All Announcements SBOM Security Licensing Open Source Press

Dependency Heaven

Jun 10, 2025

FOSSA Issue Diffs: Understanding Your Evolving Risk Posture

Learn about FOSSA's new Issue Diffs feature, which makes it easy to compare licensing, security, and quality issues between software versions.

Understanding the PURL Specification (Package URL)

Jun 4, 2025

9 min

Understanding the PURL Specification (Package URL)

Learn about PURL — the Package URL Specification — including its utility for SBOM management and how it compares to other unique identifiers.

A VP of Engineering’s Perspective on FOSSA’s AI Journey

May 28, 2025

8 min

A VP of Engineering’s Perspective on FOSSA’s AI Journey

FOSSA's VP of Engineering Dave Bortz shares insight into the FOSSA engineering team's AI coding philosophy.

Latest Articles

May 19, 2025

4 min

When Builds Bite Back: The Surprising Pitfalls of Maven Environments and Reproducibility

Learn how Maven build environments can introduce non-determinism, and get guidance for managing Maven dependencies with FOSSA.

Revisiting FOSSA Hack Week and Its Customer Impact

See how FOSSA's hack week projects are already making a difference for our customers.

May 2025 FOSSA Product Updates

Learn about several recent FOSSA product updates, including container scanning and CycloneDX report improvements.

open-source, product updates

Read Article

Annotate Dependencies with Context: Introducing Package Labels in FOSSA

Apr 25, 2025

5 min

Annotate Dependencies with Context: Introducing Package Labels in FOSSA

Introducing FOSSA Package Labels - a powerful way to annotate packages with contextual metadata, enabling more efficient and insightful reporting and filtering.

Dependency Heaven

FOSSA Issue Diffs: Understanding Your Evolving Risk Posture

Understanding the PURL Specification (Package URL)

A VP of Engineering’s Perspective on FOSSA’s AI Journey

Latest Articles

When Builds Bite Back: The Surprising Pitfalls of Maven Environments and Reproducibility

Revisiting FOSSA Hack Week and Its Customer Impact

May 2025 FOSSA Product Updates

Annotate Dependencies with Context: Introducing Package Labels in FOSSA

Slopsquatting: AI Hallucinations and the New Software Supply Chain Risk

Introducing FOSSA Binary Composition Analysis (BCA)

More Articles

SBOMs in India: Analyzing CERT-In Guidelines

The Role of SBOMs in Managing DORA Compliance

Winter 2025 FOSSA Product Updates

License Compliance, SBOM, and Vulnerability Management for Smaller Teams: FOSSA Business Tier

New Relic and FOSSA Upgrade Supply Chain Security with Connected Build-Time and Run-Time Vulnerability Management

Introducing SBOM Policies in FOSSA

Understanding CVSS: The Common Vulnerability Scoring System

Fall 2024 Software Licensing Roundup

A Proposal for the Future of SBOM Minimum Elements

Snippet Scanning, Explained

CUPS Vulnerabilities: Impact and Fixes

U.S. Army Announces New SBOM Requirements

SBOM Requirements in the EU’s CRA (Cyber Resilience Act)

4 Considerations for Effective SBOM Sharing

Actioning the Stakeholder-Specific Vulnerability Categorization (SSVC) Model

Automate Regulatory Compliance With FOSSA's New SBOM Management Add-On

FOSSA Acquires StackShare to Enhance Developer Tools Management and Security

Understanding SBOM Requirements in PCI DSS

Secure Open Source for All: FOSSA's Free Plan Just Got Better

Polyfill Supply Chain Attack: Details and Fixes

Using the CISA Kev Catalog

Defining SBOM Requirements for Software Suppliers

FOSSA Joins Forces with New Relic in the Secure Developer Alliance

How Sentry Manages Software License Compliance

SPDX 3.0 Is Released

What’s New in CycloneDX 1.6?

CVE-2024-3094: New Vulnerability Impacts XZ Utils

FOSSA Product Updates: Spring 2024

SBOM Formats Explained and Compared

Enhancing Risk Observability with FOSSA's Issue Overview Dashboard

Beyond Vulnerabilities: Understanding Package Health with FOSSA Quality

Complying with the FDA’s SBOM Requirements

Enable Global Visibility and Swift Remediation with Package Index

4 Takeaways from the ESF's OSS and SBOM Management Recommendations

Reduce Alert Fatigue with FOSSA’s Auto-Ignore Rules

Terrapin (CVE-2023-48795): New Attack Impacts the SSH Protocol

SCA vs. SAST: Comparing Security Tools

Dual-Licensing Models Explained, Featuring Heather Meeker

A Comprehensive Guide to Source-Available Software Licenses, Featuring Heather Meeker

Understanding and Using the EPSS Scoring System

Best Practices for Generating High-Quality SBOMs

Curl Vulnerabilities: Impact and Fixes (Curl 8.4.0)

5 Ways to Reduce GitHub Copilot Security and Legal Risks

SBOM Examples, Explained

Understanding and Using SPDX License Identifiers and License Expressions

Business Source License (BSL 1.1): Requirements, Provisions, and History

5 Ways an SBOM Can Strengthen Security

FOSSA Product Updates: August 2023

Direct Dependencies vs. Transitive Dependencies

Vulnerability Remediation Tactics

What’s New in CycloneDX 1.5?

VEX (Vulnerability Exploitability eXchange): Purpose and Use Cases

The FOSSA Podcast: Product Management from Startup to Enterprise

Generative AI and Software Development: Copyright Law and License Compliance

The FOSSA Podcast: Managing Engineering Projects

Heather Meeker on Open Source License Compliance Policies

Picking the Right FOSSA Deployment Model

The FOSSA Podcast: SCA Purchasing and Implementation Trends

A Framework for Evaluating SBOM Tools

The FOSSA Podcast: Structuring and Growing a Customer Success Team

Containers and Open Source License Compliance

The FOSSA Podcast: Early-Stage Technology Decisions and Regrets

2023 Open Source Management Trends, Predictions, and Observations

The FOSSA Podcast: Adopting Haskell into an Existing Codebase

How to Operationalize SBOMs Throughout the SDLC

Announcing Support for CycloneDX and SBOM Import

How to Use 1Password to Authenticate the FOSSA CLI

How Applause Makes Open Source Management Work for Developers