FOSSA Logo
AllAnnouncementsSecurityLicensingOSS NewsSCADevelopersPress

Dependency Heaven

Introducing FOSSA Binary Composition Analysis (BCA)
7 min

Introducing FOSSA Binary Composition Analysis (BCA)

FOSSA's new Binary Composition Analysis (BCA) product enables organizations to mange security, license compliance, and SBOMs for binary files.

SBOMs in India: Analyzing CERT-In Guidelines
8 min

SBOMs in India: Analyzing CERT-In Guidelines

An analysis of the CERT-In guidelines for building and managing an SBOM program, recommended data fields, automation support, and best practices.

The Role of SBOMs in Managing DORA Compliance
7 min

The Role of SBOMs in Managing DORA Compliance

An exploration of the importance of SBOMs in complying with the EU's Digital Operational Resilience Act (DORA), focusing on software tracking and monitoring requirements for financial entities.

Latest Articles

Winter 2025 FOSSA Product Updates
4 min

Winter 2025 FOSSA Product Updates

Explore the new functionalities of FOSSA for managing SBOMs, vulnerabilities, and open source license compliance, including automated NOTICE file recreation and FDA compliance support.

FOSSA
Read Article
License Compliance, SBOM, and Vulnerability Management for Smaller Teams: FOSSA Business Tier
4 min

License Compliance, SBOM, and Vulnerability Management for Smaller Teams: FOSSA Business Tier

FOSSA introduces a new business tier tailored for smaller teams, offering flexible pricing and comprehensive features for SBOM, vulnerability management, and license compliance.

SBOM
Read Article
New Relic and FOSSA Upgrade Supply Chain Security with Connected Build-Time and Run-Time Vulnerability Management
4 min

New Relic and FOSSA Upgrade Supply Chain Security with Connected Build-Time and Run-Time Vulnerability Management

New integration between FOSSA and New Relic provides end-to-end visibility and actionable insights for developers to manage software supply chain security efficiently.

Security
Read Article
Introducing SBOM Policies in FOSSA
5 min

Introducing SBOM Policies in FOSSA

Learn about FOSSA's new SBOM policy feature that helps enforce SBOM standards for compliance and security.

SBOM
Read Article
Understanding CVSS: The Common Vulnerability Scoring System
9 min

Understanding CVSS: The Common Vulnerability Scoring System

An in-depth look at the Common Vulnerability Scoring System (CVSS), its evolution, scoring methods, and its importance in prioritizing vulnerabilities.

CVSS
Read Article
Fall 2024 Software Licensing Roundup
8 min

Fall 2024 Software Licensing Roundup

Explore the significant licensing stories of fall 2024, including Elastics return to open source, the new fair source licensing model, and the PearAI controversy.

elastic
Read Article

More Articles

A Proposal for the Future of SBOM Minimum Elements

11 min
SBOM
Read Article

Snippet Scanning, Explained

8 min
open source
Read Article

CUPS Vulnerabilities: Impact and Fixes

7 min
CUPS
Read Article

U.S. Army Announces New SBOM Requirements

5 min
SBOM
Read Article

SBOM Requirements in the EU’s CRA (Cyber Resilience Act)

20 min
SBOM
Read Article

4 Considerations for Effective SBOM Sharing

6 min
SBOM
Read Article

Actioning the Stakeholder-Specific Vulnerability Categorization (SSVC) Model

23 min
vulnerability
Read Article

Automate Regulatory Compliance With FOSSA's New SBOM Management Add-On

14 min
compliance
Read Article

FOSSA Acquires StackShare to Enhance Developer Tools Management and Security

4 min
Company News
Read Article

Understanding SBOM Requirements in PCI DSS

10 min
SBOM
Read Article

Secure Open Source for All: FOSSA's Free Plan Just Got Better

7 min
open-source
Read Article

Polyfill Supply Chain Attack: Details and Fixes

6 min
supply chain attack
Read Article

Using the CISA Kev Catalog

9 min
vulnerability
Read Article

Defining SBOM Requirements for Software Suppliers

11 min
SBOM
Read Article

FOSSA Joins Forces with New Relic in the Secure Developer Alliance

3 min
vulnerability management
Read Article

How Sentry Manages Software License Compliance

5 min
software licensing
Read Article

SPDX 3.0 Is Released

8 min
SPDX
Read Article

What’s New in CycloneDX 1.6?

5 min
CycloneDX
Read Article

CVE-2024-3094: New Vulnerability Impacts XZ Utils

6 min
security
Read Article

FOSSA Product Updates: Spring 2024

4 min
FOSSA
Read Article

SBOM Formats Explained and Compared

14 min
SBOM
Read Article

Enhancing Risk Observability with FOSSA's Issue Overview Dashboard

4 min
risk management
Read Article

Beyond Vulnerabilities: Understanding Package Health with FOSSA Quality

4 min
FOSSA
Read Article

Complying with the FDA’s SBOM Requirements

8 min
FDA
Read Article

Enable Global Visibility and Swift Remediation with Package Index

4 min
Package Index
Read Article

4 Takeaways from the ESF's OSS and SBOM Management Recommendations

7 min
ESF
Read Article

Reduce Alert Fatigue with FOSSA’s Auto-Ignore Rules

4 min
FOSSA
Read Article

Terrapin (CVE-2023-48795): New Attack Impacts the SSH Protocol

4 min
Cybersecurity
Read Article

SCA vs. SAST: Comparing Security Tools

7 min
security
Read Article

Dual-Licensing Models Explained, Featuring Heather Meeker

6 min
licensing
Read Article

A Comprehensive Guide to Source-Available Software Licenses, Featuring Heather Meeker

12 min
software licenses
Read Article

Understanding and Using the EPSS Scoring System

7 min
EPSS
Read Article

Best Practices for Generating High-Quality SBOMs

10 min
software
Read Article

Curl Vulnerabilities: Impact and Fixes (Curl 8.4.0)

4 min
curl
Read Article

5 Ways to Reduce GitHub Copilot Security and Legal Risks

8 min
AI
Read Article

SBOM Examples, Explained

10 min
SBOM
Read Article

Understanding and Using SPDX License Identifiers and License Expressions

7 min
SPDX
Read Article

Business Source License (BSL 1.1): Requirements, Provisions, and History

6 min
BSL
Read Article

5 Ways an SBOM Can Strengthen Security

6 min
SBOM
Read Article

FOSSA Product Updates: August 2023

4 min
FOSSA
Read Article

Direct Dependencies vs. Transitive Dependencies

3 min
dependencies
Read Article

Vulnerability Remediation Tactics

11 min
security
Read Article

What’s New in CycloneDX 1.5?

9 min
CycloneDX
Read Article

VEX (Vulnerability Exploitability eXchange): Purpose and Use Cases

14 min
cybersecurity
Read Article

The FOSSA Podcast: Product Management from Startup to Enterprise

12 min
product management
Read Article

Generative AI and Software Development: Copyright Law and License Compliance

8 min
AI
Read Article

The FOSSA Podcast: Managing Engineering Projects

7 min
engineering
Read Article

Heather Meeker on Open Source License Compliance Policies

11 min
Open Source
Read Article

Picking the Right FOSSA Deployment Model

5 min
deployment
Read Article

The FOSSA Podcast: SCA Purchasing and Implementation Trends

4 min
open source
Read Article

A Framework for Evaluating SBOM Tools

11 min
SBOM
Read Article

The FOSSA Podcast: Structuring and Growing a Customer Success Team

8 min
customer success
Read Article

Containers and Open Source License Compliance

12 min
open source
Read Article

The FOSSA Podcast: Early-Stage Technology Decisions and Regrets

10 min
technology decisions
Read Article

2023 Open Source Management Trends, Predictions, and Observations

7 min
open source
Read Article

The FOSSA Podcast: Adopting Haskell into an Existing Codebase

12 min
Haskell
Read Article

How to Operationalize SBOMs Throughout the SDLC

6 min
SBOM
Read Article

Announcing Support for CycloneDX and SBOM Import

3 min
SBOM
Read Article

How to Use 1Password to Authenticate the FOSSA CLI

4 min
FOSSA
Read Article

How Applause Makes Open Source Management Work for Developers

8 min
open source
Read Article

Complying with GPL v3’s User Product Clause

8 min
GPL v3
Read Article

Managing OSS License Compliance Risks in Commercial Software Licensing Agreements, Featuring Jim Markwith

9 min
OSS
Read Article

Announcing the GA of C and C++ Security and License Scanning

3 min
C++
Read Article

November 2022 FOSSA Product Updates

3 min
software updates
Read Article

OpenSSL Vulnerability 2022: Details and Fixes

4 min
OpenSSL
Read Article

CVE-2022-42889 Text4Shell Vulnerability: Impact and Fixes

4 min
vulnerability
Read Article

Open Source Licenses 101: Microsoft Public License (Ms-PL)

5 min
open-source
Read Article

Analyzing the Securing Open Source Software Act

6 min
open source
Read Article

U.S. Government Memo Requires Self-Attestation to Secure Development Practices

7 min
software security
Read Article

Heather Meeker on Open Source License Compliance Tools

12 min
open source
Read Article

Q and A: Heather Meeker on Hot Topics in OSS License Compliance

13 min
OSS
Read Article

FOSSA Earns Great Place To Work Certification

3 min
Workplace Culture
Read Article

Customer Q&A: Collibra's Journey to Scaling OSS License Compliance

8 min
license compliance
Read Article

A Practical Guide to the SLSA Framework

9 min
SLSA
Read Article

How to Implement the CSRB’s Log4j Security Recommendations

10 min
security
Read Article

Rust: How to Transform a Byte Stream for Fun and Profit

5 min
Rust
Read Article

Why Open Source is ESG

6 min
ESG
Read Article

Announcing the Private Beta of FOSSA Risk Intelligence

3 min
open source
Read Article

Open Source Licenses 101: SIL Open Font License (OFL)

6 min
Open Source
Read Article

How to Build an Open Source License Compliance Program, Featuring Jim Markwith

7 min
open source
Read Article

Understanding and Preventing Dependency Confusion Attacks

5 min
cybersecurity
Read Article

Highlights from NIST SP 800-161r1: Cybersecurity Supply Chain Risk Management

9 min
cybersecurity
Read Article

The Massive Implications of Software Freedom Conservancy vs. Vizio

9 min
open source
Read Article

Open Source Licenses 101: Boost Software License

7 min
open source
Read Article

Open Source Licenses 101: The CDDL (Common Development and Distribution License)

7 min
open source
Read Article

Best Practices for Implementing Software Composition Analysis, Featuring Rancher Labs

7 min
software
Read Article

4 Reasons Rancher Labs Chose FOSSA

7 min
Rancher
Read Article

An Overview of Spring RCE Vulnerabilities

4 min
Spring
Read Article

Building a Sustainable Software Supply Chain

9 min
software
Read Article

Announcing New Support for C/C++ Scanning, SBOMs

3 min
FOSSA
Read Article

How FOSSA Addresses Challenges Scanning C/C++ Code

7 min
C/C++
Read Article

The Three Pillars of Reproducible Builds

9 min
software
Read Article

Overriding Dependency Versions and Using Version Ranges in Maven

2 min
Java
Read Article

5 Highlights from the U.S. Senate’s Log4J Vulnerability Hearing

9 min
software security
Read Article

6 Takeaways from the Linux Foundation's SBOM Report

6 min
SBOM
Read Article

React Security: How to Fix Common Vulnerabilities

6 min
React
Read Article

OSS License Compliance Expert Heather Meeker on the AGPL

8 min
Open Source
Read Article

5 Must-Have DevSecOps Tools

6 min
DevSecOps
Read Article

Open Source Developer Sabotages npm Libraries 'Colors,' 'Faker'

4 min
npm
Read Article

Dependency Management in Visual Studio: NuGet and Beyond

15 min
Visual Studio
Read Article

Does TikTok Live Studio Violate GPL v2?

5 min
GPL
Read Article

Q and A: Heather Meeker on AGPL, Truth Social, OSS License Compliance

6 min
AGPL
Read Article

How to Quickly Find and Remediate Log4J Vulnerabilities (Log4Shell)

3 min
Log4J
Read Article

How to Fix the New Log4J DoS Vulnerability: CVE-2021-45105

3 min
Log4J
Read Article

FOSSA Partners with OpenChain to Promote Open Source Management

3 min
Open Source
Read Article

Log4J "Log4Shell" Zero-Day Vulnerability: Impact and Fixes

4 min
vulnerability
Read Article

Introducing FOSSA's New License Scanner

5 min
license scanning
Read Article

Managing Dependencies in .NET: .csproj, .packages.config, project.json, and More

3 min
.NET
Read Article

FOSSA Product Updates: Announcing Our New and Improved CLI

3 min
CLI
Read Article

DevSecOps 101: Understanding and Implementing DevSecOps Principles

7 min
DevSecOps
Read Article

Embedded Malware in NPM: Coa, Rc, Ua-parser

5 min
NPM
Read Article

Open Source Software Licenses 101: The Eclipse Public License

8 min
eclipse
Read Article

Best Practices for Testing in Go

12 min
Go
Read Article

4 Key Elements of Technical Due Diligence

7 min
technical due diligence
Read Article

Q and A: Software Bill of Materials and FOSSA

8 min
Software
Read Article

Anatomy of a Software Supply Chain Attack

8 min
cybersecurity
Read Article

How to Generate an SBOM with FOSSA

6 min
SBOM
Read Article

bouk/monkey and the Importance of Knowing Your Dependencies

6 min
open source
Read Article

Role-Based Access Control (RBAC), Zero Trust, and FOSSA

4 min
cybersecurity
Read Article

3 Best Practices for OSS Management in the Automotive Industry

7 min
open source
Read Article

FOSSA Product Updates: August 2021

3 min
FOSSA
Read Article

FOSSA Receives Highest Scores Possible in License Risk Management, SBOM Criteria in Forrester Wave

3 min
SCA
Read Article

Open Source Software Licenses 101: The LGPL License

7 min
open source licenses
Read Article

Open Source Software Licenses 101: The AGPL License

6 min
open source
Read Article

Announcing FOSSA Container Scanning

2 min
container scanning
Read Article

Stockfish vs. ChessBase and What it Means for GPL v3

6 min
GPL
Read Article

The Minimum Required Elements of an SBOM

7 min
SBOM
Read Article

Analyzing the Legal Implications of GitHub Copilot

7 min
GitHub
Read Article

Container Image Security and Vulnerability Scanning

9 min
Container Security
Read Article

All About CWE-79: Cross-Site Scripting

8 min
XSS
Read Article

Copyleft Licenses and the Venture Capital Connection

8 min
open source
Read Article

All About Permissive Licenses

8 min
open source
Read Article

Cybersecurity Executive Order and Software Supply Chain Security

8 min
cybersecurity
Read Article

IT Central Station: What Makes for an Effective SCA Solution

4 min
SCA
Read Article

All About Copyleft Licenses

8 min
open source
Read Article

Application Security for Developers: SCA, DAST, and GitHub Actions

9 min
application security
Read Article

Software Bill Of Materials (SBOM) Formats, Use Cases, and Specifications

10 min
SBOM
Read Article

How SCA Helps Manage OSS Vulnerabilities

5 min
OSS
Read Article

Open Source Software Licenses 101: The ISC License

5 min
open source
Read Article

Open Source Software Licenses 101: Mozilla Public License 2.0

8 min
Open Source
Read Article

Top Build Systems for Monorepos

7 min
build systems
Read Article

Open Source Software Licenses 101: The BSD 3-Clause License

8 min
open source
Read Article

Software Supply Chain Security for Automotive Organizations

7 min
software security
Read Article

How OSS Conquered the World: Insight from Veteran Developers

3 min
open source
Read Article

Building an Open Source Program Office (OSPO)

6 min
OSPO
Read Article

Open Source Software Licenses 101: GPL v3

7 min
open-source
Read Article

Open Source Software Licenses 101: GPL v2

7 min
open source
Read Article

How to Choose an Open Source Software License Compliance Tool

5 min
open source
Read Article

4 Takeaways from the 2021 State of Open Source Vulnerabilities Report

3 min
vulnerabilities
Read Article

Open Source Licenses 101: Apache License 2.0

7 min
open source
Read Article

How to Apply a License to Your Open Source Software Project

16 min
open source
Read Article

Open Source Software Licenses 101: The MIT License

6 min
open source
Read Article

Takeaways from OpenChain ISO/IEC 5230:2020

5 min
open source
Read Article

Top Security Takeaways from the 2020 FOSS Contributor Survey

7 min
Open Source
Read Article

The Future of Software Composition Analysis, Featuring Forrester

5 min
software
Read Article

Improving Page Speed Using Google PageSpeed Insights in Rails Apps

7 min
Rails
Read Article

5 Ways Companies Can Get More Value From Open Source Software

9 min
open source
Read Article

SolarWinds, Supply Chain Attacks, and Software Composition Analysis

9 min
supply chain attacks
Read Article

How UiPath Reduced Open Source Risk Through Team Collaboration

7 min
open source
Read Article

What is Software Composition Analysis?

5 min
software
Read Article

Pros and Cons of Using Monorepos

6 min
monorepos
Read Article

How Zendesk’s Legal Team Scored an Open Source Compliance Victory

5 min
open source
Read Article

FOSSA Announces SOC 2 Compliance

3 min
SOC 2
Read Article

How to Choose the Right Open Source License

6 min
open source
Read Article

A Look Inside FOSSA’s New Product Design

4 min
design
Read Article

Q&A: Heather Meeker on Open Source License Notices

9 min
Open Source
Read Article

Heather Meeker on Open Source License Notices and Automation

10 min
open source
Read Article

A Journey Through Our New Brand and Website

12 min
branding
Read Article

A Framework for Evaluating Software Composition Analysis Tools

5 min
Software Composition Analysis
Read Article

FOSSA Raises a $23.2M Series B

3 min
funding
Read Article

Press Release: FOSSA Accelerates Growth, Hits Significant Milestones

4 min
open source
Read Article

Introducing Open Source Security Management at Enterprise Scale

5 min
security
Read Article

How Open Source License Audits Became a Strategic Key to M&A Success

4 min
open source
Read Article

The Huge Risk that Most IPOs Miss

8 min
IPOs
Read Article

Now's the Perfect Time to Evolve Legal and Engineering Collaboration

4 min
open source
Read Article

TikTok, Trump, and the Future of Open Source Surveillance

9 min
surveillance
Read Article

FOSSA and Container Scanning

4 min
container
Read Article

Open Source Management: Fundamentals

15 min
Enterprise
Read Article

Why Source Code Scanning Tools Are Essential for Open Source Compliance

5 min
open-source
Read Article

FOSSA January 2020 Product Release Notes

2 min
FOSSA
Read Article

FOSSA December 2019 Product Release Notes

2 min
FOSSA
Read Article

Snippet Scanning: Is it Right for Your Team?

5 min
open source
Read Article

FOSSA November 2019 Product Release Notes

2 min
Read Article

FOSSA Named to CNBC's Upstart 100

2 min
startups
Read Article

FOSSA Acquires Dawn Labs

2 min
Acquisition
Read Article

FOSSA September 2019 Product Release Notes

2 min
FOSSA
Read Article

FOSSA Raises $8.5M for Enterprise Open Source Management

4 min
Enterprise
Read Article

DevOps and Open Source + CI/CD = Mitigating Risk Without Sacrificing Speed

2 min
DevOps
Read Article

FOSSA August 2019 Product Release Notes

3 min
FOSSA
Read Article

We’re excited to partner with CircleCI to release our CircleCI orb!

1 min
CircleCI
Read Article

FOSSA July 2019 Product Release Notes

1 min
Product Release
Read Article

A Partnership Between Legal Teams and Software Engineers is More Important Than Ever

1 min
legal
Read Article

FOSSA Marketing Intern Reflection

3 min
Marketing
Read Article

WTFPL to Beerware: Top 6 Out-There Open Source Licenses

3 min
open source
Read Article

FOSSA June 2019 Product Release Notes

2 min
FOSSA
Read Article

All About Open Source Licenses

6 min
open source
Read Article

What is a Private Artifact Repository?

3 min
open source
Read Article

Still Asking Engineers to Fill Out Open Source Request Forms?

7 min
open source
Read Article

We’re Excited to Announce Our CNCF Membership

1 min
open source
Read Article

FOSSA May 2019 Product Release Notes

3 min
product
Read Article

A Case For Continuous Compliance

5 min
open-source
Read Article

Creating a Comprehensive 3rd-Party Package License Policy for OSS

9 min
OSS
Read Article

Why Open Source License Compliance Needs to Be CI-Agnostic

5 min
open source
Read Article

Automating Open Source Reports with FOSSA at Applause

3 min
open source
Read Article

Cost/Benefit Analysis: Manual Audits vs Automated License Compliance

5 min
compliance
Read Article

Fast Integration Tests for 3rd Party Services - The Easy Way

5 min
integration tests
Read Article

Reflecting on 1 year of early-stage engineering

3 min
software engineering
Read Article

Which Open Source License Is Best for Commercialization?

4 min
open source
Read Article

Discussing Commons Clause on Software Engineering Daily

2 min
open source
Read Article

Pathologies of Go Package Management

10 min
Go
Read Article

FOSSA 0.8.0: Overhauling our onboarding system + other usability improvements

4 min
FOSSA
Read Article

300+ New Licenses Supported in FOSSA

3 min
FOSSA
Read Article

JS Foundation chooses FOSSA as the Open Source License Cert. Provider

5 min
JavaScript
Read Article

Combating Alert Fatigue with a Global Issue Dashboard

5 min
alert fatigue
Read Article

Open sourcing FOSSA’s build analysis in fossa-cli

3 min
open-source
Read Article

Delivering a better on-premises experience

4 min
on-premises
Read Article

Legal Concerns for SaaS Companies Going On-Prem

5 min
SaaS
Read Article

Organization-wide issues & conditional policies

5 min
compliance
Read Article

Don’t Over-REACT to the Facebook Patents License

7 min
open source
Read Article

The Ultimate GPL Survival Guide

6 min
GPL
Read Article

Announcing FOSSA Public Beta & Funding

7 min
FOSSA
Read Article

You can’t get around code scanning if you care about open source licenses

6 min
open source
Read Article

How SmartThings runs IoT open source compliance across dozens of releases per day

5 min
IoT
Read Article

FOSSA partners with npm to deliver open source license compliance

4 min
open source
Read Article