• License Compliance
  • Vulnerability Management
  • About FOSSA
  • Contact Us
  • License Compliance
  • Vulnerability Management
  • About FOSSA
  • Contact Us
  • Request Demo
    Request Demo

Dependency Heaven

Open source, dependencies, and licensing by the people at FOSSA.

  • Vulnerability Management
  • License Compliance
  • Open Source in the News
  • Software Composition Analysis
  • Developers

Featured Articles

Open Source License Compliance

Heather Meeker on Open Source License Compliance Tools

Leading OSS licensing expert Heather Meeker shares guidance to help organizations evaluate new compliance tools and get more value from existing ones.

  • Heather Meeker
    Heather Meeker
9 min read
Open Source License Compliance

Customer Q&A: Collibra's Journey to Scaling OSS License Compliance

Amanda Weare, Collibra’s VP and Deputy General Counsel, discusses her experience managing Collibra's open source license compliance program.

  • FOSSA Editorial Team
    FOSSA Editorial Team
6 min read
Software Composition Analysis

Understanding and Using SPDX License Identifiers and License Expressions

Learn about SPDX License Identifiers and License Expressions, and see how you can use them to communicate licensing information in an SBOM.

  • Cortez Frazier Jr.
    Cortez Frazier Jr.
5 min read
Open Source License Compliance

Business Source License (BSL 1.1): Requirements, Provisions, and History

See key requirements and provisions in the Business Source License (BSL), a middle ground of sorts between open source and end-user licenses.

  • Manuel Harnisch
    Manuel  Harnisch
5 min read
Open Source Vulnerability Management

5 Ways SBOMs Can Strengthen Security

See five ways SBOMs can improve security, including enhanced visibility into vulnerabilities and support for remediation.

  • Cortez Frazier Jr.
    Cortez Frazier Jr.
5 min read
Inside FOSSA

FOSSA Product Updates: August 2023

Get an overview of additions and improvements to the FOSSA platform, including Jira enhancements and auto-ignore rules.

  • FOSSA Editorial Team
    FOSSA Editorial Team
3 min read
Developer Perspectives

Direct Dependencies vs. Transitive Dependencies

See the difference between direct dependencies and transitive dependencies, including example dependency graphs.

  • Sara Beaudet
3 min read
Software Composition Analysis

An Early Look at SPDX 3.0

See what to expect with the upcoming release of SPDX v3.0, such as the introduction of use case-specific profiles and increased flexibility.

  • FOSSA Editorial Team
    FOSSA Editorial Team
6 min read

Thank you for submitting details. Your email address is added to our subscription list.

Open Source Vulnerability Management

Vulnerability Remediation Tactics

Explore strategies for remediating vulnerabilities in third-party software components, including pros and cons for each.

  • Leo Zhang
    Leo Zhang
8 min read
Software Composition Analysis

What’s New in CycloneDX 1.5?

A new version of the CycloneDX bill of materials specification has been released. See what's new in CycloneDX v1.5.

  • Tom Alrich
    Tom Alrich
7 min read
Open Source Vulnerability Management

VEX (Vulnerability Exploitability eXchange): Purpose and Use Cases

Learn about VEX (Vulnerability Exploitability eXchange), which is used to communicate whether vulnerabilities impacting software products are actually exploitable.

  • Tom Alrich
    Tom Alrich
10 min read
Inside FOSSA

The FOSSA Podcast: Product Management from Startup to Enterprise

The FOSSA Podcast covers engineering-product team collaboration (and friction), product management tools, when to hire your first PM, and more.

  • FOSSA Editorial Team
    FOSSA Editorial Team
9 min read
Open Source in the News

Generative AI and Software Development: Copyright Law and License Compliance

See important copyright law and open source license compliance considerations when using generative AI in software development.

  • FOSSA Editorial Team
    FOSSA Editorial Team
6 min read
Developer Perspectives

The FOSSA Podcast: Managing Engineering Projects

This episode of The FOSSA Podcast discusses managing engineering projects, including scaling teams, measuring success, and delegating work.

  • FOSSA Editorial Team
    FOSSA Editorial Team
5 min read
Open Source License Compliance

Heather Meeker on Open Source License Compliance Policies

Leading open source license compliance expert Heather Meeker provides guidance on creating compliance policies for SaaS, mobile apps, embedded systems, and more.

  • Heather Meeker
    Heather Meeker
8 min read
Inside FOSSA

Picking the Right FOSSA Deployment Model

FOSSA customers can choose from a range of SaaS and on-premises deployment models. See which one is the best fit for your organization.

  • FOSSA Editorial Team
    FOSSA Editorial Team
4 min read
Software Composition Analysis

The FOSSA Podcast: SCA Purchasing and Implementation Trends

Episode 4 of The FOSSA Podcast discusses how organizations are evaluating SCA tools along with important factors in a successful implementation.

  • FOSSA Editorial Team
    FOSSA Editorial Team
5 min read
Software Composition Analysis

A Framework for Evaluating SBOM Tools

Customizability, ease of use, and support for CycloneDX and SPDX are among the most important features of a best-in-class SBOM tool.

  • FOSSA Editorial Team
    FOSSA Editorial Team
7 min read
Inside FOSSA

The FOSSA Podcast: Structuring and Growing a Customer Success Team

This episode of The FOSSA Podcast offers guidance on structuring customer success teams and building a company-wide customer-success mindset.

  • FOSSA Editorial Team
    FOSSA Editorial Team
5 min read
Open Source License Compliance

Containers and Open Source License Compliance

There are many open source components in the container ecosystem, which means container users must be mindful of license compliance obligations.

  • FOSSA Editorial Team
    FOSSA Editorial Team
9 min read
Inside FOSSA

The FOSSA Podcast: Early-Stage Technology Decisions and Regrets

The second episode of The FOSSA Podcast covers early-stage start-up technology choices, including picking programming languages and databases.

  • FOSSA Editorial Team
    FOSSA Editorial Team
7 min read
Open Source in the News

2023 Open Source Management Trends, Predictions, and Observations

In 2023, we expect organizations to prioritize using SBOM data, automating open source license compliance, and maintaining visibility into software composition.

  • FOSSA Editorial Team
    FOSSA Editorial Team
5 min read

The FOSSA Podcast: Adopting Haskell into an Existing Codebase

Episode One of the FOSSA Podcast covers our team adopted Haskell, characteristics of the language, and pros and cons for teams considering it.

  • FOSSA Editorial Team
    FOSSA Editorial Team
9 min read
Open Source Vulnerability Management

How to Operationalize SBOMs Throughout the SDLC

Explore best practices for getting value from software bill of materials (SBOM) data throughout the software development lifecycle.

  • Kenaz Kwa
    Kenaz Kwa
4 min read
Inside FOSSA

Announcing Support for CycloneDX and SBOM Import

FOSSA is excited to announce new support for importing SBOMs along with the CycloneDX SBOM standard.

  • Gauthami Polasani
    Gauthami Polasani
2 min read
Inside FOSSA

How to Use 1Password to Authenticate the FOSSA CLI

1Password has released a shell plugin that will enable FOSSA users to authenticate with a simple fingerprint scan. Here's how to use it.

  • FOSSA Editorial Team
    FOSSA Editorial Team
4 min read
Software Composition Analysis

How Applause Makes Open Source Management Work for Developers

See how Applause has built developer-friendly open source license compliance and security programs with a significant assist from FOSSA.

  • FOSSA Editorial Team
    FOSSA Editorial Team
5 min read
  • For the Love of Open Source © 2023 FOSSA, Inc.
  • Privacy Policy
  • Terms & Conditions