Dependency Heaven

We’re excited to partner with CircleCI to release our CircleCI orb!

We've partnered with CircleCI to seamlessly integrate open source compliance and vulnerability management into your CI/CD pipeline.

Inside FOSSA

July Product Release Notes

This July we've been focusing on improving our CLI and reports, as well as adding support for Rust.

License

A Partnership Between Legal Teams and Software Engineers is More Important Than Ever

With new legislation and new technologies, a partnership between legal teams and software engineers is more important than ever. Learn more about the responsibilities these two teams share.

Inside FOSSA

Marketing Intern Reflection

Hi! My name is Mahak Bandi and for the past six weeks I've been the Marketing Intern at FOSSA. After completing my freshman year of college at Purdue University, I was fortunate enough

licenses

Top 6 Most Out-There Open Source Licenses

Usually open source components are licensed under common licenses such as the MIT, GPL, or Apache Licenses. However, there are some creative, funny, and ridiculous open source licenses out there as well–here are the top 6!

Inside FOSSA

June Product Release Notes

At FOSSA, we’re kicking off the summer with a new report types, and new integration support, and some major enhancements to our project page.

open source

What Do Open Source Licenses Even Mean?

Open source licenses determine how an open source library is accessed, used, and redistributed. It's important to understand because there are legal responsibilities and pros/cons to each license. There are two main categories of OSS licenses–permissive and copyleft.

open source

3 Things to Watch Out for with a Private Artifact Repository

A private artifact repository is a beneficial resource for collaboration and to keep open source software packages in a centralized location. However, there are three things to look out for to ensure open source license compliance.

Licensing

Still Asking Engineers to Fill Out Open Source Request Forms?

Many companies require a form driven process to use new open source components. Here are some of the pitfalls around manual approval processes and best practices around using open source in your products.

announcement

We’re Excited to Announce Our CNCF Membership

At FOSSA, we believe in supporting the open source community. That's why we are proud members of the CNFC, a major contributor to the open source community.

Inside FOSSA

May Product Release Notes

Check out FOSSA's product release notes for May 2019

License

A Case For Continuous Compliance

Changes in software delivery practices mean it’s time for open source compliance processes to adapt and mirror the software development practices. Learn how to modernize your open source compliance.

License

Creating a Comprehensive Third-Party Package License Policy

Learn best practices for creating a Third Party Package License Policy from industry expert and lawyer Kate Downing.

Licensing

Why Open Source License Compliance Needs to Be CI-Agnostic

Platform-agnostic tools are a key part of modernizing developer workflows. License-compliance tools should work with whatever setup you choose to use today, tomorrow, and the more-distant future.

Customers

Automating Open Source Reports with FOSSA at Applause

Our customer Applause's SVP Rob Mason shares his experience with automating open source reports with Fossa for their customers & partners' software development.

Licensing

Cost/Benefit Analysis: Manual Audits vs Automated License Compliance

As a software company, you need to protect the integrity of your most important asset — your product and code. This article covers the cost benefit analysis of manual audits vs automated license compliance.

Engineering

Fast Integration Tests for 3rd Party Services - The Easy Way

In this article, we will learn how mocha-tape-deck is a practical way applied in most cases for integration testing.

Engineering

Reflecting on 1 year of early-stage engineering

Leo shares his experience as a software developer at Fossa. Previously, he worked at Google as a new grad where he learned organizational structure and best practices of engineering management.

Licensing

Which open source license is best for commercialization?

Choosing an open source license is an important decisions for engineering teams. This articles compares the best open sources licenses for commercialization.

Licensing

Discussing Commons Clause on Software Engineering Daily

Fossa Inc's CEO Kevin discusses Commons Clause with Software Engineering Daily Podcast.

Engineering

Pathologies of Go Package Management

TL;DR: Go package idioms make reproducible builds really easy. (Jump to section) Go package idioms also make dependency analysis really hard. (Jump to section) Go builds have a unique failure mode: they

Inside FOSSA

FOSSA 0.8.0: Overhauling our onboarding system + other usability improvements

In this update, we brought big changes for your teams. We have been working hard to build best open source management tool.

Inside FOSSA

300+ New Licenses Supported in FOSSA

We’d like to announce some major license data quality updates that we’ve introduced this weekend. We added support for over 300 new license to our library.

Customers

JS Foundation chooses FOSSA as its Open Source License Certification Provider

We’re excited to share that the JS Foundation (home of ESLint, jQuery, Lodash, Mocha, Webpack and more), has chosen FOSSA as their Open…

Inside FOSSA

Combating Alert Fatigue with a Global Issue Dashboard

This announcement post from Fossa is about the launch of new dashboard that provides tools for managing issue alerts and component data.

Subscribe to Dependency Heaven