Frequently asked questions
What is TrustScope?+
TrustScope reads a public GitHub repository across four pillars — Security & Supply Chain, Trust & Governance, Community & Sustainability, and Functional Quality — and gives a verdict per pillar, with no misleading single score.
What is an adopter, and what is a maintainer?+
An adopter is evaluating someone else's project before depending on it; a maintainer runs their own project to see and close the trust gaps adopters look for. Both read the same four-pillar report from opposite directions.
Do I need an account to read a report?+
No. Reading any report is anonymous and needs no sign-in. Accounts (to save history and email reports) are coming later.
Why is there no single score?+
Each pillar answers a different question. Collapsing security, governance and community into one number hides the exact trade-off you are trying to weigh — so TrustScope keeps them separate.
Where does the data come from?+
The full OpenSSF Scorecard plus public GitHub governance and lifecycle signals. The same repository always produces the same report — it is deterministic, with no LLM in the loop.
Does TrustScope store my data?+
Reading a report stores nothing about you. It is self-hosted, GDPR-clean, with no third-party trackers.