<span class="bg-gradient-to-r from-white to-white/80 bg-clip-text text-transparent">Dependency Heaven

Rewriting an NPM Package's Semver Based on Breaking Changes

Manage AI Coding Tool Risks with FOSSA Snippet Scanning

Sep 3, 2025

Manage AI Coding Tool Risks with FOSSA Snippet Scanning

FOSSA's new Snippet Scanning product helps organizations manage IP legal risks associated with AI coding tools.

Latest Articles

Aug 19, 2025

4 Ways to Generate an SBOM

See four methods for generating an SBOM — from source code, from an ecosystem-specific tool, from a container, and from a binary file.

Complying with SEBI SBOM Requirements

Learn about new SBOM (software bill of materials) requirements from SEBI, India's securities and commodities market regulator.

Analyzing 5 Major OSS License Compliance Lawsuits

Learn about five lawsuits that have helped shape global enforcement of open source software licenses.

Jul 24, 2025

Vulnerability Management, FOSSA, Compliance

The SBOM Tool Buyer's Guide

See five important factors to consider when evaluating SBOM tools for your organization in this buyer's guide.

Introducing Dynamic SBOM Sharing in FOSSA

Learn how FOSSA's Dynamic SBOM Sharing feature facilitates the secure exchange of SBOMs between SBOM distributors and consumers.

Operationalizing Exceptions with Time-Based Ignore Rules

Learn about FOSSA's Time-Based Ignore Rules, which help teams implement temporary exceptions to security, license compliance, and quality policies.

When Builds Bite Back: The Surprising Pitfalls of Maven Environments and Reproducibility

Revisiting FOSSA Hack Week and Its Customer Impact

May 2025 FOSSA Product Updates

May 5, 2025

open-source, product updates

Annotate Dependencies with Context: Introducing Package Labels in FOSSA

Apr 25, 2025

dependency management, package labels, open-source

Slopsquatting: AI Hallucinations and the New Software Supply Chain Risk

Apr 21, 2025

Software Supply Chain Security, Slopsquatting, AI Coding

Introducing FOSSA Binary Composition Analysis (BCA)

SBOMs in India: Analyzing CERT-In Guidelines

Feb 25, 2025

SBOM, India, Guidelines

The Role of SBOMs in Managing DORA Compliance

Winter 2025 FOSSA Product Updates

Dec 19, 2024

FOSSA, SBOM, License Compliance

License Compliance, SBOM, and Vulnerability Management for Smaller Teams: FOSSA Business Tier

New Relic and FOSSA Upgrade Supply Chain Security with Connected Build-Time and Run-Time Vulnerability Management

Dec 2, 2024

Security, Integration

Introducing SBOM Policies in FOSSA

Nov 21, 2024

SBOM, FOSSA, Compliance

Understanding CVSS: The Common Vulnerability Scoring System

Fall 2024 Software Licensing Roundup

Oct 23, 2024

elastic, licensing, open-source

A Proposal for the Future of SBOM Minimum Elements

Snippet Scanning, Explained

Sep 30, 2024

open-source, snippet scanning

CUPS Vulnerabilities: Impact and Fixes

Sep 27, 2024

CUPS, Vulnerabilities

SBOM, Cyber Resilience Act, EU Regulations

U.S. Army Announces New SBOM Requirements

SBOM Requirements in the EU’s CRA (Cyber Resilience Act)

Sep 10, 2024

20 min

4 Considerations for Effective SBOM Sharing

Actioning the Stakeholder-Specific Vulnerability Categorization (SSVC) Model

Aug 14, 2024

23 min

Automate Regulatory Compliance With FOSSA's New SBOM Management Add-On

FOSSA Acquires StackShare to Enhance Developer Tools Management and Security

Aug 1, 2024

Company News, technology, acquisition

Understanding SBOM Requirements in PCI DSS

Jul 24, 2024

SBOM, PCI DSS, Security

Secure Open Source for All: FOSSA's Free Plan Just Got Better

Jul 14, 2024

open-source, security

Polyfill Supply Chain Attack: Details and Fixes

Jul 10, 2024

supply chain attack, security

Using the CISA Kev Catalog

Jul 2, 2024

Defining SBOM Requirements for Software Suppliers

Jun 11, 2024

11 min

SBOM, Software Suppliers

FOSSA Joins Forces with New Relic in the Secure Developer Alliance

May 7, 2024

vulnerability management, secure developer alliance

How Sentry Manages Software License Compliance

May 2, 2024

software licensing, compliance

SPDX 3.0 Is Released

What’s New in CycloneDX 1.6?

Apr 12, 2024

CycloneDX, SBOM, Software Security

CVE-2024-3094: New Vulnerability Impacts XZ Utils

Apr 3, 2024

security, linux, vulnerability

FOSSA Product Updates: Spring 2024

Mar 29, 2024

SBOM, Software Transparency

SBOM Formats Explained and Compared

Mar 26, 2024

15 min

Enhancing Risk Observability with FOSSA's Issue Overview Dashboard

Mar 21, 2024

risk management, FOSSA

Beyond Vulnerabilities: Understanding Package Health with FOSSA Quality

Complying with the FDA’s SBOM Requirements

Mar 8, 2024

FDA, SBOM, Cybersecurity

Enable Global Visibility and Swift Remediation with Package Index

Feb 2, 2024

Package Index, Security, Software

4 Takeaways from the ESF's OSS and SBOM Management Recommendations

Jan 26, 2024

ESF, SBOM, Open Source Software

Reduce Alert Fatigue with FOSSA’s Auto-Ignore Rules

Jan 9, 2024

FOSSA, Auto-Ignore, Open Source

Terrapin (CVE-2023-48795): New Attack Impacts the SSH Protocol

SCA vs. SAST: Comparing Security Tools

Dual-Licensing Models Explained, Featuring Heather Meeker

Dec 13, 2023

licensing, open-source

A Comprehensive Guide to Source-Available Software Licenses, Featuring Heather Meeker

Dec 5, 2023

software licenses, open-source, source-available

Understanding and Using the EPSS Scoring System

Best Practices for Generating High-Quality SBOMs

Curl Vulnerabilities: Impact and Fixes (Curl 8.4.0)

Oct 13, 2023

curl, vulnerabilities

5 Ways to Reduce GitHub Copilot Security and Legal Risks

SBOM Examples, Explained

Sep 26, 2023

SBOM, SPDX, CycloneDX

Understanding and Using SPDX License Identifiers and License Expressions

Business Source License (BSL 1.1): Requirements, Provisions, and History

Aug 23, 2023

BSL, software-licensing

5 Ways an SBOM Can Strengthen Security

FOSSA Product Updates: August 2023

Aug 10, 2023

Direct Dependencies vs. Transitive Dependencies

Aug 3, 2023

dependencies, programming

Vulnerability Remediation Tactics

Jul 12, 2023

11 min

security, dependencies

What’s New in CycloneDX 1.5?

Jun 29, 2023

CycloneDX, SBOM, software

cybersecurity, risk management

VEX (Vulnerability Exploitability eXchange): Purpose and Use Cases

Jun 8, 2023

14 min

The FOSSA Podcast: Product Management from Startup to Enterprise

May 24, 2023

product management, start-up, enterprise

Generative AI and Software Development: Copyright Law and License Compliance

May 16, 2023

AI, software development, snippet scanning

The FOSSA Podcast: Managing Engineering Projects

Apr 28, 2023

engineering, project management

Open Source, License Compliance

Heather Meeker on Open Source License Compliance Policies

Apr 26, 2023

11 min

Picking the Right FOSSA Deployment Model

The FOSSA Podcast: SCA Purchasing and Implementation Trends

Apr 4, 2023

open-source, security

How to Find the Best SBOM Tool for Your Organization

The FOSSA Podcast: Structuring and Growing a Customer Success Team

Mar 9, 2023

customer success, podcast

Containers and Open Source License Compliance

Mar 2, 2023

The FOSSA Podcast: Early-Stage Technology Decisions and Regrets

Feb 21, 2023

technology decisions, podcast

2023 Open Source Management Trends, Predictions, and Observations

Feb 16, 2023

open-source, software management

The FOSSA Podcast: Adopting Haskell into an Existing Codebase

Feb 3, 2023

Haskell, Programming, Podcast

How to Operationalize SBOMs Throughout the SDLC

Announcing Support for CycloneDX and SBOM Import

How to Use 1Password to Authenticate the FOSSA CLI

How Applause Makes Open Source Management Work for Developers

Dec 13, 2022

open-source, software management

Complying with GPL v3’s User Product Clause

Nov 30, 2022

GPL v3, open-source, User Product

Managing OSS License Compliance Risks in Commercial Software Licensing Agreements, Featuring Jim Markwith

Nov 17, 2022

OSS, License Compliance

Announcing the GA of C and C++ Security and License Scanning

November 2022 FOSSA Product Updates

Nov 1, 2022

software updates, C/C++, Azure

OpenSSL Vulnerability 2022: Details and Fixes

CVE-2022-42889 Text4Shell Vulnerability: Impact and Fixes

Oct 26, 2022

Open Source Licenses 101: Microsoft Public License (Ms-PL)

Oct 22, 2022

Analyzing the Securing Open Source Software Act

Sep 29, 2022

open-source, security

U.S. Government Memo Requires Self-Attestation to Secure Development Practices

Sep 21, 2022

software security, government policy

Heather Meeker on Open Source License Compliance Tools

Sep 16, 2022

Q and A: Heather Meeker on Hot Topics in OSS License Compliance

Aug 30, 2022

13 min

OSS, license compliance

FOSSA Earns Great Place To Work Certification

Aug 22, 2022

Workplace Culture, Certification

Customer Q&A: Collibra's Journey to Scaling OSS License Compliance

Aug 17, 2022

license compliance, open source, Collibra

A Practical Guide to the SLSA Framework

Aug 12, 2022

SLSA, Software Supply Chain

How to Implement the CSRB’s Log4j Security Recommendations

Jul 27, 2022

security, log4j, csrb

Rust: How to Transform a Byte Stream for Fun and Profit

Why Open Source is ESG

Announcing the Private Beta of FOSSA Risk Intelligence

Jul 6, 2022

open-source, security, risk management

Open Source Licenses 101: SIL Open Font License (OFL)

Jun 24, 2022

Open Source, Licenses, Fonts

How to Build an Open Source License Compliance Program, Featuring Jim Markwith

Jun 7, 2022

Understanding and Preventing Dependency Confusion Attacks

Jun 2, 2022

cybersecurity, supply chain attacks

Highlights from NIST SP 800-161r1: Cybersecurity Supply Chain Risk Management

May 19, 2022

cybersecurity, risk management

The Massive Implications of Software Freedom Conservancy vs. Vizio

May 13, 2022

open-source, software

Open Source Licenses 101: Boost Software License

May 10, 2022

open-source, software license

Open Source Licenses 101: The CDDL (Common Development and Distribution License)

Apr 26, 2022

Best Practices for Implementing Software Composition Analysis, Featuring Rancher Labs

4 Reasons Rancher Labs Chose FOSSA

Apr 7, 2022

Rancher, FOSSA, Open Source Management

An Overview of Spring RCE Vulnerabilities

Apr 2, 2022

Spring, RCE, Security

Building a Sustainable Software Supply Chain

Announcing New Support for C/C++ Scanning, SBOMs

How FOSSA Addresses Challenges Scanning C/C++ Code

The Three Pillars of Reproducible Builds

Mar 8, 2022

software, security, builds

Overriding Dependency Versions and Using Version Ranges in Maven

5 Highlights from the U.S. Senate’s Log4J Vulnerability Hearing

Feb 15, 2022

software security, cybersecurity

6 Takeaways from the Linux Foundation's SBOM Report

React Security: How to Fix Common Vulnerabilities

Feb 4, 2022

React, Security, Vulnerabilities

OSS License Compliance Expert Heather Meeker on the AGPL

5 Must-Have DevSecOps Tools

Open Source Developer Sabotages npm Libraries 'Colors,' 'Faker'

Jan 11, 2022

npm, open source, sabotage

Dependency Management in Visual Studio: NuGet and Beyond

Does TikTok Live Studio Violate GPL v2?

Dec 22, 2021

GPL, license compliance

Q and A: Heather Meeker on AGPL, Truth Social, OSS License Compliance

Dec 22, 2021

AGPL, Open Source, License Compliance

How to Quickly Find and Remediate Log4J Vulnerabilities (Log4Shell)

Dec 21, 2021

Log4J, security, vulnerability

How to Fix the New Log4J DoS Vulnerability: CVE-2021-45105

FOSSA Partners with OpenChain to Promote Open Source Management

Dec 15, 2021

Open Source, Compliance

Log4J "Log4Shell" Zero-Day Vulnerability: Impact and Fixes

Dec 10, 2021

Introducing FOSSA's New License Scanner

Nov 30, 2021

license scanning, software updates

Managing Dependencies in .NET: .csproj, .packages.config, project.json, and More

Nov 24, 2021

.NET, dependency management

FOSSA Product Updates: Announcing Our New and Improved CLI

DevSecOps 101: Understanding and Implementing DevSecOps Principles

Nov 12, 2021

DevSecOps, Security, Development

Embedded Malware in NPM: Coa, Rc, Ua-parser

Nov 8, 2021

NPM, Security, Malware

Open Source Software Licenses 101: The Eclipse Public License

Nov 2, 2021

eclipse, open-source, licenses

Best Practices for Testing in Go

4 Key Elements of Technical Due Diligence

Oct 14, 2021

technical due diligence, M&A

Q and A: Software Bill of Materials and FOSSA

Anatomy of a Software Supply Chain Attack

Sep 30, 2021

cybersecurity, software security

How to Generate an SBOM with FOSSA

bouk/monkey and the Importance of Knowing Your Dependencies

Sep 15, 2021

Role-Based Access Control (RBAC), Zero Trust, and FOSSA

Sep 9, 2021

cybersecurity, zero trust, access control

3 Best Practices for OSS Management in the Automotive Industry

Aug 30, 2021

open-source, automotive

FOSSA Product Updates: August 2021

Aug 27, 2021

FOSSA Receives Highest Scores Possible in License Risk Management, SBOM Criteria in Forrester Wave

Open Source Software Licenses 101: The LGPL License

Aug 20, 2021

open source licenses, LGPL

Open Source Software Licenses 101: The AGPL License

Aug 13, 2021

open-source, AGPL, licenses

Announcing FOSSA Container Scanning

Aug 3, 2021

container scanning, security

Stockfish vs. ChessBase and What it Means for GPL v3

Jul 28, 2021

GPL, chess, open-source

The Minimum Required Elements of an SBOM

Jul 23, 2021

SBOM, software, compliance

Analyzing the Legal Implications of GitHub Copilot

Jul 14, 2021

GitHub, Legal, Copilot

Container Image Security and Vulnerability Scanning

Jun 25, 2021

Container Security, Vulnerability Scanning

All About CWE-79: Cross-Site Scripting

Jun 22, 2021

XSS, security, web vulnerabilities

Copyleft Licenses and the Venture Capital Connection

Jun 8, 2021

open-source, venture capital

All About Permissive Licenses

Jun 3, 2021

Cybersecurity Executive Order and Software Supply Chain Security

May 26, 2021

cybersecurity, software supply chain, security, executive order

IT Central Station: What Makes for an Effective SCA Solution

May 20, 2021

SCA, Software, Security

All About Copyleft Licenses

May 10, 2021

Application Security for Developers: SCA, DAST, and GitHub Actions

Apr 29, 2021

application security, GitHub Actions

Software Bill Of Materials (SBOM) Formats, Use Cases, and Specifications

How SCA Helps Manage OSS Vulnerabilities

Open Source Software Licenses 101: The ISC License

Apr 12, 2021

Open Source Software Licenses 101: Mozilla Public License 2.0

Apr 6, 2021

Open Source, Software Licensing

Top Build Systems for Monorepos

Mar 30, 2021

build systems, monorepos

Open Source Software Licenses 101: The BSD 3-Clause License

Mar 25, 2021

open-source, software licenses

Software Supply Chain Security for Automotive Organizations

Mar 20, 2021

software security, automotive industry

How OSS Conquered the World: Insight from Veteran Developers

Building an Open Source Program Office (OSPO)

Open Source Software Licenses 101: GPL v3

Mar 3, 2021

Open Source Software Licenses 101: GPL v2

Feb 24, 2021

open-source, GPL, license

How to Choose an Open Source Software License Compliance Tool

Feb 19, 2021

4 Takeaways from the 2021 State of Open Source Vulnerabilities Report

Feb 10, 2021

vulnerabilities, open-source, programming languages

Open Source Licenses 101: Apache License 2.0

Feb 6, 2021

open-source, apache license, software licenses

How to Apply a License to Your Open Source Software Project

Open Source Software Licenses 101: The MIT License

Jan 28, 2021

Takeaways from OpenChain ISO/IEC 5230:2020

Jan 26, 2021

Top Security Takeaways from the 2020 FOSS Contributor Survey

Jan 19, 2021

Open Source, Security

The Future of Software Composition Analysis, Featuring Forrester

Jan 13, 2021

software, open-source

Improving Page Speed Using Google PageSpeed Insights in Rails Apps

Jan 8, 2021

Rails, Google PageSpeed

5 Ways Companies Can Get More Value From Open Source Software

Dec 29, 2020

open-source, software development

SolarWinds, Supply Chain Attacks, and Software Composition Analysis

Dec 23, 2020

supply chain attacks, cybersecurity

How UiPath Reduced Open Source Risk Through Team Collaboration

Dec 22, 2020

open-source, risk management

What is Software Composition Analysis?

Pros and Cons of Using Monorepos

Dec 12, 2020

monorepos, software development

How Zendesk’s Legal Team Scored an Open Source Compliance Victory

Dec 9, 2020

FOSSA Announces SOC 2 Compliance

How to Choose the Right Open Source License

Nov 25, 2020

open-source, licensing

A Look Inside FOSSA’s New Product Design

Nov 21, 2020

design, product update

Q&A: Heather Meeker on Open Source License Notices

Nov 18, 2020

Open Source, License Compliance

Heather Meeker on Open Source License Notices and Automation

Nov 13, 2020

A Journey Through Our New Brand and Website

Oct 27, 2020

branding, website redesign

A Framework for Evaluating Software Composition Analysis Tools

Oct 20, 2020

Software Composition Analysis, Risk Mitigation

FOSSA Raises a $23.2M Series B

Press Release: FOSSA Accelerates Growth, Hits Significant Milestones

Oct 15, 2020

open-source, security management

Introducing Open Source Security Management at Enterprise Scale

Oct 14, 2020

security, open-source

How Open Source License Audits Became a Strategic Key to M&A Success

The Huge Risk that Most IPOs Miss

Sep 15, 2020

IPOs, Risk Management

Now's the Perfect Time to Evolve Legal and Engineering Collaboration

Aug 27, 2020

TikTok, Trump, and the Future of Open Source Surveillance

Aug 26, 2020

surveillance, open-source

FOSSA and Container Scanning

Open Source Management: Fundamentals

Why Source Code Scanning Tools Are Essential for Open Source Compliance

Apr 8, 2020

FOSSA January 2020 Product Release Notes

Feb 14, 2020

FOSSA December 2019 Product Release Notes

Snippet Scanning: Is it Right for Your Team?

Dec 18, 2019

open-source, software composition analysis

FOSSA November 2019 Product Release Notes

Dec 5, 2019

FOSSA Named to CNBC's Upstart 100

Nov 12, 2019

startups, open-source, recognition

FOSSA Acquires Dawn Labs

Oct 3, 2019

Acquisition, Developer Tools

FOSSA September 2019 Product Release Notes

Oct 2, 2019

FOSSA, Product Release, Integrations

FOSSA Raises $8.5M for Enterprise Open Source Management

Sep 16, 2019

Enterprise, Open Source

DevOps and Open Source + CI/CD = Mitigating Risk Without Sacrificing Speed

FOSSA August 2019 Product Release Notes

We’re excited to partner with CircleCI to release our CircleCI orb!

Aug 14, 2019

1 min

CircleCI, Open Source

Product Release, FOSSA, CLI

FOSSA July 2019 Product Release Notes

Aug 1, 2019

1 min

A Partnership Between Legal Teams and Software Engineers is More Important Than Ever

FOSSA Marketing Intern Reflection

Jul 19, 2019

Marketing, Internship

WTFPL to Beerware: Top 6 Out-There Open Source Licenses

Jul 9, 2019

FOSSA June 2019 Product Release Notes

All About Open Source Licenses

Jun 26, 2019

What is a Private Artifact Repository?

Jun 24, 2019

open-source, artifact repository

Still Asking Engineers to Fill Out Open Source Request Forms?

Jun 10, 2019

open-source, software development

We’re Excited to Announce Our CNCF Membership

FOSSA May 2019 Product Release Notes

Jun 4, 2019

product, release notes

A Case For Continuous Compliance

May 16, 2019

Creating a Comprehensive 3rd-Party Package License Policy for OSS

May 14, 2019

OSS, Open Source Compliance

Why Open Source License Compliance Needs to Be CI-Agnostic

Mar 15, 2019

Automating Open Source Reports with FOSSA at Applause

Cost/Benefit Analysis: Manual Audits vs Automated License Compliance

Fast Integration Tests for 3rd Party Services - The Easy Way

Nov 29, 2018

integration tests, third-party services

Reflecting on 1 year of early-stage engineering

Nov 15, 2018

software engineering, startups

Which Open Source License Is Best for Commercialization?

Nov 15, 2018

Discussing Commons Clause on Software Engineering Daily

Nov 5, 2018

open-source, business models

Pathologies of Go Package Management

Oct 24, 2018

Go, package management

FOSSA 0.8.0: Overhauling our onboarding system + other usability improvements

Oct 17, 2018

FOSSA, software updates

300+ New Licenses Supported in FOSSA

JS Foundation chooses FOSSA as the Open Source License Cert. Provider

May 1, 2018

JavaScript, Open Source

Combating Alert Fatigue with a Global Issue Dashboard

Apr 16, 2018

alert fatigue, dashboard

Open sourcing FOSSA’s build analysis in fossa-cli

Mar 15, 2018

open-source, dependency-analysis

Delivering a better on-premises experience

Feb 5, 2018

on-premises, deployment, FOSSA

Legal Concerns for SaaS Companies Going On-Prem

Organization-wide issues & conditional policies

Don’t Over-REACT to the Facebook Patents License

Aug 24, 2017

open-source, Facebook, patents

The Ultimate GPL Survival Guide

Jul 7, 2017

GPL, open-source, compliance

Announcing FOSSA Public Beta & Funding

You can’t get around code scanning if you care about open source licenses

Feb 21, 2017

open-source, code scanning

How SmartThings runs IoT open source compliance across dozens of releases per day

FOSSA partners with npm to deliver open source license compliance

Jul 5, 2016