Save time with Streamlined Issue Management

The most time-consuming part of open source management is usually determining what to do flagged components. Legal teams have to go back and forth and back and forth with their dev teams to understand how a component is being used, dev teams have to track down how the flagged open source component is being pulled into their components, devOps has to block builds until issues are resolved. It can be a frustrating mess, making everyone feel a little like this...

Frustrations Open Source Compliance Issues

Which is why, this month we’re happy to announce several additions to our issues management. In addition to enabling manual resolution and dependency enrichment, highlighting the flagged text, the file paths, and dependency tree you can now:

Keep your dependency information up to date.

FOSSA automatically remembers all dependency enrichment to reduce false positives in future scans. Enrich your dependency metadata: add license, contributor, copyright information and more.

FOSSA updating open source dependency information

Consolidate your process by resolving many issues at once.

Explain your resolution one time per issue type or file all open source component updates in the same JIRA ticket with bulk issue editing. To select multiple issues hold the command key and select your issues.

FOSSA Open Source Issue Resolution

Save time resolving issues by sorting by newly flagged components to prioritize your workflow.

You can also filter alphabetically, by time created, or by time updated.

FOSSA open source management workflow

Check it out!


We’ve added a bunch of new languages over the past few months, bolstered support for many others, added clarity to installation steps and documentation, enhanced error messages, and improved all around stability.


New Language Added: Introducing Clojure Support

We’re excited to continue increasing FOSSA’s compatibility with your stack. Over the past 3 months we’ve added 5 new languages to FOSSA CLI! This month, we’re excited to announce our support for Clojure! Unsure why it’s a cool language? Checkout this thread on Hacker News. TLDR? It’s productive, easy to debug, easy to scale, and it’s fun! Some really cool open source projects built in Clojure include Metabase, FiraCode, and Reframe.

To get FOSSA set up on your Clojure project checkout our installation guide. To see a full list of supported environments look here.

New Reporting Features

Automatically Include License Headers in Your Attribution Reports [Enterprise Only]

FOSSA now supports including license headers, including copyright information, in your automatically generated reports. This functionality is currently supported by plain text reports. To get access for your account please contact

FOSSA Open Source License Headers
You must be on an enterprise plan to gain access to advanced reporting

Generate Industry-Standard SPDX Reports

SPDX is an open standard for reporting and communicating software bill of materials information including component information, licensing, and security references. We’re excited to support this standard of communication in open source compliance. For more information on SPDX and its requirements, look here. To get access to SPDX generated reports please contact