **소스** — [github.com/trustedoss/trusca](https://github.com/trustedoss/trusca). +- **로드맵** — [`ROADMAP.md`](https://github.com/trustedoss/trusca/blob/main/ROADMAP.md). +- **보안 신고** — [`SECURITY.md`](https://github.com/trustedoss/trusca/blob/main/SECURITY.md). - **아키텍처 / 결정 기록** — [아키텍처 참고](./reference/architecture.md). diff --git a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/quickstart.md b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/quickstart.md index ee405fa0..c3d7abf6 100644 --- a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/quickstart.md +++ b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/quickstart.md @@ -25,8 +25,8 @@ slug: /quickstart ```bash -git clone https://github.com/trustedoss/trustedoss-portal.git -cd trustedoss-portal +git clone https://github.com/trustedoss/trusca.git +cd trusca cp .env.example .env ``` diff --git a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/architecture.md b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/architecture.md index 8a172140..724bf0ed 100644 --- a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/architecture.md +++ b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/architecture.md @@ -23,15 +23,15 @@ sidebar_position: 1 | `traefik` | `traefik:v3.2.1` | 엣지 프록시. Let's Encrypt HTTP-01로 TLS 종료. HTTP→HTTPS 리다이렉트. | | `postgres` | `postgres:17.2-alpine` | 주 저장소. 모든 영구 상태. | | `redis` | `redis:7.4-alpine` | Celery 브로커 + 결과 백엔드. WebSocket pub/sub. | -| `backend` | `trustedoss/backend:` | FastAPI + uvicorn(4 workers). Traefik이 `/api`, `/health`로 라우팅. | -| `worker` | `trustedoss/backend-worker:` | `cdxgen`, scancode, Trivy, JRE가 번들된 Celery worker(JRE는 `cdxgen`의 Maven / Gradle SBOM 열거용). 워커는 `/var/lib/trivy`에 로컬 **Trivy DB**도 보관합니다. | -| `beat` | `trustedoss/backend-worker:` | Celery Beat 스케줄러. Trivy DB refresh(주간), 취약점 재매칭(refresh 후), 백업(매일). | -| `frontend` | `trustedoss/frontend:` | Vite 빌드를 nginx로 서비스. Traefik이 `/`로 라우팅. | +| `backend` | `trustedoss/trusca-backend:` | FastAPI + uvicorn(4 workers). Traefik이 `/api`, `/health`로 라우팅. | +| `worker` | `trustedoss/trusca-backend-worker:` | `cdxgen`, scancode, Trivy, JRE가 번들된 Celery worker(JRE는 `cdxgen`의 Maven / Gradle SBOM 열거용). 워커는 `/var/lib/trivy`에 로컬 **Trivy DB**도 보관합니다. | +| `beat` | `trustedoss/trusca-backend-worker:` | Celery Beat 스케줄러. Trivy DB refresh(주간), 취약점 재매칭(refresh 후), 백업(매일). | +| `frontend` | `trustedoss/trusca-frontend:` | Vite 빌드를 nginx로 서비스. Traefik이 `/`로 라우팅. | 이미지 태그는 핀되어 있습니다(CLAUDE.md 규칙 #9 — `:latest` 절대 금지). :::note v0.10.0에서 Dependency-Track 제거 -이전 릴리스는 Dependency-Track을 선택적 8번째 서비스로 제공했습니다. v0.10.0은 Trivy를 단일 취약점 엔진으로 채택하면서 DT를 제거했습니다 — [ADR-0001](https://github.com/trustedoss/trustedoss-portal/blob/main/docs/decisions/0001-replace-dt-with-trivy.md)과 [v0.10.0 릴리스 노트](../release-notes/v0.10.0.md) 참조. Trivy DB는 워커 컨테이너 내부에 존재하며, 별도의 취약점 엔진 서비스는 없습니다. +이전 릴리스는 Dependency-Track을 선택적 8번째 서비스로 제공했습니다. v0.10.0은 Trivy를 단일 취약점 엔진으로 채택하면서 DT를 제거했습니다 — [ADR-0001](https://github.com/trustedoss/trusca/blob/main/docs/decisions/0001-replace-dt-with-trivy.md)과 [v0.10.0 릴리스 노트](../release-notes/v0.10.0.md) 참조. Trivy DB는 워커 컨테이너 내부에 존재하며, 별도의 취약점 엔진 서비스는 없습니다. ::: :::note diff --git a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/data-sources.md b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/data-sources.md index db64e265..ae0df614 100644 --- a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/data-sources.md +++ b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/data-sources.md @@ -100,4 +100,4 @@ Dependency-Track 급 도구와 비교해 Trivy DB는 finding별로 다음 신호 - [취약점 데이터 (Trivy DB)](../admin-guide/vulnerability-data.md) — 운영자 라이프사이클, air-gapped 미러, 트러블슈팅. - [Vulnerabilities](../user-guide/vulnerabilities.md) — 분석가 흐름. - [용어집](./glossary.md#취약점) — CVE, CWE, NVD, EPSS, KEV 정의. -- [ADR-0001 — Dependency-Track 제거](https://github.com/trustedoss/trustedoss-portal/blob/main/docs/decisions/0001-replace-dt-with-trivy.md) — Trivy가 v0.10.0부터 단일 엔진인 이유. +- [ADR-0001 — Dependency-Track 제거](https://github.com/trustedoss/trusca/blob/main/docs/decisions/0001-replace-dt-with-trivy.md) — Trivy가 v0.10.0부터 단일 엔진인 이유. diff --git a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/design-system.md b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/design-system.md index 06776618..4f0713eb 100644 --- a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/design-system.md +++ b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/design-system.md @@ -380,5 +380,5 @@ Severity 가 표시되는 모든 곳에서 색은 다음 중 하나와 짝지움 - [아키텍처](./architecture.md) — backend / frontend / 스캔 파이프라인 개요. - [코딩 표준](../contributor-guide/coding-standards.md) — 포맷·린트·커밋 규약. -- [`CLAUDE.md`](https://github.com/trustedoss/trustedoss-portal/blob/main/CLAUDE.md) — 최상위 프로젝트 규칙. "디자인 시스템 (v2)" 절이 본 페이지를 요약. +- [`CLAUDE.md`](https://github.com/trustedoss/trusca/blob/main/CLAUDE.md) — 최상위 프로젝트 규칙. "디자인 시스템 (v2)" 절이 본 페이지를 요약. - W11 진실의 단일 출처 — `docs/ux/design-philosophy-evolution-plan-2026-05-27.md` (in-repo). diff --git a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/env-variables.md b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/env-variables.md index 3e81203f..c5953513 100644 --- a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/env-variables.md +++ b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/env-variables.md @@ -39,7 +39,7 @@ sidebar_position: 2 |---|---|---|---| | `APP_ENV` | `dev` | `config.py` | `dev`, `staging`, 또는 `prod`. 일부 CORS / 로그 기본값에 영향. | | `LOG_LEVEL` | `INFO` | `config.py` | `DEBUG`, `INFO`, `WARNING`, `ERROR`. | -| `IMAGE_TAG` | `2.0.0` | `docker-compose.yml` | `trustedoss/backend`, `trustedoss/backend-worker`, `trustedoss/frontend`의 핀 태그. | +| `IMAGE_TAG` | `0.11.0` | `docker-compose.yml` | `ghcr.io/trustedoss/trusca-backend`, `…/trusca-backend-worker`, `…/trusca-frontend`의 핀 태그. | ## 데이터베이스 @@ -227,6 +227,6 @@ docker-compose -f docker-compose.yml logs --tail=50 backend | grep backend_start ## 함께 보기 -- [`/.env.example`](https://github.com/trustedoss/trustedoss-portal/blob/main/.env.example) — 표준 레퍼런스, 항상 최신. +- [`/.env.example`](https://github.com/trustedoss/trusca/blob/main/.env.example) — 표준 레퍼런스, 항상 최신. - [아키텍처](./architecture.md) - [Docker Compose 설치](../installation/docker-compose.md) diff --git a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/glossary.md b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/glossary.md index c08273f6..c09645e4 100644 --- a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/glossary.md +++ b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/glossary.md @@ -114,7 +114,7 @@ sidebar_position: 4 - **DT — Dependency-Track.** Apache-2.0 취약점 인텔리전스 플랫폼. TRUSCA는 까지 DT를 취약점 엔진으로 사용했고 v0.10.0에서 Trivy로 교체했습니다 — - [ADR-0001](https://github.com/trustedoss/trustedoss-portal/blob/main/docs/decisions/0001-replace-dt-with-trivy.md)과 + [ADR-0001](https://github.com/trustedoss/trusca/blob/main/docs/decisions/0001-replace-dt-with-trivy.md)과 [비교](../comparison.md#dependency-track과-비교) 참고. 본 용어집에 여전히 남아 있는 이유는 레거시 audit log 행과 비교 페이지가 DT를 참조하기 때문입니다. - **cosign.** Sigstore의 서명 CLI. TRUSCA는 모든 소스 스캔의 diff --git a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/sbom-signature-verification.md b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/sbom-signature-verification.md index 9699bcb4..6c598928 100644 --- a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/sbom-signature-verification.md +++ b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/reference/sbom-signature-verification.md @@ -300,4 +300,4 @@ SBOM 바이트가 서명과 맞지 않습니다. 둘 다 **같은** 번들에서 - [용어집](./glossary.md) — SBOM·SCA·VEX·RBAC 역할 정의 - [환경 변수](./env-variables.md) — `COSIGN_*` 및 `SLSA_*` 키 - [API 레퍼런스 (Redoc)](pathname:///reference/api) — 생성된 엔드포인트 계약 -- [이슈 보고](https://github.com/trustedoss/trustedoss-portal/issues/new/choose) — 검증이 예기치 않게 실패할 때 +- [이슈 보고](https://github.com/trustedoss/trusca/issues/new/choose) — 검증이 예기치 않게 실패할 때 diff --git a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/release-notes/v0.10.0.md b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/release-notes/v0.10.0.md index 5c284a40..84086678 100644 --- a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/release-notes/v0.10.0.md +++ b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/release-notes/v0.10.0.md @@ -12,7 +12,7 @@ TrustedOSS Portal의 첫 공개 릴리스입니다. 취약점 추적, 라이선 SBOM 생성, CI/CD 통합을 하나의 UI에서 제공하는 자체 호스팅 Apache-2.0 SCA 포털입니다. 전체 머신 리더블 체인지로그는 -[`CHANGELOG.md`](https://github.com/trustedoss/trustedoss-portal/blob/main/CHANGELOG.md)에 +[`CHANGELOG.md`](https://github.com/trustedoss/trusca/blob/main/CHANGELOG.md)에 있습니다. 본 페이지는 사람이 읽는 요약입니다. ## 주요 변경 사항 @@ -83,7 +83,7 @@ SBOM 생성, CI/CD 통합을 하나의 UI에서 제공하는 자체 호스팅 Ap - **Reachability 분석.** 결과는 reachability로 순위가 매겨지지 않고 전체 나열됩니다. best-effort 형태로 계획되어 있습니다. -전체 후속 계획은 [로드맵](https://github.com/trustedoss/trustedoss-portal/blob/main/ROADMAP.md)을 +전체 후속 계획은 [로드맵](https://github.com/trustedoss/trusca/blob/main/ROADMAP.md)을 참고하십시오. ## 설치 @@ -94,6 +94,6 @@ SBOM 생성, CI/CD 통합을 하나의 UI에서 제공하는 자체 호스팅 Ap ## 함께 보기 -- [`CHANGELOG.md`](https://github.com/trustedoss/trustedoss-portal/blob/main/CHANGELOG.md) — 머신 리더블 체인지로그. -- [`ROADMAP.md`](https://github.com/trustedoss/trustedoss-portal/blob/main/ROADMAP.md) — 다음 계획. +- [`CHANGELOG.md`](https://github.com/trustedoss/trusca/blob/main/CHANGELOG.md) — 머신 리더블 체인지로그. +- [`ROADMAP.md`](https://github.com/trustedoss/trusca/blob/main/ROADMAP.md) — 다음 계획. - [비교](../comparison.md) — 상용 SCA·Dependency-Track·SW360 대비. diff --git a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/user-guide/components-and-licenses.md b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/user-guide/components-and-licenses.md index 802ad1f5..213f4b33 100644 --- a/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/user-guide/components-and-licenses.md +++ b/docs-site/i18n/ko/docusaurus-plugin-content-docs/current/user-guide/components-and-licenses.md @@ -131,7 +131,7 @@ scancode 는 **best-effort** 입니다. 다음의 경우 detected 라이선스 ## 의무사항 -각 라이선스는 **의무사항**을 가집니다 — 컴포넌트를 재배포할 때 이행해야 할 의무. 포털은 7가지 종류를 추적합니다([용어집](https://github.com/trustedoss/trustedoss-portal/blob/main/docs/glossary.md) 참고). +각 라이선스는 **의무사항**을 가집니다 — 컴포넌트를 재배포할 때 이행해야 할 의무. 포털은 7가지 종류를 추적합니다([용어집](https://github.com/trustedoss/trusca/blob/main/docs/glossary.md) 참고). - **저작자 표시** — 상위 저작권 고지를 보존. - **NOTICE 보존** — 상위 `NOTICE` 파일 동봉(Apache-2.0 §4(d)). diff --git a/docs-site/i18n/ko/docusaurus-theme-classic/footer.json b/docs-site/i18n/ko/docusaurus-theme-classic/footer.json index 010ac6f1..fac910df 100644 --- a/docs-site/i18n/ko/docusaurus-theme-classic/footer.json +++ b/docs-site/i18n/ko/docusaurus-theme-classic/footer.json @@ -29,15 +29,15 @@ }, "link.item.label.GitHub": { "message": "GitHub", - "description": "The label of footer link with label=GitHub linking to https://github.com/trustedoss/trustedoss-portal" + "description": "The label of footer link with label=GitHub linking to https://github.com/trustedoss/trusca" }, "link.item.label.Issues": { "message": "이슈", - "description": "The label of footer link with label=Issues linking to https://github.com/trustedoss/trustedoss-portal/issues" + "description": "The label of footer link with label=Issues linking to https://github.com/trustedoss/trusca/issues" }, "link.item.label.Releases": { "message": "릴리스", - "description": "The label of footer link with label=Releases linking to https://github.com/trustedoss/trustedoss-portal/releases" + "description": "The label of footer link with label=Releases linking to https://github.com/trustedoss/trusca/releases" }, "link.item.label.Architecture": { "message": "아키텍처", diff --git a/docs-site/src/components/HomepageShowcase/index.tsx b/docs-site/src/components/HomepageShowcase/index.tsx index ede24a2c..153b0e80 100644 --- a/docs-site/src/components/HomepageShowcase/index.tsx +++ b/docs-site/src/components/HomepageShowcase/index.tsx @@ -15,8 +15,8 @@ type Shot = { // Webpack-imported sources so the hashed asset path is correct in every // locale. The earlier root-relative form (`/img/...`) plus `useBaseUrl` // went wrong under i18n: KO locale's effective baseUrl is -// `/trustedoss-portal/ko/`, which made the prefix `/trustedoss-portal/ko/ -// img/...` — the static assets live at `/trustedoss-portal/img/...` +// `/trusca/ko/`, which made the prefix `/trusca/ko/ +// img/...` — the static assets live at `/trusca/img/...` // regardless of locale, so the KO showcase rendered broken-image icons. const SHOTS: Shot[] = [ { diff --git a/docs-site/src/pages/index.tsx b/docs-site/src/pages/index.tsx index 4f91333d..778137a9 100644 --- a/docs-site/src/pages/index.tsx +++ b/docs-site/src/pages/index.tsx @@ -44,7 +44,7 @@ function HomepageHero(): ReactNode { GitHub @@ -55,8 +55,8 @@ function HomepageHero(): ReactNode { })}> ${" "} - git clone https://github.com/trustedoss/trustedoss-portal.git &&{" "} - cd trustedoss-portal &&{" "} + git clone https://github.com/trustedoss/trusca.git &&{" "} + cd trusca &&{" "} docker-compose -f docker-compose.dev.yml up -d diff --git a/docs/brand-trusca.md b/docs/brand-trusca.md index 0dd4b5f6..a64f65a0 100644 --- a/docs/brand-trusca.md +++ b/docs/brand-trusca.md @@ -37,8 +37,8 @@ | 자산 | 값 | 상태 | |------|-----|------| | 도메인 | `trusca.dev` | W0에서 등록(Cloudflare). 데모 `demo.trusca.dev`, 문서 `docs.trusca.dev` | -| GitHub | `github.com/trustedoss/trusca` | 가용 확인(2026-06-12), W4에서 리네임 | -| ghcr | `ghcr.io/trustedoss/trusca-{backend,backend-worker,frontend}` | W4에서 전환 | +| GitHub | `github.com/trustedoss/trusca` | **W4 전환 완료** — 레포 리네임(git/웹 URL은 GitHub 자동 리다이렉트, Pages 경로는 `/trusca/`로 변경·리다이렉트 없음) | +| ghcr | `ghcr.io/trustedoss/trusca-{backend,backend-worker,frontend}` | **W4 전환 완료** — v0.11.0부터 trusca-* 이름으로 게시. 구 릴리스(≤0.10.0)는 구 이름(backend/backend-worker/frontend) 유지 | | npm / PyPI | `trusca` | 빈자리 확인(미사용, 선점 옵션) | ## 4. 로고 diff --git a/docs/site-strategy-two-sites.md b/docs/site-strategy-two-sites.md index 24a73cab..cde771f0 100644 --- a/docs/site-strategy-two-sites.md +++ b/docs/site-strategy-two-sites.md @@ -3,6 +3,11 @@ > 상태: **결정 완료** · 작성일 2026-06-04 · 범위: 방향 결정 + 향후 작업 지도 (이 문서 자체는 코드/링크 변경 없음) > > 이 문서는 내부 전략 문서다. Docusaurus 빌드 대상(`docs-site/`)이 **아니므로** 공개 사이트에는 노출되지 않는다. +> +> **2026-06-12 갱신 (TRUSCA 리브랜딩 W4)**: 레포가 `trustedoss/trusca`로 리네임되면서 포털 문서 경로가 +> `/trustedoss-portal/` → **`/trusca/`** 로 바뀌었다. GitHub Pages 경로는 리다이렉트가 없으므로 +> 구 경로로 들어오는 링크는 404가 된다 — 가이드 레포(`trustedoss.github.io` 루트, 불변)의 포털 링크는 +> 새 경로로 갱신해야 한다(§7 핸드오프에 반영). 본문 경로 표기는 전부 새 경로 기준으로 치환했다. --- @@ -14,9 +19,9 @@ ## 2. 두 사이트 식별 -| 항목 | 루트 가이드 (`/`) | 포털 문서 (`/trustedoss-portal/`) | +| 항목 | 루트 가이드 (`/`) | 포털 문서 (`/trusca/`) | |---|---|---| -| URL | `https://trustedoss.github.io/` | `https://trustedoss.github.io/trustedoss-portal/` | +| URL | `https://trustedoss.github.io/` | `https://trustedoss.github.io/trusca/` | | 소유 레포 | **별도 org-pages 레포** (`trustedoss/trustedoss.github.io`) — **이 워크스페이스에 없음** | 이 모노레포 `docs-site/` | | 생성기 | Docusaurus (커스텀) | Docusaurus (커스텀) | | 콘텐츠 성격 | 벤더 중립 거버넌스 가이드 — OpenChain / ISO IEC 5230·18974 기반 (체계구축·DevSecOps·AI코딩·레퍼런스) | 특정 제품(Apache-2.0)의 설치·운영·CI 연동·API 문서 | @@ -27,7 +32,7 @@ **두 핵심 사실** - **루트는 이 레포가 아니다.** 별도 org-pages 레포가 서빙한다. -- **포털이 하위 경로(`/trustedoss-portal/`)인 것은 버그가 아니라 의도된 설계다.** GitHub Pages 토폴로지상 `.github.io` 루트는 org-pages 레포가, 프로젝트 레포는 하위 경로가 점유한다 (`docs-site/docusaurus.config.ts:16-17`). +- **포털이 하위 경로(`/trusca/`)인 것은 버그가 아니라 의도된 설계다.** GitHub Pages 토폴로지상 `.github.io` 루트는 org-pages 레포가, 프로젝트 레포는 하위 경로가 점유한다 (`docs-site/docusaurus.config.ts:16-17`). --- @@ -114,7 +119,7 @@ TrustedOSS **단일 브랜드 토큰 세트**(색·폰트·로고·footer·아 ### 6.2 가이드 → 포털 (별도 org-pages 레포, 워크스페이스 밖) -- 가이드의 "도구 / DevSecOps" 섹션에서 포털 문서(`/trustedoss-portal/`)로 연결. **퍼널상 더 가치 큰 방향**(why → how)이다. +- 가이드의 "도구 / DevSecOps" 섹션에서 포털 문서(`/trusca/`)로 연결. **퍼널상 더 가치 큰 방향**(why → how)이다. - 그 레포 작업이라 본 레포 PR로는 처리 불가 → 구체 지시는 **§7 (가이드 레포 관리자 핸드오프)** 에 자립적으로 정리했다. --- @@ -129,16 +134,19 @@ TrustedOSS **단일 브랜드 토큰 세트**(색·폰트·로고·footer·아 가이드 사이트에서 제품 문서로 가는 경로를 만든다. +> **주의 (2026-06-12, TRUSCA 리브랜딩)**: 포털 문서 경로가 `/trustedoss-portal/` → `/trusca/` 로 바뀌었다. +> GitHub Pages는 구 경로를 리다이렉트하지 않으므로, 가이드 사이트에 이미 있는 포털 링크가 있다면 전부 새 경로로 바꿔야 한다. + - **navbar**: `docusaurus.config.ts` 의 `themeConfig.navbar.items` 에 외부 링크 추가 ```ts - { href: "https://trustedoss.github.io/trustedoss-portal/", label: "Portal", position: "right" }, + { href: "https://trustedoss.github.io/trusca/", label: "Portal", position: "right" }, ``` - **footer**: `themeConfig.footer.links` 에 "TrustedOSS Portal" 항목 추가 (`href` 동일). - **콘텐츠 인라인 링크**: "DevSecOps / 도구 / SCA" 관련 문서 본문에서, 실제 스캔·SBOM·라이선스·CI 게이트를 실행하는 도구로 포털 문서를 연결한다. 이게 *why → how* 퍼널의 핵심 방향이다. - 제품 문서 진입점들: - - 설치: `https://trustedoss.github.io/trustedoss-portal/docs/quickstart` - - CI 연동: `https://trustedoss.github.io/trustedoss-portal/docs/ci-integration/github-actions` - - API 레퍼런스: `https://trustedoss.github.io/trustedoss-portal/reference/api` + - 설치: `https://trustedoss.github.io/trusca/docs/quickstart` + - CI 연동: `https://trustedoss.github.io/trusca/docs/ci-integration/github-actions` + - API 레퍼런스: `https://trustedoss.github.io/trusca/reference/api` ### 7.2 공통 브랜드 토큰 정합 (디자인 패리티) diff --git a/scripts/hetzner-cloud-init.yaml b/scripts/hetzner-cloud-init.yaml index be2b6a10..467bbc83 100644 --- a/scripts/hetzner-cloud-init.yaml +++ b/scripts/hetzner-cloud-init.yaml @@ -93,10 +93,10 @@ runcmd: # --- App checkout + workspace dir ---------------------------------------- # Clone `main` so the checkout includes these deploy artifacts (the cloud-init, # systemd units, and runbook). The running app's CONTAINER versions are pinned - # separately by IMAGE_TAG in .env (default 0.10.0) — the git checkout only + # separately by IMAGE_TAG in .env (default 0.11.0) — the git checkout only # supplies the compose file, scripts, and deploy units, not the images. - mkdir -p /opt/trustedoss - - git clone --depth 1 https://github.com/trustedoss/trustedoss-portal.git /opt/trustedoss/portal + - git clone --depth 1 https://github.com/trustedoss/trusca.git /opt/trustedoss/portal - mkdir -p /opt/trustedoss/workspace - chown -R trustedoss:trustedoss /opt/trustedoss diff --git a/templates/gitlab-ci.yml b/templates/gitlab-ci.yml index 0000c2d4..0ed0a30b 100644 --- a/templates/gitlab-ci.yml +++ b/templates/gitlab-ci.yml @@ -7,7 +7,7 @@ # Usage: # # include: -# - remote: 'https://raw.githubusercontent.com/trustedoss/trustedoss-portal/main/templates/gitlab-ci.yml' +# - remote: 'https://raw.githubusercontent.com/trustedoss/trusca/main/templates/gitlab-ci.yml' # # trustedoss-sca: # extends: .trustedoss-sca