Dependency Heaven

Cost/Benefit Analysis: Manual Audits vs Automated License Compliance

As a software company, you need to protect the integrity of your most important asset — your product and code. Understanding and complying…

Engineering

Fast Integration Tests for 3rd Party Services - The Easy Way

Every good codebase has automated tests. They allow developers to have confidence in the features and fixes they make. Integration tests help validate the correctness of software between boundaries, one of which includes

Reflecting on 1 year of early-stage engineering

My computer science degree didn’t teach me that much about software engineering.I remember coming fresh out of college with no clue what a Senior Software Engineer did. There was a vague

Licensing

Which open source license is best for commercialization?

Choosing an open source license is one of the most important decisions you can make for a new project. Most developers default to popular permissive licenses like MIT, BSD or Apache. These are

Licensing

Discussing Commons Clause on Software Engineering Daily

Open source software powers everything we do on the Internet. Google runs on Linux servers. Content sites are served by WordPress. Our data is queued in Kafka clusters and stored in MongoDB instances.

Engineering

Pathologies of Go Package Management

TL;DR: Go package idioms make reproducible builds really easy. (Jump to section) Go package idioms also make dependency analysis really hard. (Jump to section) Go builds have a unique failure mode: they

Inside FOSSA

FOSSA 0.8.0: Overhauling our onboarding system + other usability improvements

It's been a while since our last update, but FOSSA's been hard at work building the best open source management tool for your team. This large update is the culmination of various improvements

Inside FOSSA

300+ New Licenses Supported in FOSSA

Happy Memorial Day! We’d like to announce some major license data quality updates that we’ve introduced this weekend.

Customers

JS Foundation chooses FOSSA as its Open Source License Certification Provider

We’re excited to share that the JS Foundation (home of ESLint, jQuery, Lodash, Mocha, Webpack and more), has chosen FOSSA as their Open…

Inside FOSSA

Combating Alert Fatigue with a Global Issue Dashboard

Every modern enterprise shares a common story with open source: alert fatigue.

Inside FOSSA

Open sourcing FOSSA’s build analysis in fossa-cli

Today, FOSSA is open sourcing our dependency analysis infrastructure on GitHub. Now, everyone can participate and have access to the best…

Inside FOSSA

Delivering a better on-premises experience

Building products for on-premises deployments comes with a set of fairly unique challenges. Most of these center around the onboarding and support process.Unlike cloud deployments, our engineering team often doesn’t have

Licensing

Legal Concerns for SaaS Companies Going On-Prem

This post is contributed by David Fligor.As a modern SaaS company, you held the line against on-prem. The advantages of having your customers use the cloud have included keeping all of them

Inside FOSSA

Organization-wide issues & conditional policies

In September, we introduced Component Search to give organization decision makers a bird’s eye view of compliance across all of their projects. Since then, we’ve been doubling down on building organization-level

Licensing

Don’t Over-REACT to the Facebook Patents License

This post was written by Heather Meeker and originally posted on the FOSSA Medium Publication in August of 2017.Recently, Apache re-classified code under Facebook’s “BSD+ Patents” license to “Category X,” effectively

The Ultimate GPL Survival Guide

If you work in consumer electronics, drones, IoT, or automotive devices based on generic Linux or Android codebases, chances are you have…

Inside FOSSA

Announcing FOSSA Public Beta & Funding

Today, I’m pleased to announce the launch of FOSSA (v0.4.0) — our public beta release to help you track your open source libraries and…

Licensing

You can’t get around code scanning if you care about open source licenses

Today, every developer uses open source software (OSS) in their apps. If you’re developing modern software, you should probably be using a…

Customers

How SmartThings runs IoT open source compliance across dozens of releases per day

Featuring: Dean Hemstreet, Vice President Q/A & Release Engineering. SmartThings, Inc.SmartThings Inc. is a technology company building an open platform for smart homes and the consumer Internet of Things. SmartThings makes

Inside FOSSA

FOSSA partners with npm to deliver open source license compliance

Read npm’s companion announcement here.Introducing FOSSA’s npm Enterprise add-onToday we’re introducing the FOSSA Licenses add-on, a plugin for npm Enterprise (npmE) that adds automated open source license compliance to

Subscribe to Dependency Heaven