Dependency Heaven

Still Asking Engineers to Fill Out Open Source Request Forms?

Many companies require a form driven process to use new open source components. Here are some of the pitfalls around manual approval processes and best practices around using open source in your products.

announcement

We’re Excited to Announce Our CNCF Membership

At FOSSA, we believe in supporting the open source community. That's why we are proud members of the CNFC, a major contributor to the open source community.

Release Notes

May Product Release Notes

Check out FOSSA's product release notes for May 2019

License

A Case For Continuous Compliance

Changes in software delivery practices mean it’s time for open source compliance processes to adapt and mirror the software development practices. Learn how to modernize your open source compliance.

License

Creating a Comprehensive Third-Party Package License Policy

Learn best practices for creating a Third Party Package License Policy from industry expert and lawyer Kate Downing.

Licensing

Why Open Source License Compliance Needs to Be CI-Agnostic

Platform-agnostic tools are a key part of modernizing developer workflows. License-compliance tools should work with whatever setup you choose to use today, tomorrow, and the more-distant future.

Customers

Automating Open Source Reports with FOSSA at Applause

Our customer Applause's SVP Rob Mason shares his experience with automating open source reports with Fossa for their customers & partners' software development.

Licensing

Cost/Benefit Analysis: Manual Audits vs Automated License Compliance

As a software company, you need to protect the integrity of your most important asset — your product and code. This article covers the cost benefit analysis of manual audits vs automated license compliance.

Engineering

Fast Integration Tests for 3rd Party Services - The Easy Way

In this article, we will learn how mocha-tape-deck is a practical way applied in most cases for integration testing.

Engineering

Reflecting on 1 year of early-stage engineering

Leo shares his experience as a software developer at Fossa. Previously, he worked at Google as a new grad where he learned organizational structure and best practices of engineering management.

Licensing

Which open source license is best for commercialization?

Choosing an open source license is an important decisions for engineering teams. This articles compares the best open sources licenses for commercialization.

Licensing

Discussing Commons Clause on Software Engineering Daily

Fossa Inc's CEO Kevin discusses Commons Clause with Software Engineering Daily Podcast.

Engineering

Pathologies of Go Package Management

TL;DR: Go package idioms make reproducible builds really easy. (Jump to section) Go package idioms also make dependency analysis really hard. (Jump to section) Go builds have a unique failure mode: they

Inside FOSSA

FOSSA 0.8.0: Overhauling our onboarding system + other usability improvements

In this update, we brought big changes for your teams. We have been working hard to build best open source management tool.

Inside FOSSA

300+ New Licenses Supported in FOSSA

We’d like to announce some major license data quality updates that we’ve introduced this weekend. We added support for over 300 new license to our library.

Customers

JS Foundation chooses FOSSA as its Open Source License Certification Provider

We’re excited to share that the JS Foundation (home of ESLint, jQuery, Lodash, Mocha, Webpack and more), has chosen FOSSA as their Open…

Inside FOSSA

Combating Alert Fatigue with a Global Issue Dashboard

This announcement post from Fossa is about the launch of new dashboard that provides tools for managing issue alerts and component data.

Inside FOSSA

Open sourcing FOSSA’s build analysis in fossa-cli

This announcement is about FOSSA's decision to open sourcing their dependency analysis infrastructure on GitHub. Check us out to participate and have access to the tools to get dependency data out of any codebase.

Inside FOSSA

Delivering a better on-premises experience

In this update, we are happy to announce the addition of GitLab Enterprise Support to our existing support for GitHub Enterprise and BitBucket Server.

On-Premises

Legal Concerns for SaaS Companies Going On-Prem

The article explains how as a SaaS company, we held the line against on-prem by creating template for on premises Software License Agreement which includes a "License Grant"and by adding an "On-Prem " option rather than sticking to a hosted services model for Open Source License Compliance.

Inside FOSSA

Organization-wide issues & conditional policies

In September, we introduced Component Search to give organization decision makers a bird’s eye view of compliance across all of their projects. Since then, we’ve been doubling down on building organization-level

Licensing

Don’t Over-REACT to the Facebook Patents License

This post was written by Heather Meeker and originally posted on the FOSSA Medium Publication in August of 2017.Recently, Apache re-classified code under Facebook’s “BSD+ Patents” license to “Category X,” effectively

The Ultimate GPL Survival Guide

If you work in consumer electronics, drones, IoT, or automotive devices based on generic Linux or Android codebases, chances are you have…

Inside FOSSA

Announcing FOSSA Public Beta & Funding

Today, I’m pleased to announce the launch of FOSSA (v0.4.0) — our public beta release to help you track your open source libraries and…

Licensing

You can’t get around code scanning if you care about open source licenses

Today, every developer uses open source software (OSS) in their apps. If you’re developing modern software, you should probably be using a…

Subscribe to Dependency Heaven