fossabot now supports all tiers of GitHub and GitLab for strategic dependency upgrades.
Check out new features available to FOSSA customers, including malware detection, custom risk scores, and more.
fossabot now supports Java ecosystems, including Maven, Gradle and Kotlin codebases.
Get practical guidance for navigating each step of the SBOM management lifecycle.
Leading SBOM and software supply chain expert Allan Friedman analyzes several major SBOM regulations, including PCI DSS and the CRA.
Learn about FOSSA's new malware detection feature, including its benefits and how to use it.
Leading SBOM and software supply chain expert Allan Friedman shares recommendations for SBOM programs at various stages of maturity.
See highlights from ENISA's SBOM implementation guide, including the planning, execution, and monitoring phases of an SBOM program.
fossabot's stategic updates adapt your app code to upstream library changes, now with an enhanced planner and improved CI signals
See technical details and important themes from Germany's influential BSI SBOM guidelines.
Learn about the new features and improvements in CycloneDX 1.7, including new patent-related fields and expanded cryptography support.
Organizations are successfully generating SBOMs for security, regulatory compliance, and business reasons, but struggle with their distribution.
FOSSA's new license concluded feature simplifies the process of analyzing multiple declared and discovered licenses associated with a single dependency.
Learn about Common Platform Enumeration (CPE), including its importance to software transparency and the SBOM ecosystem.
Leading IP attorney and OSS license compliance expert Heather Meeker discuss the license compliance implications of using AI coding assistants.
Dr. Allan Friedman, a globally recognized leader of the SBOM movement, has officially joined FOSSA as a Senior Advisor.
Learn about the two primary techniques OSS license scanners use to detect open source licenses.
Learn about SBOM (software bill of materials) requirements in the FedRAMP Rev5 and the new FedRAMP 20x.
Announcing fossabot, a new AI Agent for making strategic dependency updates, backed by a comprehensive accuracy, consistency, and correctness framework.
FOSSA's path to automated updates and the importance of new technology to accomplish these challenging engineering tasks.
FOSSA has acquired EdgeBit, which pioneered automated dependency updates using a world-class static analysis engine.
Learn why the Shai-Hulud malware is a significant threat to the npm ecosystem, and see how FOSSA's Impact Assessment Tool can help mitigate the risk.
Semantic versioning is a core pillar of responsible open source publishing, but what happens when it's incorrectly used?
FOSSA's new Snippet Scanning product helps organizations manage IP legal risks associated with AI coding tools.
See four methods for generating an SBOM — from source code, from an ecosystem-specific tool, from a container, and from a binary file.
Learn about new SBOM (software bill of materials) requirements from SEBI, India's securities and commodities market regulator.
Learn about five lawsuits that have helped shape global enforcement of open source software licenses.
See five important factors to consider when evaluating SBOM tools for your organization in this buyer's guide.
Learn how FOSSA's Dynamic SBOM Sharing feature facilitates the secure exchange of SBOMs between SBOM distributors and consumers.
Learn about FOSSA's Time-Based Ignore Rules, which help teams implement temporary exceptions to security, license compliance, and quality policies.
Learn about FOSSA's new Issue Diffs feature, which makes it easy to compare licensing, security, and quality issues between software versions.
Learn about PURL — the Package URL Specification — including its utility for SBOM management and how it compares to other unique identifiers.
FOSSA's VP of Engineering Dave Bortz shares insight into the FOSSA engineering team's AI coding philosophy.
Learn how Maven build environments can introduce non-determinism, and get guidance for managing Maven dependencies with FOSSA.
See how FOSSA's hack week projects are already making a difference for our customers.
Learn about several recent FOSSA product updates, including container scanning and CycloneDX report improvements.
Introducing FOSSA Package Labels - a powerful way to annotate packages with contextual metadata, enabling more efficient and insightful reporting and filtering.
Learn about slopsquatting, an emerging category of software supply chain risk that can stem from AI coding tools.
FOSSA's new Binary Composition Analysis (BCA) product enables organizations to mange security, license compliance, and SBOMs for binary files.
An analysis of the CERT-In guidelines for building and managing an SBOM program, recommended data fields, automation support, and best practices.
An exploration of the importance of SBOMs in complying with the EU's Digital Operational Resilience Act (DORA), focusing on software tracking and monitoring requirements for financial entities.
Explore the new functionalities of FOSSA for managing SBOMs, vulnerabilities, and open source license compliance, including automated NOTICE file recreation and FDA compliance support.
FOSSA introduces a new business tier tailored for smaller teams, offering flexible pricing and comprehensive features for SBOM, vulnerability management, and license compliance.
New integration between FOSSA and New Relic provides end-to-end visibility and actionable insights for developers to manage software supply chain security efficiently.
Learn about FOSSA's new SBOM policy feature that helps enforce SBOM standards for compliance and security.
An in-depth look at the Common Vulnerability Scoring System (CVSS), its evolution, scoring methods, and its importance in prioritizing vulnerabilities.
Explore the significant licensing stories of fall 2024, including Elastics return to open source, the new fair source licensing model, and the PearAI controversy.
Exploring the next steps for improving SBOM usability across the ecosystem with new data requirements and considerations for vulnerability management.
An in-depth look at snippet scanning tools, their methodologies, and their impact on open source license compliance.
Explore the newly discovered vulnerabilities in OpenPrinting's CUPS and their potential impact on UNIX-like operating systems, with guidance on remediation.
The U.S. Army has announced new SBOM requirements for contractors and subcontractors to improve software supply chain security. Learn about the implementation timeline, scope, and how to prepare.
An overview of the Cyber Resilience Act (CRA) and its implications for SBOM requirements, diving into its standards and comparisons to global initiatives.
An overview of the CISA Stakeholder-Specific Vulnerability Categorization (SSVC) model, focusing on its decision-making framework to categorize and prioritize vulnerabilities based on unique organizational risk profiles.
Introducing FOSSAs new SBOM Management add-on to simplify software inventory and compliance processes.
FOSSA has acquired StackShare to improve developer tools management and enhance security visibility for enterprises.
This blog post explores the introduction of SBOM requirements in PCI DSS 4.0, detailing the specific requirements and timelines, and suggesting steps for organizations to prepare for the March 2025 enforcement date.
FOSSA's free plan now includes security, license compliance, and SBOM management for up to 25 developers and 5 projects.
An overview of a significant supply chain attack on the Polyfill CDN service, including its background, impact, and mitigation strategies.
Explore how the CISA KEV Catalog aids organizations in vulnerability prioritization and learn about its evaluation process.
Explore how to effectively define SBOM requirements for software suppliers to ensure transparency and compliance in procurement processes.
FOSSA partners with New Relic in the Secure Developer Alliance to enhance vulnerability management with cutting-edge resources and collaborations.
Discover how Sentry manages software license compliance through policies, processes, and automation using FOSSA's open source management platform.
SPDX 3.0 introduces new profiles for better use case targeting and flexibility. Major upgrades include changes in document structure, profiles, relationships, and creator information.
Learn about the new features and improvements in CycloneDX 1.6, including Cryptographic BOM, Attestation support, and Machine Learning BOM enhancements.
A new vulnerability, impacting XZ Utils with CVSS severity score of 10, brings potential remote code execution risks.
Explore new features from FOSSA designed to enhance software transparency and mitigate open source risks across your organization.
Explore different SBOM formats like SPDX and CycloneDX, their specifications, and their implications for software transparency and cybersecurity.
Explore FOSSA's Issue Overview Dashboard to enhance your software's risk observability with insights into security, licensing, and quality issues.
Explore FOSSA Quality's tools for assessing and improving the health of your software's open source components.
Explore the FDA's new SBOM requirements for medical devices, detailing the scope, structure, and support information needed for compliance.
Explore how FOSSA’s Package Index enhances software supply chain visibility, enabling swift vulnerability detection and remediation.
A summary of the key insights from the ESF's latest recommendations on OSS and SBOM management.
Learn how FOSSA’s auto-ignore rules streamline license compliance and vulnerability remediation by minimizing redundant alerts.
Researchers from Ruhr University Bochum have uncovered Terrapin, a new SSH vulnerability (CVE-2023-48795) allowing man-in-the-middle attacks, affecting widely used SSH applications.
A detailed comparison of SCA and SAST security tools, highlighting their differences and combined use for enhanced security.
Understanding dual licensing with insights from Heather Meeker, covering scenarios for choice-of-license and multi-license models, and managing associated risks.
Explore the intricacies of source-available software licenses, contrasting them with open-source and proprietary licenses.
Explore the EPSS scoring system and how it helps prioritize vulnerability exploitability.
Explore crucial elements for creating high-quality SBOMs including tooling, integration strategies, configuration, and data fields in compliance with licensing and security requirements.
Curl 8.4.0 addresses two critical vulnerabilities; learn the impacts and recommended fixes.
Explore strategies to mitigate security and legal risks associated with GitHub Copilot and similar AI tools.
Explore the world of Software Bill of Materials (SBOMs) with examples and explanations of popular formats like SPDX and CycloneDX.
An overview of SPDX License Identifiers and Expressions and how they streamline open source licensing communication.
The Business Source License (BSL) is a hybrid between open source and end-user licenses, providing a unique balance of access and restrictions. Learn about its requirements, provisions, and history in this comprehensive guide.
Explore how a software bill of materials (SBOM) can enhance your organization's security by providing visibility into open source vulnerabilities, improving software supply chain transparency, enabling VEX, supporting vulnerability remediation, and flagging high-risk components.
Discover the latest enhancements and features introduced by FOSSA, designed to improve your experience with our platform.
Explore the differences between direct and transitive dependencies, and how they impact your project's development and maintenance.
Explore strategies for addressing vulnerabilities in third-party components, including patching and upgrading methods.
The CycloneDX team released version 1.5, building on existing capabilities and introducing enhancements such as the Authoritative Guide to SBOM.
Explore the purpose and significance of VEX (Vulnerability Exploitability eXchange) in managing software vulnerabilities, detailing its necessity, applications, and future implications for suppliers and users.
In this episode of The FOSSA Podcast, our senior product manager and a longtime engineer discuss product development's evolution as companies grow, including collaboration, management tools, and growth vs. retention strategies.
Explores the impact of recent U.S. Copyright Office decisions on generative AI, potential risks from open source licensing, and strategies to mitigate IP risk in software development.
The fifth episode of The FOSSA Podcast discusses managing engineering projects with insights from FOSSA’s VP of Engineering and a senior developer.
Discussion on tailoring open source license compliance policies for different deployment models, including strategies for SaaS, mobile apps, and embedded systems.
Explore the differences between FOSSA's deployment models and find the best option for your organization.
A discussion on open source usage and software composition analysis tools to manage OSS license compliance and security risks.
See important criterial for evaluating SBOM tools and picking the best one for your organization.
The third episode of The FOSSA Podcast discusses managing strategic customer relationships, offering guidance on structuring customer success teams and building a company-wide customer-success mindset.
An exploration of open source license compliance in the container ecosystem, discussing key components and compliance strategies.
In the second episode of the FOSSA Engineering Podcast, engineers reflect on early-stage technology choices and offer guidance for developers facing similar decisions.
Explore trends, predictions, and observations on mission-critical open source management, including SBOM data usage, license compliance automation, and more.
FOSSA's podcast explores the adoption of Haskell into its codebase, discussing the reasons and benefits of the functional programming language.
Discover how businesses can leverage software bill of materials (SBOMs) throughout the software development lifecycle (SDLC) to manage risks including software supply chain security and open-source license compliance.
Discover FOSSA's latest updates enhancing SBOM management and new support for the CycloneDX SBOM standard.
Learn how to authenticate the FOSSA CLI using 1Password's shell plugin for secure and easy integration.
Discover how Applause, led by CTO Rob Mason, leverages FOSSA to optimize open source management, reducing burdens on developers.
Explore the GPL v3's 'User Product' clause and strategies for compliance, addressing challenges faced by manufacturers while protecting user freedom.
Explore the evolution of open source software license compliance risks and best practices in commercial software agreements.
FOSSA announces the general availability of its security and license scanning for C and C++ projects, offering tailored solutions for dependency identification.
Enhancements to FOSSA's platform with new C/C++ support, issue resolution updates, container scanning improvements, and Azure integration.
This post discusses two high-severity vulnerabilities impacting OpenSSL versions 3.0 and later, including details on how to find and fix them.
A critical remote code execution vulnerability called Text4Shell impacting the Apache Commons Text library.
Explore the Microsoft Public License (Ms-PL), often used in .NET projects, known for its unique place in the open source licensing landscape.
An overview of the Securing Open Source Software Act, its implications for federal agencies, and potential effects on the private sector.
The U.S. federal government’s Office of Management and Budget published a memo requiring software suppliers to self-attest to secure development practices, impacting government and private sector software supply chains.
A detailed exploration into the evolution and current trends of compliance tools for open source software licenses, with insights from Heather Meeker.
A discussion with Heather Meeker on pressing issues related to open source software license compliance, featuring key Q and A highlights from a recent webinar.
FOSSA has achieved the Great Place to Work Certification™, showcasing its commitment to a supportive and inclusive work environment.
An insightful interview with Amanda Weare, Collibra's VP and Deputy General Counsel, discussing their approach to open source license compliance.
A guide to understanding and implementing the SLSA framework for improving software supply chain security across organizations.
Recommendations from the CSRB to improve software security concerning the Log4j vulnerability, with a focus on private enterprises.
A guide on transforming byte streams in Rust by using iterators to create powerful modifications.
Exploring how open source software can align with ESG principles, serving both as a risk and an investment opportunity.
Introducing FOSSA Risk Intelligence, a private beta add-on to enhance software supply chain security by addressing risks like stale packages, abandonware, and more.
An overview of the SIL Open Font License (OFL), its versions, and provisions for font software use, modification, and redistribution.
Explore the importance and elements of building a successful open source license compliance program, as discussed by Jim Markwith, a technology and transactions attorney.
Explore the concept of dependency confusion attacks, how they work, and strategies to prevent them from affecting software supply chains.
An overview of NIST's updated recommendations for managing cybersecurity risks across supply chains, featuring frameworks and templates for organizations.
Exploration of Software Freedom Conservancy's lawsuit against Vizio and its potential impact on open source license enforcement.
A thorough examination of the Boost Software License, showcasing its similarities to and differences from other permissive licenses.
The CDDL — short for Common Development and Distribution License — is a weak copyleft open source software license initially published by Sun Microsystems.
Explore the successful implementation of Software Composition Analysis (SCA) at Rancher Labs, focusing on simplicity, CI/CD integration, barrier removal, and addressing tech debt.
Explore why Rancher Labs selected FOSSA for open source management, enhancing their development efficiency and security posture.
A review of critical remote code execution vulnerabilities in Spring, highlighting CVE-2022-22965 and CVE-2022-22963, their impact, and mitigation strategies.
Exploring strategies to enhance software supply chain security through sustainability practices.
FOSSA introduces support for C/C++ scanning and SBOM generation, enhancing software supply chain security.
Exploring the challenges of scanning C and C++ code and how FOSSA addresses these challenges with their code scanning technology.
Exploring the guiding principles of reproducible builds to strengthen software supply chain security.
Explore how Maven handles dependency versions, including declaring dependencies, overriding them, and utilizing version ranges.
An overview of the U.S. Senate's hearing on the Log4J vulnerability, highlighting key discussions on software security.
A detailed analysis of the Linux Foundation's SBOM report, outlining key insights into software supply chain security.
Learn about the common security vulnerabilities in React and best practices to prevent them.
An exploration of the AGPL's implications, how it compares to the GPL family, and its inception.
A discussion on essential DevSecOps tools that help automate software testing and management, enhancing security throughout the software development lifecycle.
The developer behind 'colors.js' and 'faker.js' sabotages his own npm libraries, causing widespread disruption.
A comprehensive guide to managing dependencies in Visual Studio using NuGet, exploring .NET projects, project dependencies, and alternative tools for effective dependency management.
Exploring the license compliance concerns surrounding TikTok Live Studio's use of GPL v2-licensed OBS Studio.
Highlights from a webinar with open source licensing expert Heather Meeker discussing AGPL, Truth Social's compliance issues, and Google's AGPL policy.
Explore detection and remediation strategies for Log4J vulnerabilities, including Log4Shell, using FOSSA's CLI.
A guide on addressing the newly discovered Log4J DoS vulnerability CVE-2021-45105 and recommended updates.
FOSSA has partnered with OpenChain to support organizations in achieving OpenChain Conformance, promoting compliance with OSS licensing requirements.
Discover the critical CVE-2021-44228 vulnerability in Apache Log4J affecting many applications and how to mitigate it.
Explore FOSSA's upgraded license scanner, featuring improved speed and accuracy, and learn how it benefits users with enhanced capabilities.
An overview of dependency management in .NET including .csproj, .packages.config, project.json, and other related artifacts.
Announcing FOSSA's revamped CLI that simplifies integrations with reduced configuration. Discover the new features and improvements.
Explore the principles of DevSecOps, a natural extension of DevOps, focusing on integrating security testing throughout the software development lifecycle.
A significant rise in NPM packages with embedded malware has been reported, affecting popular packages like coa, rc, and ua-parser. This raises serious concerns over the ecosystem's security.
An overview of the Eclipse Public License, its key provisions, and its compatibility with other licenses.
An exploration of effective testing practices in Go, including strategies for choosing what to test and examples of making it work in applications.
Explore the essential aspects of technical due diligence, from third-party software usage to intellectual property protections.
Explore common questions related to FOSSA’s SBOM solution including its features, export formats, and security aspects.
Understanding software supply chain attacks and strategies to defend against them.
Learn how to use FOSSA's SBOM tool to generate a software bill of materials easily and effectively.
Exploring the significance of understanding software dependencies, licenses, and the unusual case of bouk/monkey's license.
Exploring the implementation of Zero Trust through Role-Based Access Control (RBAC) with FOSSA.
Explore best practices for OSS management in the automotive industry to reduce license compliance, security, and quality risks.
Overview of several new features in FOSSA, including analysis target configuration, announcements banner for on-prem users, new language support, container scanning, audit logging, and the ability to manually add dependencies.
FOSSA is recognized as a significant SCA solution in The Forrester Wave™ report, achieving highest scores in license risk management and SBOM criteria.
An overview of the GNU Lesser General Public License (LGPL), its requirements, permissions, and its current usage in the open source software development community.
Explore the intricacies of the GNU Affero General Public License (AGPL), its history, requirements, and its impact on the open-source software community.
Announcing the availability of FOSSA Container Scanning, a tool that helps identify vulnerabilities and license risks in container images.
An exploration of the Stockfish lawsuit against ChessBase, testing the GPL v3 license regarding derivative works and license termination.
An overview of the minimum required elements for a Software Bill of Materials (SBOM) as outlined by the U.S. Federal Government's NTIA.
Explore the potential legal challenges GitHub Copilot faces regarding copyright infringement and license compliance of its code suggestions.
Explore today’s container image security landscape and learn strategies to fend off cyber threats like vulnerability scanning and digital signatures.
An overview of CWE-79: Cross-Site Scripting, a common web vulnerability that allows attackers to inject malicious code into web applications.
Explore the impact of copyleft licenses on venture capital investments, including insights from IP lawyer Kate Downing and the NVCA Stock Purchase Agreement Model Form.
An exploration of permissive open source licenses, their history, and their role in the software community.
An overview of the Biden Administration's executive order on cybersecurity and its impact on software supply chain security.
Exploring the essential features of an effective Software Composition Analysis (SCA) solution through insights from IT Central Station members.
An exploration of copyleft licenses, their history, differences from permissive licenses, and their role in the open source community.
Explore application security testing with SCA and DAST, and learn how to implement these tools using GitHub Actions for early bug detection and cost reduction.
Explore the significance of Software Bill of Materials (SBOM), its formats, use cases, and essential elements crucial for compliance and security in the software supply chain.
Explore how Software Composition Analysis (SCA) helps teams manage open source software vulnerabilities.
Explore the history, requirements, and key differences of the ISC License in open source software.
An in-depth look at the Mozilla Public License 2.0, its requirements, comparisons with other licenses, and its use cases.
Explore various build systems suited for monorepos, detailing the difference between imperative and declarative systems, and providing insights into top choices such as Bazel, Buck, and Pants.
An overview of the BSD 3-Clause License, its history, requirements, and how it compares to other permissive licenses.
Exploring supply chain security risks in automotive industry and how software composition analysis can mitigate these threats.
FOSSA staff engineer Konstantin Gredeskoul and Oxide Computer Company's co-founder Bryan Cantrill discuss the development and impact of open source software in an informative and entertaining podcast.
Explore the components and staffing necessary for establishing a successful Open Source Program Office to manage and strategize open source software use.
Explore the differences between GPL v2 and GPL v3, understand the key features of GPL v3, and discover why it's a popular choice among developers and companies. Learn about its use cases, compatibility with Apache 2.0, and the future of GPL v3 in OSS projects.
An informative guide on the GNU General Public License Version 2.0, highlighting its terms, conditions, and how it contrasts with other open source licenses.
Guidance on choosing the right open source software license compliance tool, covering aspects such as scanning, automation, integration, issue management, and reporting.
An analysis of the 2021 State of Open Source Vulnerabilities report, highlighting frequent targets like Java and JavaScript, common issues such as poor input validation, and vulnerable libraries.
An exploration of the Apache License 2.0, outlining its terms, use cases, and how it compares to other permissive licenses.
Explore how to effectively apply a license to your open source software project, addressing common challenges and scenarios.
Exploring the MIT License, a popular open source software license, its permissions, restrictions, and comparisons to other licenses.
Key insights from the OpenChain ISO/IEC 5230:2020 standard, focusing on requirements for license compliance programs and how to achieve OpenChain Conformance.
Discover key security insights from the 2020 FOSS Contributor Survey and explore actionable recommendations for open source project owners.
Exploring the future of Software Composition Analysis (SCA) with key insights into automation, governance, and developer integration.
Integrate Google’s PageSpeed Insights API into Rails apps to improve site performance, accessibility, and SEO.
Explore strategies for maximizing open source software benefits while ensuring compliance and security.
Exploring the implications of the SolarWinds hack and methods to prevent similar software supply chain attacks, with a focus on software composition analysis.
Explore how UiPath reduces open source risk through collaboration between engineering, compliance, and security teams.
Discover how Software Composition Analysis (SCA) helps you manage and reduce risks associated with open source components in your software.
Monorepos, used by companies like Google and Facebook, offer benefits like simplified dependency management and large-scale code refactoring, but also present challenges in build pipelines and VCS tooling.
Discover how Zendesk's legal team improved open source compliance with the help of FOSSA, optimizing workflows and reducing time spent on compliance processes.
FOSSA has achieved SOC 2 Type 2 compliance, reaffirming its commitment to the highest standards of security and data protection.
This post guides you on how to choose the right open source license for your project, ensuring your software is protected and shared as you wish.
Explore FOSSA’s recent design refresh, focusing on brand consistency and user experience improvements.
Heather Meeker shares insights on open source software licensing and the role of automation in managing license notices.
Discussing the importance of open source license notices and how automation can help address compliance challenges.
Explore how we redesigned FOSSA's brand and website, focusing on new design principles and a modernized aesthetic that enhances user experience and brand identity.
Understand the importance of Software Composition Analysis (SCA) tools for mitigating risks associated with open source components in modern software development.
FOSSA announces a new funding round of $23.2M to accelerate the development of open source inventory solutions.
FOSSA announces $23.2 million in Series B funding and launches new security management capabilities, affirming its leadership in the software composition analysis market.
Announcing the launch of FOSSA Security Management, empowering enterprises to prevent vulnerabilities proactively and continuously.
Open source non-compliance can impact company transactions like mergers and acquisitions by slowing, devaluing, or breaking deals.
Explore the often-overlooked risks in IPO preparations, focusing on open source license management and compliance.
In remote work, businesses' confidence in their software supply chain is crucial, highlighting risk mitigation's importance.
Exploring the intersection of TikTok, national security, and the future of open source software surveillance.
Explore how FOSSA aids in scanning different components of a container to ensure compliance and security.
Explore the role of open source in the enterprise market and learn the essentials of managing open source software including strategies, policies, and tools for effective oversight.
Explore the risks and necessity of source code scanning tools in open source compliance to prevent licensing issues and ensure smooth project management.
Explore the January 2020 FOSSA product release, featuring Release Groups for better project management and new dependency editing workflows, alongside various CLI improvements.
December 2019 product release notes, highlighting user management enhancements and updates to attribution reports.
Explore the nuances of snippet scanning and its relevance to software development today, while considering risk profiles and modern development practices.
Learn about FOSSA's November 2019 product updates including user management enhancements, UI improvements, and new reporting features.
FOSSA has been named to CNBC's Upstart 100 List following the closing of $8.5 Million in Series A Funding.
FOSSA announces the acquisition of Dawn Labs to enhance its focus on developer-focused products and expand its team with experienced developers known for creating Carbon and working with ZEIT.
Highlights from FOSSA's September 2019 release, including updates to JIRA integration, project addition enhancements, new reporting formats, and FOSSA-CLI improvements.
FOSSA announces an $8.5M Series A funding to enhance open source management for enterprises, and shares success stories with notable clients.
Explore how DevOps and open source tools can be leveraged with CI/CD to mitigate risk without compromising on speed.
Highlighting FOSSA's August 2019 product updates, including streamlined issue management, new language support, and enhanced reporting features.
Learn about FOSSA's new CircleCI orb for easier OSS license compliance and CI/CD integration.
Enhancements to the FOSSA CLI, Rust support, and improvements to on-prem deployment are highlighted in the FOSSA July 2019 product release notes.
Explore why collaboration between legal and engineering teams is critical in the era of privacy legislation and open source licensing.
Mahak Bandi shares her experiences and growth as a Marketing Intern at FOSSA.
Explore some of the most unconventional open source licenses, from Beerware to WTFPL.
Kick off the summer with new Haskell language support, plain text reporting, and major enhancements to FOSSA's project page.
A comprehensive guide to understanding open source licenses, including permissive and copyleft licenses, and how to apply them.
Exploration of the benefits and limitations of private artifact repositories, highlighting three common issues developers face along with solutions offered by FOSSA.
Exploring the impact of manual open source request processes on engineering culture and innovation speed.
FOSSA is excited to announce its CNCF membership, highlighting the importance of open source in software development and our commitment to the community.
Explore the latest updates from FOSSA, including simplified reporting, enhanced CLI, and better support for NuGet and Gradle.
Exploring the importance and benefits of continuous compliance in the use of open source software.
Learn how to create a comprehensive third-party package license policy, a vital element for companies engaging with open source software and ensuring compliance across various licenses.
Exploring the importance of adopting platform-agnostic tools for open source license compliance and the benefits of avoiding vendor lock-in.
Discover how Applause leveraged FOSSA to automate their OSS licensing and compliance process, saving time and improving accuracy.
Exploring the costs and benefits of manual versus automated license compliance in software companies.
Learn how to efficiently use integration tests for third-party services with mocha-tape-deck, optimizing speed and reliability.
Reflections on an engineer's journey in a small company, highlighting the diverse roles and skills acquired.
Exploring the best open source licenses for commercialization, including the balance between permissive and restrictive licenses.
Exploration of open source software, business models, and the impact of the Commons Clause, with insights from Kevin Wang.
An exploration of the challenges and strategies in managing Go package dependencies, including issues with reproducible builds and dependency analysis.
FOSSA introduces version 0.8.0, featuring an overhauled onboarding system and a series of usability improvements.
Announcing new license data quality updates with over 300 new licenses in FOSSA.
The JS Foundation, supporting critical JavaScript infrastructure, chooses FOSSA for automated open-source license compliance.
This post discusses how FOSSA's new dashboard tools address alert fatigue by improving issue management and triage for modern enterprises.
FOSSA is open sourcing its dependency analysis infrastructure, allowing everyone access to the tools necessary to get comprehensive dependency data from any codebase.
Explore the unique challenges of on-premises deployments and discover how FOSSA improves onboarding, support, and integrations to enhance user experience.
Explore the legal and compliance challenges SaaS companies face when transitioning to on-prem solutions for high profile clients, such as Fortune 500 companies.
Discover how FOSSA improves organization-level issue management and introduces conditional policy rules to streamline compliance.
The controversy surrounding Facebook's 'BSD+ Patents' license is more partisan than practical, and the Apache Foundation's decision to reclassify it is unlikely to impact the use of ReactJS.
A comprehensive guide on GPL compliance for professionals in consumer electronics, IoT, and automotive industries, featuring useful flowcharts and checklists.
Announce the public beta release of FOSSA and a $2.2MM seed round led by Bain Capital Ventures.
Exploring the necessity of code scanning tools for tracking and complying with open source licenses in modern software development.
An exploration of how SmartThings automates their code release process for IoT platforms with the help of FOSSA compliance tools.
FOSSA introduces a new add-on for npm Enterprise to enhance open source license compliance.
