Software Composition Analysis 5 Must-Have DevSecOps Tools Software composition analysis, static application security testing, and issue tracking software are examples of mission-critical DevSecOps tools.
Open Source in the News Open Source Developer Sabotages npm Libraries ‘Colors,’ ‘Faker’ The developer behind popular npm libraries "Colors" and "Faker" intentionally sabotaged both packages. Here's what to do if your application is impacted.
Open Source License Compliance Q and A: Heather Meeker on AGPL, Truth Social, OSS License Compliance Heather Meeker, one of the world's leading OSS license compliance experts, shares insight on the AGPL and the Truth Social license compliance controversy.
Open Source in the News Does TikTok Live Studio Violate GPL v2? TikTok recently released a limited test of a new live streaming service, TikTok Live Studio, that may be in violation of the GPL v2 open source software license.
Inside FOSSA FOSSA Partners with OpenChain to Promote Open Source Management FOSSA has partnered with OpenChain to help organizations build and maintain successful open source software license compliance programs.
Inside FOSSA FOSSA Product Updates: Announcing Our New and Improved CLI Our upgraded CLI will make FOSSA integrations easier to deploy by reducing the amount of configuration needed by users.
Open Source Vulnerability Management DevSecOps 101: Understanding and Implementing DevSecOps Principles See how DevSecOps principles can make software development more secure, and discover strategies for an effective DevSecOps implementation.
Open Source License Compliance Open Source Software Licenses 101: The Eclipse Public License Get an overview of the Eclipse Public License, including key requirements and how it compares to other weak copyleft open source licenses.
Open Source in the News The Massive Implications of Software Freedom Conservancy vs. Vizio The Software Freedom Conservancy's lawsuit against Vizio for alleged GPL violations could have significant ramifications for OSS license enforcement.
Software Composition Analysis 4 Key Elements of Technical Due Diligence Explore key areas of conducting technical due diligence, including auditing third-party software usage and evaluating protections on intellectual property.
Software Composition Analysis Q and A: Software Bill of Materials and FOSSA Get answers to frequently asked questions about using FOSSA to generate a software bill of materials.
Open Source in the News bouk/monkey and the Importance of Knowing Your Dependencies A recent news item involving the bouk/monkey open source program shows why it's so important for organizations to have visibility into their dependencies.
Inside FOSSA Role-Based Access Control (RBAC), Zero Trust, and FOSSA Get an overview of FOSSA's role-based access control (RBAC), and see how it can help improve your organization's security posture.
Software Composition Analysis 3 Best Practices for OSS Management in the Automotive Industry Experts share tips and strategies to help automotive organizations improve their open source management programs.
Inside FOSSA FOSSA Receives Highest Scores Possible in License Risk Management, SBOM Criteria in Forrester Wave FOSSA was the only vendor to earn the highest possible score in both the SBOM and License Risk Management criteria.
Open Source License Compliance Open Source Software Licenses 101: The LGPL License The LGPL open source software license is a member of the GPL family, but with some significant differences from its stronger copyleft counterparts.
Open Source License Compliance Open Source Software Licenses 101: The AGPL License Get an overview of the AGPL open source software license, including requirements and key provisions.
Open Source in the News Stockfish vs. ChessBase and What it Means for GPL v3 Stockfish vs. ChessBase could test several key provisions of GPL v3. Here's our analysis of the case, with input from OSS compliance expert Heather Meeker.
Software Composition Analysis The Minimum Required Elements of a Software Bill of Materials As part of its new cybersecurity executive order, the U.S. Federal government released the minimum required elements for a software bill of materials.
Open Source License Compliance Analyzing the Legal Implications of GitHub Copilot The release of GitHub Copilot raises questions about potential copyright infringement and license compliance issues.
Open Source License Compliance Containers and Open Source License Compliance The container ecosystem is fueled by open source components, which means container users must be mindful of license compliance obligations.
Open Source Vulnerability Management Container Image Security and Vulnerability Scanning Get an overview of today's container image security landscape, including common attack vectors and the importance of vulnerability scanning.
Open Source Vulnerability Management All About CWE-79: Cross-Site Scripting CWE-79: Cross Site Scripting (XSS) is one of today's most commonly found vulnerabilities. Here's a look at different types of XSS attacks and how to stop them.
Open Source License Compliance Copyleft Licenses and the Venture Capital Connection There's an easy-to-miss OSS compliance clause in the National Venture Capital Association's Stock Purchase Agreement Model Form that has significant ramifications.
Open Source License Compliance All About Permissive Licenses Explore the history, use cases, and provisions of permissive software licenses. Plus, see how they compare to copyleft licenses.
