Limitations and Data Flows¶
Trustcheck is designed to collect evidence and enforce policy. It does not prove that a package is safe.
Result Meanings¶
- Clean or verified means the configured checks completed and no configured policy violation was found.
- Blocked means Trustcheck completed enough work to make a policy decision and intentionally refused promotion, installation, or merge.
- Failed means Trustcheck could not complete a required check, parse required data, contact a required source, validate a required schema, or render the requested output.
- Inconclusive means a bounded or optional analysis could not produce enough evidence. Inconclusive analysis must not be treated as a clean result.
General Limitations¶
- Network-dependent checks may be unavailable because PyPI, OSV, Ecosyste.ms, Sigstore, TUF, or a private index is unreachable.
- Advisory sources may be incomplete, late, withdrawn, duplicated, or disagree on aliases and fixed versions.
- Provenance absence is not automatically proof of maliciousness. It is evidence quality loss that policy may choose to block.
- Static analysis cannot guarantee safety. Archive, AST, and native-binary inspection can find suspicious structures, but cannot prove that code is harmless.
- Bounded install analysis is experimental. It runs in a constrained container, may be inconclusive, and may miss behavior that requires different inputs, platforms, network access, credentials, or runtime paths.
- Third-party Trustcheck plugins remain opt-in and experimental until final release validation keeps the IPC and installed-code binding regressions green.
Command Data Flows¶
trustcheck inspect¶
- Local files read: configuration files, optional policy files, optional plugin configuration, cache entries, and Sigstore/TUF state.
- External services contacted: PyPI Simple/JSON/project pages, PyPI provenance, Sigstore/TUF roots, OSV or other advisory sources when enabled, and configured package indexes.
- Artifacts downloaded: release files selected for provenance, hash, static inspection, dynamic analysis, or dependency evidence.
- Data retained: optional HTTP/advisory cache entries, report files requested
by
--output-file, and optional advisory snapshots. - Reports generated: text, JSON, SARIF, CycloneDX, SPDX, OpenVEX, or Markdown.
trustcheck scan¶
- Local files read: requirements files, constraints,
pyproject.toml, supported lockfiles, policy/config files, resume state, and optional advisory snapshots. - External services contacted: package indexes for resolver metadata, PyPI and advisory services for package evidence, and Sigstore/TUF roots when provenance is inspected.
- Artifacts downloaded: only when provenance, artifact inspection, dynamic analysis, or policy requires artifact evidence.
- Data retained: optional cache entries, resume state, advisory snapshots, remediation artifacts, and requested reports.
- Reports generated: per-package reports, aggregate scan reports, remediation plans, SARIF, SBOMs, and policy summaries.
trustcheck install¶
- Local files read: requirements or package specifiers, policy/config files, constraints, and optional lock inputs.
- External services contacted: configured package indexes, PyPI/provenance endpoints, advisory sources, and Sigstore/TUF roots required by policy.
- Artifacts downloaded: candidate wheels and source artifacts needed to prove and perform the install.
- Data retained: a temporary verified wheelhouse during execution, optional lock/report/attestation evidence, and cache entries.
- Reports generated: verification reports and install evidence. Pip is invoked
with
--no-index --find-linksagainst the verified local wheelhouse.
trustcheck diff¶
- Local files read: base/head dependency files, Git refs or checkout files, optional trust manifests, policy/config files, and optional previous reports.
- External services contacted: package indexes, PyPI/provenance endpoints, advisory sources, and GitHub only when PR commenting is explicitly enabled.
- Artifacts downloaded: evidence for packages whose resolved version, source, or index origin changed.
- Data retained: requested reports, optional PR comments, and cache entries.
- Reports generated: changed-package trust diffs, Markdown review comments, JSON, SARIF, and manifest violation summaries.
trustcheck manifest¶
- Local files read: dependency files, manifest JSON, policy/config files, and optional lock or source manifests.
- External services contacted: the same package, provenance, index, and advisory sources needed to refresh or verify approved evidence.
- Artifacts downloaded: artifacts required by the selected manifest policy.
- Data retained: manifest updates only when
updateis requested; verification does not mutate the manifest. - Reports generated: manifest verification/update summaries and machine- readable issue lists.
trustcheck environment¶
- Local files read: installed distribution metadata from the active interpreter
or supplied
site-packagespaths, policy/config files, and optional cache. - External services contacted: PyPI, provenance, and advisory services needed to evaluate installed package versions.
- Artifacts downloaded: only when artifact or provenance checks require them.
- Data retained: requested reports and cache entries.
- Reports generated: installed-environment trust reports.
trustcheck impact¶
- Local files read: dependency files or reports, source tree files selected for static import analysis, policy/config files, and optional cache.
- External services contacted: advisory and package evidence sources needed to build vulnerable package reports.
- Artifacts downloaded: package artifacts only when selected scan options need artifact evidence.
- Data retained: requested reports and cache entries.
- Reports generated: impact triage reports that distinguish direct, transitive, test-only, development-only, unobserved, and unknown usage.
trustcheck doctor¶
- Local files read: cache paths, Python environment metadata, Sigstore/TUF state directories, and optional configuration.
- External services contacted: none.
- Artifacts downloaded: none.
- Data retained: none beyond an explicitly requested output file.
- Reports generated: local prerequisite diagnostics.
TrustCheck Package Scanner Action¶
- Local files read: checkout files matching the selected
target, policy files, optional plugin configuration, and the action's locked dependency set. - External services contacted: the same services as the invoked CLI command.
- Artifacts downloaded: the CLI report artifact and optional remediation patch bundle are uploaded to GitHub Actions artifacts.
- Data retained: GitHub stores uploaded artifacts and step outputs according to workflow retention settings. Trustcheck does not run a hosted service.
- Reports generated: one requested report artifact. The action asks the CLI for JSON internally, then renders the selected artifact format.