trustification/trustify
Oct 2024 – Feb 2026
17 Months active
Languages Used
RustGraphQLSQLYAMLHurlMakefileGoShell
Technical Skills
API developmentRustbackend developmentdatabase designAPI DevelopmentBackend Development
Dejan Bosanac
PROFILE
Dejan Bosanac
Worked extensively on the trustification/trustify repository, delivering end-to-end backend solutions for vulnerability management, risk scoring, and data ingestion. Leveraged Rust, SQL, and Go to design and optimize APIs, implement complex database migrations, and enhance performance through asynchronous programming and concurrency. Focused on improving data integrity and reliability by refactoring version comparison logic, normalizing package versions, and introducing robust CVSS scoring pipelines. Maintained high standards of code quality with thorough testing, documentation, and architecture decision records. The work enabled accurate vulnerability triage, scalable ingestion, and actionable risk analytics, supporting both operational efficiency and security posture for downstream consumers.
Overall Statistics
Feature vs Bugs
80%Features
Repository Contributions
65Total
Bugs
8
Commits
65
Features
32
Lines of code
103,320
Activity Months17
Your Network
3072 peopleWork History
February 2026
2 Commits • 1 Features
Feb 1, 2026February 2026 monthly summary for trustification/trustify: Focused on improving the reliability and maintainability of the CVSS processing pipeline, delivering clearer risk assessments for users and reducing data-source fragility. Primary work centered on dependencies and data sourcing improvements to ensure accurate, auditable CVSS calculations.
2 Commits • 1 Features
Feb 1, 2026February 2026 monthly summary for trustification/trustify: Focused on improving the reliability and maintainability of the CVSS processing pipeline, delivering clearer risk assessments for users and reducing data-source fragility. Primary work centered on dependencies and data sourcing improvements to ensure accurate, auditable CVSS calculations.
February 2026
January 2026
5 Commits • 2 Features
Jan 1, 2026January 2026 monthly summary for trustification/trustify: Implemented CSAF Vulnerability Scoring and Remediation, and completed maintenance/refactor work that improved vulnerability management, API stability, and maintainability. Core work focused on vulnerability scoring, API exposure, and code quality improvements.
January 2026
5 Commits • 2 Features
Jan 1, 2026January 2026 monthly summary for trustification/trustify: Implemented CSAF Vulnerability Scoring and Remediation, and completed maintenance/refactor work that improved vulnerability management, API stability, and maintainability. Core work focused on vulnerability scoring, API exposure, and code quality improvements.
December 2025
1 Commits
Dec 1, 2025December 2025 monthly summary for trustification/trustify focusing on security posture, dependency hygiene, and stability through a CVSS library upgrade and version handling improvements.
1 Commits
Dec 1, 2025December 2025 monthly summary for trustification/trustify focusing on security posture, dependency hygiene, and stability through a CVSS library upgrade and version handling improvements.
December 2025
November 2025
1 Commits • 1 Features
Nov 1, 20252025-11 monthly: CVE data updates and 5.2 scheme support for trustify; improved vulnerability data coverage and test alignment with the new CVE dataset. No major bugs fixed this month; primary business value comes from security data accuracy and maintainability.
November 2025
1 Commits • 1 Features
Nov 1, 20252025-11 monthly: CVE data updates and 5.2 scheme support for trustify; improved vulnerability data coverage and test alignment with the new CVE dataset. No major bugs fixed this month; primary business value comes from security data accuracy and maintainability.
October 2025
3 Commits • 1 Features
Oct 1, 2025October 2025 monthly summary for trustification/trustify: Key reliability improvement and architectural groundwork for version-range exposure in API responses. The month focused on delivering a bug fix for VersionedPurlStatus and initiating ADR-driven API enhancements to expose purl status version ranges, enabling precise vulnerability and status analytics and laying groundwork for future VersionRange struct and model changes.
3 Commits • 1 Features
Oct 1, 2025October 2025 monthly summary for trustification/trustify: Key reliability improvement and architectural groundwork for version-range exposure in API responses. The month focused on delivering a bug fix for VersionedPurlStatus and initiating ADR-driven API enhancements to expose purl status version ranges, enabling precise vulnerability and status analytics and laying groundwork for future VersionRange struct and model changes.
October 2025
September 2025
5 Commits • 2 Features
Sep 1, 2025September 2025 — Trustification/trustify: Maintenance-focused month delivering improved release reliability and architectural guidance for future work. Key outcomes include documentation and CI/release workflow consolidation, repository hygiene improvements, and a formal ADR for a PURL recommendations endpoint to align with Trustification v1. Business value: reduced maintenance overhead, clearer release processes, and a defined design path for future features.
September 2025
5 Commits • 2 Features
Sep 1, 2025September 2025 — Trustification/trustify: Maintenance-focused month delivering improved release reliability and architectural guidance for future work. Key outcomes include documentation and CI/release workflow consolidation, repository hygiene improvements, and a formal ADR for a PURL recommendations endpoint to align with Trustification v1. Business value: reduced maintenance overhead, clearer release processes, and a defined design path for future features.
August 2025
1 Commits • 1 Features
Aug 1, 2025August 2025 monthly summary for trustification/trustify: Implemented concurrency-enabled graph analysis with a new parallelism configuration, delivering measurable improvements in performance and scalability for graph queries. The work leverages futures::join! and join_all to parallelize graph traversal, with a new configuration option to tune the level of parallelism for workload-specific performance. Primary commit: 92cb5b6986d1c0e18d8b2f1012bba7a1759be07d (perf(analysis): Parallelize graph query execution). Impact includes reduced execution time for graph analytics, better throughput on larger graphs, and a solid foundation for further optimizations. Technologies/skills demonstrated include Rust async patterns, concurrency design, performance instrumentation, and configuration-driven tuning.
1 Commits • 1 Features
Aug 1, 2025August 2025 monthly summary for trustification/trustify: Implemented concurrency-enabled graph analysis with a new parallelism configuration, delivering measurable improvements in performance and scalability for graph queries. The work leverages futures::join! and join_all to parallelize graph traversal, with a new configuration option to tune the level of parallelism for workload-specific performance. Primary commit: 92cb5b6986d1c0e18d8b2f1012bba7a1759be07d (perf(analysis): Parallelize graph query execution). Impact includes reduced execution time for graph analytics, better throughput on larger graphs, and a solid foundation for further optimizations. Technologies/skills demonstrated include Rust async patterns, concurrency design, performance instrumentation, and configuration-driven tuning.
August 2025
July 2025
2 Commits • 1 Features
Jul 1, 2025July 2025 highlights: Implemented Go version normalization for vulnerability matching (migration + golang_version_matches SQL function) and fixed CVSS filtering to use advisory IDs in vulnerability advisories. Impact: improved accuracy of Go vulnerability matches, correct CVSS data in advisories, enabling better risk prioritization. Technologies: Go, SQL migrations, database functions.
July 2025
2 Commits • 1 Features
Jul 1, 2025July 2025 highlights: Implemented Go version normalization for vulnerability matching (migration + golang_version_matches SQL function) and fixed CVSS filtering to use advisory IDs in vulnerability advisories. Impact: improved accuracy of Go vulnerability matches, correct CVSS data in advisories, enabling better risk prioritization. Technologies: Go, SQL migrations, database functions.
June 2025
2 Commits • 1 Features
Jun 1, 2025June 2025 monthly summary for trustification/trustify: Delivered a major upgrade to the Vulnerability Scoring System with multi-version CVSS support, data-model overhaul, and alignment of advisory scoring with extracted labels. The work strengthens risk prioritization accuracy, improves data consistency, and enables scalable vulnerability triage for security teams.
2 Commits • 1 Features
Jun 1, 2025June 2025 monthly summary for trustification/trustify: Delivered a major upgrade to the Vulnerability Scoring System with multi-version CVSS support, data-model overhaul, and alignment of advisory scoring with extracted labels. The work strengthens risk prioritization accuracy, improves data consistency, and enables scalable vulnerability triage for security teams.
June 2025
May 2025
3 Commits • 1 Features
May 1, 2025May 2025 monthly summary for trustification/trustify focusing on delivering a vulnerability scoring overhaul that improves data accuracy and decision-making. Replaced average scoring with base_score from CVE advisories, integrated CVSSv3 parsing, and updated API parameters to expose base_score/base_severity. This enabled more actionable vulnerability information for risk-based remediation and aligned with industry scoring standards. Documentation and patterns were established to support maintainable growth and future feature work.
May 2025
3 Commits • 1 Features
May 1, 2025May 2025 monthly summary for trustification/trustify focusing on delivering a vulnerability scoring overhaul that improves data accuracy and decision-making. Replaced average scoring with base_score from CVE advisories, integrated CVSSv3 parsing, and updated API parameters to expose base_score/base_severity. This enabled more actionable vulnerability information for risk-based remediation and aligned with industry scoring standards. Documentation and patterns were established to support maintainable growth and future feature work.
April 2025
9 Commits • 5 Features
Apr 1, 2025April 2025 monthly summary for trustification/trustify focusing on data integrity, performance, and migration readiness. Key features delivered include datasets and SQL-driven improvements that harden data relations and enable scalable analytics. Major bugs fixed improve correctness of version handling and data deletion integrity, reducing risk in release pipelines. The combination of dataset creation, migration documentation, and database refinements directly enhances reliability, operational efficiency, and business value by ensuring accurate version comparisons, centralized filtering, and faster queries.
9 Commits • 5 Features
Apr 1, 2025April 2025 monthly summary for trustification/trustify focusing on data integrity, performance, and migration readiness. Key features delivered include datasets and SQL-driven improvements that harden data relations and enable scalable analytics. Major bugs fixed improve correctness of version handling and data deletion integrity, reducing risk in release pipelines. The combination of dataset creation, migration documentation, and database refinements directly enhances reliability, operational efficiency, and business value by ensuring accurate version comparisons, centralized filtering, and faster queries.
April 2025
March 2025
7 Commits • 1 Features
Mar 1, 2025March 2025: Performance-forward SBOM advisories and vulnerability work in trustification/trustify delivered data-model enhancements and query optimizations, improving endpoint responsiveness and data quality. Key changes include: (1) SBOM advisories and vulnerabilities data model improvements and endpoint query optimization; added issuer information in queries, optional issuer association, and enriched product status with vulnerability data; (2) query-level fetch for advisory issues and vulnerability descriptions, with index adjustments; (3) test-data alignment for UBI vulnerability reflected in SBOM dataset tests; (4) maintenance of performance-focused index strategy, including dropping advisory_vulnerability_vulnerability_id_gist. These changes were implemented across the trustification/trustify repository with confirmed commits improving performance and data completeness.
March 2025
7 Commits • 1 Features
Mar 1, 2025March 2025: Performance-forward SBOM advisories and vulnerability work in trustification/trustify delivered data-model enhancements and query optimizations, improving endpoint responsiveness and data quality. Key changes include: (1) SBOM advisories and vulnerabilities data model improvements and endpoint query optimization; added issuer information in queries, optional issuer association, and enriched product status with vulnerability data; (2) query-level fetch for advisory issues and vulnerability descriptions, with index adjustments; (3) test-data alignment for UBI vulnerability reflected in SBOM dataset tests; (4) maintenance of performance-focused index strategy, including dropping advisory_vulnerability_vulnerability_id_gist. These changes were implemented across the trustification/trustify repository with confirmed commits improving performance and data completeness.
February 2025
9 Commits • 5 Features
Feb 1, 2025February 2025: Delivered performance and reliability improvements across status handling, CSAF ingestion, dataset coverage, and deployment. Implemented global status caching, deterministic ingestion, new ds4 dataset, deployment tuning, and end-to-end API validation, delivering tangible business value in data reliability, speed, and quality assurance.
9 Commits • 5 Features
Feb 1, 2025February 2025: Delivered performance and reliability improvements across status handling, CSAF ingestion, dataset coverage, and deployment. Implemented global status caching, deterministic ingestion, new ds4 dataset, deployment tuning, and end-to-end API validation, delivering tangible business value in data reliability, speed, and quality assurance.
February 2025
January 2025
4 Commits • 3 Features
Jan 1, 2025January 2025 (2025-01) development summary for trustification/trustify. Focused on expanding data ingestion coverage, stabilizing migrations, and improving status handling and data integrity to support reliable risk scoring and compliance reporting. Key outcomes include OSV dataset expansion for ingestion, database migration refactor with memory tuning, PURL status handling improvements, and SBOM data_licenses schema fix. These changes collectively enhance ingestion throughput, data quality, and operational stability, enabling faster, more accurate vulnerability and license risk insights.
January 2025
4 Commits • 3 Features
Jan 1, 2025January 2025 (2025-01) development summary for trustification/trustify. Focused on expanding data ingestion coverage, stabilizing migrations, and improving status handling and data integrity to support reliable risk scoring and compliance reporting. Key outcomes include OSV dataset expansion for ingestion, database migration refactor with memory tuning, PURL status handling improvements, and SBOM data_licenses schema fix. These changes collectively enhance ingestion throughput, data quality, and operational stability, enabling faster, more accurate vulnerability and license risk insights.
December 2024
4 Commits • 3 Features
Dec 1, 2024December 2024 monthly summary for trustification/trustify focused on delivering three core capabilities that improve vulnerability risk visibility, ingestion performance, and versioning semantics, with measurable business impact. - Vulnerability visibility and SBOM linkage: Reimplemented vulnerability endpoint logic and API to retrieve purls for affected SBOMs, enhancing visibility into how vulnerabilities affect specific SBOMs, packages, and components. - CSAF ingestion performance and data consistency: Batch-insert of product-related entities during CSAF processing, plus caching of organizations and deterministic IDs to speed ingestion and reduce redundant work. - RPM-based version scheme support and advisory retrieval: Introduced RPM version scheme across SBOM-vulnerability correlation, with raw-SQL advisory retrieval improvements and CSAF ingestor version handling. These efforts combined API redesign, performance tuning, and data-model enhancements to improve accuracy and speed. Impact and business value: Faster, more reliable vulnerability exposure and governance data; reduced ingestion latency and manual remediation overhead; stronger ability to track and audit risk across SBOMs and advisories. Technologies/skills demonstrated: API redesign and refactoring, SQL performance optimization, batch processing, caching strategies, deterministic ID generation, and versioning strategy for SBOM-vulnerability mapping.
4 Commits • 3 Features
Dec 1, 2024December 2024 monthly summary for trustification/trustify focused on delivering three core capabilities that improve vulnerability risk visibility, ingestion performance, and versioning semantics, with measurable business impact. - Vulnerability visibility and SBOM linkage: Reimplemented vulnerability endpoint logic and API to retrieve purls for affected SBOMs, enhancing visibility into how vulnerabilities affect specific SBOMs, packages, and components. - CSAF ingestion performance and data consistency: Batch-insert of product-related entities during CSAF processing, plus caching of organizations and deterministic IDs to speed ingestion and reduce redundant work. - RPM-based version scheme support and advisory retrieval: Introduced RPM version scheme across SBOM-vulnerability correlation, with raw-SQL advisory retrieval improvements and CSAF ingestor version handling. These efforts combined API redesign, performance tuning, and data-model enhancements to improve accuracy and speed. Impact and business value: Faster, more reliable vulnerability exposure and governance data; reduced ingestion latency and manual remediation overhead; stronger ability to track and audit risk across SBOMs and advisories. Technologies/skills demonstrated: API redesign and refactoring, SQL performance optimization, batch processing, caching strategies, deterministic ID generation, and versioning strategy for SBOM-vulnerability mapping.
December 2024
November 2024
6 Commits • 3 Features
Nov 1, 2024November 2024: Delivered strategic platform improvements across trustification and trustify, focusing on deployment reliability, data-model modernization, SBOM visibility, and performance enhancements. Key outcomes include upgrading the Trustification image to the latest version to ensure security and stability; migrating Trustify's product_status from component to package with a robust data transformation and rollback plan; and enriching SBOM details with vulnerability scores, establishing PURL-to-product-status correlations, and implementing indexing to accelerate queries. Collectively these changes improve security posture, data accuracy, and operational efficiency, enabling faster risk remediation and better decision-making for engineering and product teams.
November 2024
6 Commits • 3 Features
Nov 1, 2024November 2024: Delivered strategic platform improvements across trustification and trustify, focusing on deployment reliability, data-model modernization, SBOM visibility, and performance enhancements. Key outcomes include upgrading the Trustification image to the latest version to ensure security and stability; migrating Trustify's product_status from component to package with a robust data transformation and rollback plan; and enriching SBOM details with vulnerability scores, establishing PURL-to-product-status correlations, and implementing indexing to accelerate queries. Collectively these changes improve security posture, data accuracy, and operational efficiency, enabling faster risk remediation and better decision-making for engineering and product teams.
October 2024
1 Commits • 1 Features
Oct 1, 2024Month 2024-10: Focused on strengthening security advisory traceability in trustify by adding Vulnerability-PURL-SBOM correlation and status enhancements. Implemented new DB schema relationships to support correlations and updated the status logic to reflect correlational data, enabling faster remediation and improved risk visibility.
1 Commits • 1 Features
Oct 1, 2024Month 2024-10: Focused on strengthening security advisory traceability in trustify by adding Vulnerability-PURL-SBOM correlation and status enhancements. Implemented new DB schema relationships to support correlations and updated the status logic to reflect correlational data, enabling faster remediation and improved risk visibility.
October 2024
Activity
Loading activity data...
Quality Metrics
Correctness90.0%
Maintainability87.4%
Architecture86.6%
Performance84.2%
AI Usage23.4%
Skills & Technologies
Programming Languages
GoGraphQLHurlJSONMakefileMarkdownPythonRustSQLShell
Technical Skills
API DesignAPI DevelopmentAPI IntegrationAPI PerformanceAPI TestingAPI developmentArchitecture Decision RecordsAsynchronous ProgrammingBackend DevelopmentCI/CDCachingCode CleanupConcurrencyConfiguration ManagementData Engineering
Repositories Contributed To
Overview of all repositories you've contributed to across your timeline
trustification/trustification
Nov 2024 – Nov 2024
1 Month active
Languages Used
YAML
Technical Skills
CI/CDDevOps