The registry your security team
will actually approve.
Nexus and JFrog store your artifacts. Trunx understands them — scanning, signing, promoting, and governing every package across its entire lifecycle.
Your entire pipeline. As typed code.
Official Trunx Dagger module. Build, scan, sign, and promote in one pipeline that runs on any CI. No YAML. No vendor lock-in.
Zero trust. Total verification.
Automatic scanning, signing, and provenance on every push — before anything reaches production.
Zero trust. Total verification.
Automatic scanning, signing, and provenance on every push — before anything reaches production.
Ship with confidence.
Every release goes through promotion gates before it reaches production. No surprises.
Ship with confidence.
Every release goes through promotion gates before it reaches production. No surprises.
Policy as code. Compliance built-in.
Write rules in OPA/Rego. Enforce them automatically across every registry and team.
Policy as code. Compliance built-in.
Write rules in OPA/Rego. Enforce them automatically across every registry and team.
One registry. All dependencies.
Proxy public registries — every package scanned and governed, whether internal or external.
Public registry proxy
Proxy npm, PyPI, Maven Central, Docker Hub through Trunx. Every pull is cached, scanned for CVEs, and recorded in audit logs.
Dependency graph
Know the blast radius before you upgrade anything.
Auto-upgrade PRs
Detect new versions, open PRs automatically.
Webhooks & API
Full REST API + webhooks for any CI/CD.
Universal CLI
trunx push/promote/scan across all formats.
Prometheus metrics
Scrape /metrics. Alert on what matters.
Version diff
Compare any two versions: changed files, new deps, added CVEs.