All Announcements SBOM Security Licensing Open Source Press

Dependency Heaven

Nov 12, 2025

A Practical Guide to Common Platform Enumeration (CPE)

Learn about Common Platform Enumeration (CPE), including its importance to software transparency and the SBOM ecosystem.

Heather Meeker on AI Coding Assistants and OSS License Compliance

Oct 31, 2025

7 min

Heather Meeker on AI Coding Assistants and OSS License Compliance

Leading IP attorney and OSS license compliance expert Heather Meeker discuss the license compliance implications of using AI coding assistants.

FOSSA Welcomes SBOM Pioneer Allan Friedman as a Senior Advisor

Oct 29, 2025

4 min

FOSSA Welcomes SBOM Pioneer Allan Friedman as a Senior Advisor

Dr. Allan Friedman, a globally recognized leader of the SBOM movement, has officially joined FOSSA as a Senior Advisor.

Latest Articles

Oct 24, 2025

6 min

How Open Source License Scanners Work

Learn about the two primary techniques OSS license scanners use to detect open source licenses.

open source, licenses, compliance

Read Article

The Guide to SBOMs and FedRAMP Compliance

Oct 14, 2025

5 min

The Guide to SBOMs and FedRAMP Compliance

Learn about SBOM (software bill of materials) requirements in the FedRAMP Rev5 and the new FedRAMP 20x.

Announcing fossabot: AI Agent for Strategic Dependency Updates

Announcing fossabot, a new AI Agent for making strategic dependency updates, backed by a comprehensive accuracy, consistency, and correctness framework.

Dependency Heaven

A Practical Guide to Common Platform Enumeration (CPE)

Heather Meeker on AI Coding Assistants and OSS License Compliance

FOSSA Welcomes SBOM Pioneer Allan Friedman as a Senior Advisor

Latest Articles

How Open Source License Scanners Work

The Guide to SBOMs and FedRAMP Compliance

Announcing fossabot: AI Agent for Strategic Dependency Updates

Automating Dependency Updates at FOSSA

FOSSA Acquires EdgeBit: From Scanning to Updating

Shai-Hulud Malware and FOSSA's Impact Assessment Tool

More Articles

Rewriting an NPM Package's Semver Based on Breaking Changes

Manage AI Coding Tool Risks with FOSSA Snippet Scanning

4 Ways to Generate an SBOM

Complying with SEBI SBOM Requirements

Analyzing 5 Major OSS License Compliance Lawsuits

The SBOM Tool Buyer's Guide

Introducing Dynamic SBOM Sharing in FOSSA

Operationalizing Exceptions with Time-Based Ignore Rules

FOSSA Issue Diffs: Understanding Your Evolving Risk Posture

Understanding the PURL Specification (Package URL)

A VP of Engineering’s Perspective on FOSSA’s AI Journey

When Builds Bite Back: The Surprising Pitfalls of Maven Environments and Reproducibility

Revisiting FOSSA Hack Week and Its Customer Impact

May 2025 FOSSA Product Updates

Annotate Dependencies with Context: Introducing Package Labels in FOSSA

Slopsquatting: AI Hallucinations and the New Software Supply Chain Risk

Introducing FOSSA Binary Composition Analysis (BCA)

SBOMs in India: Analyzing CERT-In Guidelines

The Role of SBOMs in Managing DORA Compliance

Winter 2025 FOSSA Product Updates

License Compliance, SBOM, and Vulnerability Management for Smaller Teams: FOSSA Business Tier

New Relic and FOSSA Upgrade Supply Chain Security with Connected Build-Time and Run-Time Vulnerability Management

Introducing SBOM Policies in FOSSA

Understanding CVSS: The Common Vulnerability Scoring System

Fall 2024 Software Licensing Roundup

A Proposal for the Future of SBOM Minimum Elements

Snippet Scanning, Explained

CUPS Vulnerabilities: Impact and Fixes

U.S. Army Announces New SBOM Requirements

SBOM Requirements in the EU’s CRA (Cyber Resilience Act)

4 Considerations for Effective SBOM Sharing

Actioning the Stakeholder-Specific Vulnerability Categorization (SSVC) Model

Automate Regulatory Compliance With FOSSA's New SBOM Management Add-On

FOSSA Acquires StackShare to Enhance Developer Tools Management and Security

Understanding SBOM Requirements in PCI DSS

Secure Open Source for All: FOSSA's Free Plan Just Got Better

Polyfill Supply Chain Attack: Details and Fixes

Using the CISA Kev Catalog

Defining SBOM Requirements for Software Suppliers

FOSSA Joins Forces with New Relic in the Secure Developer Alliance

How Sentry Manages Software License Compliance

SPDX 3.0 Is Released

What’s New in CycloneDX 1.6?

CVE-2024-3094: New Vulnerability Impacts XZ Utils

FOSSA Product Updates: Spring 2024

SBOM Formats Explained and Compared

Enhancing Risk Observability with FOSSA's Issue Overview Dashboard

Beyond Vulnerabilities: Understanding Package Health with FOSSA Quality

Complying with the FDA’s SBOM Requirements

Enable Global Visibility and Swift Remediation with Package Index

4 Takeaways from the ESF's OSS and SBOM Management Recommendations

Reduce Alert Fatigue with FOSSA’s Auto-Ignore Rules

Terrapin (CVE-2023-48795): New Attack Impacts the SSH Protocol

SCA vs. SAST: Comparing Security Tools

Dual-Licensing Models Explained, Featuring Heather Meeker

A Comprehensive Guide to Source-Available Software Licenses, Featuring Heather Meeker

Understanding and Using the EPSS Scoring System

Best Practices for Generating High-Quality SBOMs

Curl Vulnerabilities: Impact and Fixes (Curl 8.4.0)

5 Ways to Reduce GitHub Copilot Security and Legal Risks

SBOM Examples, Explained

Understanding and Using SPDX License Identifiers and License Expressions

Business Source License (BSL 1.1): Requirements, Provisions, and History

5 Ways an SBOM Can Strengthen Security

FOSSA Product Updates: August 2023

Direct Dependencies vs. Transitive Dependencies

Vulnerability Remediation Tactics

What’s New in CycloneDX 1.5?