Skip to main content
FOSSA Logo
AllAnnouncementsSBOMSecurityLicensingOpen SourcePress

Dependency Heaven

The Guide to SBOMs and FedRAMP Compliance
5 min

The Guide to SBOMs and FedRAMP Compliance

Learn about SBOM (software bill of materials) requirements in the FedRAMP Rev5 and the new FedRAMP 20x.

Announcing fossabot: AI Agent for Strategic Dependency Updates
9 min

Announcing fossabot: AI Agent for Strategic Dependency Updates

Announcing fossabot, a new AI Agent for making strategic dependency updates, backed by a comprehensive accuracy, consistency, and correctness framework.

Automating Dependency Updates at FOSSA
4 min

Automating Dependency Updates at FOSSA

FOSSA's path to automated updates and the importance of new technology to accomplish these challenging engineering tasks.

Latest Articles

FOSSA Acquires EdgeBit: From Scanning to Updating
4 min

FOSSA Acquires EdgeBit: From Scanning to Updating

FOSSA has acquired EdgeBit, which pioneered automated dependency updates using a world-class static analysis engine.

FOSSA
Read Article
Shai-Hulud Malware and FOSSA's Impact Assessment Tool
3 min

Shai-Hulud Malware and FOSSA's Impact Assessment Tool

Learn why the Shai-Hulud malware is a significant threat to the npm ecosystem, and see how FOSSA's Impact Assessment Tool can help mitigate the risk.

malware, npm, security
Read Article
Rewriting an NPM Package's Semver Based on Breaking Changes
4 min

Rewriting an NPM Package's Semver Based on Breaking Changes

Semantic versioning is a core pillar of responsible open source publishing, but what happens when it's incorrectly used?

npm, open source
Read Article
Manage AI Coding Tool Risks with FOSSA Snippet Scanning
6 min

Manage AI Coding Tool Risks with FOSSA Snippet Scanning

FOSSA's new Snippet Scanning product helps organizations manage IP legal risks associated with AI coding tools.

Snippet Scanning, AI, FOSSA
Read Article
4 Ways to Generate an SBOM
7 min

4 Ways to Generate an SBOM

See four methods for generating an SBOM — from source code, from an ecosystem-specific tool, from a container, and from a binary file.

SBOM, Tools
Read Article
Complying with SEBI SBOM Requirements
7 min

Complying with SEBI SBOM Requirements

Learn about new SBOM (software bill of materials) requirements from SEBI, India's securities and commodities market regulator.

SBOM, India, SEBI
Read Article

More Articles

Analyzing 5 Major OSS License Compliance Lawsuits

7 min
open-source, licenses
Read Article

The SBOM Tool Buyer's Guide

9 min
SBOM, Tools
Read Article

Introducing Dynamic SBOM Sharing in FOSSA

7 min
SBOM, FOSSA
Read Article

Operationalizing Exceptions with Time-Based Ignore Rules

4 min
Vulnerability Management, FOSSA, Compliance
Read Article

FOSSA Issue Diffs: Understanding Your Evolving Risk Posture

5 min
product updates, fossa
Read Article

Understanding the PURL Specification (Package URL)

9 min
PURL, SBOM
Read Article

A VP of Engineering’s Perspective on FOSSA’s AI Journey

8 min
AI, engineering
Read Article

When Builds Bite Back: The Surprising Pitfalls of Maven Environments and Reproducibility

4 min
Maven, builds
Read Article

Revisiting FOSSA Hack Week and Its Customer Impact

6 min
FOSSA
Read Article

May 2025 FOSSA Product Updates

3 min
open-source, product updates
Read Article

Annotate Dependencies with Context: Introducing Package Labels in FOSSA

5 min
dependency management, package labels, open-source
Read Article

Slopsquatting: AI Hallucinations and the New Software Supply Chain Risk

8 min
Software Supply Chain Security, Slopsquatting, AI Coding
Read Article

Introducing FOSSA Binary Composition Analysis (BCA)

7 min
Binaries, BCA
Read Article

SBOMs in India: Analyzing CERT-In Guidelines

8 min
SBOM, India, Guidelines
Read Article

The Role of SBOMs in Managing DORA Compliance

7 min
DORA, SBOM
Read Article

Winter 2025 FOSSA Product Updates

4 min
FOSSA, SBOM, License Compliance
Read Article

License Compliance, SBOM, and Vulnerability Management for Smaller Teams: FOSSA Business Tier

4 min
SBOM, open-source
Read Article

New Relic and FOSSA Upgrade Supply Chain Security with Connected Build-Time and Run-Time Vulnerability Management

4 min
Security, Integration
Read Article

Introducing SBOM Policies in FOSSA

5 min
SBOM, FOSSA, Compliance
Read Article

Understanding CVSS: The Common Vulnerability Scoring System

9 min
CVSS, vulnerability
Read Article

Fall 2024 Software Licensing Roundup

8 min
elastic, licensing, open-source
Read Article

A Proposal for the Future of SBOM Minimum Elements

11 min
SBOM, Cybersecurity
Read Article

Snippet Scanning, Explained

7 min
open-source, snippet scanning
Read Article

CUPS Vulnerabilities: Impact and Fixes

7 min
CUPS, Vulnerabilities
Read Article

U.S. Army Announces New SBOM Requirements

5 min
SBOM, U.S. Army
Read Article

SBOM Requirements in the EU’s CRA (Cyber Resilience Act)

20 min
SBOM, Cyber Resilience Act, EU Regulations
Read Article

4 Considerations for Effective SBOM Sharing

6 min
SBOM, Security
Read Article

Actioning the Stakeholder-Specific Vulnerability Categorization (SSVC) Model

23 min
vulnerability, security
Read Article

Automate Regulatory Compliance With FOSSA's New SBOM Management Add-On

14 min
compliance, SBOM
Read Article

FOSSA Acquires StackShare to Enhance Developer Tools Management and Security

4 min
Company News, technology, acquisition
Read Article

Understanding SBOM Requirements in PCI DSS

10 min
SBOM, PCI DSS, Security
Read Article

Secure Open Source for All: FOSSA's Free Plan Just Got Better

7 min
open-source, security
Read Article

Polyfill Supply Chain Attack: Details and Fixes

6 min
supply chain attack, security
Read Article

Using the CISA Kev Catalog

9 min
vulnerability, security
Read Article

Defining SBOM Requirements for Software Suppliers

11 min
SBOM, Software Suppliers
Read Article

FOSSA Joins Forces with New Relic in the Secure Developer Alliance

3 min
vulnerability management, secure developer alliance
Read Article

How Sentry Manages Software License Compliance

5 min
software licensing, compliance
Read Article

SPDX 3.0 Is Released

8 min
SPDX, SBOM
Read Article

What’s New in CycloneDX 1.6?

5 min
CycloneDX, SBOM, Software Security
Read Article

CVE-2024-3094: New Vulnerability Impacts XZ Utils

6 min
security, linux, vulnerability
Read Article

FOSSA Product Updates: Spring 2024

4 min
FOSSA, Product Updates
Read Article

SBOM Formats Explained and Compared

15 min
SBOM, Software Transparency
Read Article

Enhancing Risk Observability with FOSSA's Issue Overview Dashboard

4 min
risk management, FOSSA
Read Article

Beyond Vulnerabilities: Understanding Package Health with FOSSA Quality

4 min
FOSSA, Open Source
Read Article

Complying with the FDA’s SBOM Requirements

8 min
FDA, SBOM, Cybersecurity
Read Article

Enable Global Visibility and Swift Remediation with Package Index

4 min
Package Index, Security, Software
Read Article

4 Takeaways from the ESF's OSS and SBOM Management Recommendations

7 min
ESF, SBOM, Open Source Software
Read Article

Reduce Alert Fatigue with FOSSA’s Auto-Ignore Rules

4 min
FOSSA, Auto-Ignore, Open Source
Read Article

Terrapin (CVE-2023-48795): New Attack Impacts the SSH Protocol

4 min
Cybersecurity, SSH
Read Article

SCA vs. SAST: Comparing Security Tools

7 min
security, tools
Read Article

Dual-Licensing Models Explained, Featuring Heather Meeker

6 min
licensing, open-source
Read Article

A Comprehensive Guide to Source-Available Software Licenses, Featuring Heather Meeker

12 min
software licenses, open-source, source-available
Read Article

Understanding and Using the EPSS Scoring System

7 min
EPSS, Scoring System
Read Article

Best Practices for Generating High-Quality SBOMs

10 min
software, SBOM
Read Article

Curl Vulnerabilities: Impact and Fixes (Curl 8.4.0)

4 min
curl, vulnerabilities
Read Article

5 Ways to Reduce GitHub Copilot Security and Legal Risks

8 min
AI, GitHub Copilot
Read Article

SBOM Examples, Explained

10 min
SBOM, SPDX, CycloneDX
Read Article

Understanding and Using SPDX License Identifiers and License Expressions

7 min
SPDX, Licensing
Read Article

Business Source License (BSL 1.1): Requirements, Provisions, and History

6 min
BSL, software-licensing
Read Article

5 Ways an SBOM Can Strengthen Security

6 min
SBOM, Security
Read Article

FOSSA Product Updates: August 2023

4 min
FOSSA, Product Updates
Read Article

Direct Dependencies vs. Transitive Dependencies

3 min
dependencies, programming
Read Article

Vulnerability Remediation Tactics

11 min
security, dependencies
Read Article

What’s New in CycloneDX 1.5?

9 min
CycloneDX, SBOM, software
Read Article

VEX (Vulnerability Exploitability eXchange): Purpose and Use Cases

14 min
cybersecurity, risk management
Read Article

The FOSSA Podcast: Product Management from Startup to Enterprise

12 min
product management, start-up, enterprise
Read Article

Generative AI and Software Development: Copyright Law and License Compliance

8 min
AI, software development, snippet scanning
Read Article

The FOSSA Podcast: Managing Engineering Projects

7 min
engineering, project management
Read Article

Heather Meeker on Open Source License Compliance Policies

11 min
Open Source, License Compliance
Read Article

Picking the Right FOSSA Deployment Model

5 min
deployment, FOSSA
Read Article

The FOSSA Podcast: SCA Purchasing and Implementation Trends

4 min
open-source, security
Read Article

How to Find the Best SBOM Tool for Your Organization

12 min
SBOM, Tools
Read Article

The FOSSA Podcast: Structuring and Growing a Customer Success Team

8 min
customer success, podcast
Read Article

Containers and Open Source License Compliance

12 min
open-source, license compliance
Read Article

The FOSSA Podcast: Early-Stage Technology Decisions and Regrets

10 min
technology decisions, podcast
Read Article

2023 Open Source Management Trends, Predictions, and Observations

7 min
open-source, software management
Read Article

The FOSSA Podcast: Adopting Haskell into an Existing Codebase

12 min
Haskell, Programming, Podcast
Read Article

How to Operationalize SBOMs Throughout the SDLC

6 min
SBOM, SDLC
Read Article

Announcing Support for CycloneDX and SBOM Import

3 min
SBOM, CycloneDX
Read Article

How to Use 1Password to Authenticate the FOSSA CLI

4 min
FOSSA, 1Password
Read Article

How Applause Makes Open Source Management Work for Developers

8 min
open-source, software management
Read Article

Complying with GPL v3’s User Product Clause

8 min
GPL v3, open-source, User Product
Read Article

Managing OSS License Compliance Risks in Commercial Software Licensing Agreements, Featuring Jim Markwith

9 min
OSS, License Compliance
Read Article

Announcing the GA of C and C++ Security and License Scanning

3 min
C++, Security
Read Article

November 2022 FOSSA Product Updates

3 min
software updates, C/C++, Azure
Read Article

OpenSSL Vulnerability 2022: Details and Fixes

4 min
OpenSSL, Security
Read Article

CVE-2022-42889 Text4Shell Vulnerability: Impact and Fixes

4 min
vulnerability, security
Read Article

Open Source Licenses 101: Microsoft Public License (Ms-PL)

5 min
open-source, licenses
Read Article

Analyzing the Securing Open Source Software Act

6 min
open-source, security
Read Article

U.S. Government Memo Requires Self-Attestation to Secure Development Practices

7 min
software security, government policy
Read Article

Heather Meeker on Open Source License Compliance Tools

12 min
open-source, license compliance
Read Article

Q and A: Heather Meeker on Hot Topics in OSS License Compliance

13 min
OSS, license compliance
Read Article

FOSSA Earns Great Place To Work Certification

3 min
Workplace Culture, Certification
Read Article

Customer Q&A: Collibra's Journey to Scaling OSS License Compliance

8 min
license compliance, open source, Collibra
Read Article

A Practical Guide to the SLSA Framework

9 min
SLSA, Software Supply Chain
Read Article

How to Implement the CSRB’s Log4j Security Recommendations

10 min
security, log4j, csrb
Read Article

Rust: How to Transform a Byte Stream for Fun and Profit

5 min
Rust, Programming
Read Article

Why Open Source is ESG

6 min
ESG, investing
Read Article

Announcing the Private Beta of FOSSA Risk Intelligence

3 min
open-source, security, risk management
Read Article

Open Source Licenses 101: SIL Open Font License (OFL)

6 min
Open Source, Licenses, Fonts
Read Article

How to Build an Open Source License Compliance Program, Featuring Jim Markwith

7 min
open-source, license compliance
Read Article

Understanding and Preventing Dependency Confusion Attacks

5 min
cybersecurity, supply chain attacks
Read Article

Highlights from NIST SP 800-161r1: Cybersecurity Supply Chain Risk Management

9 min
cybersecurity, risk management
Read Article

The Massive Implications of Software Freedom Conservancy vs. Vizio

9 min
open-source, software
Read Article

Open Source Licenses 101: Boost Software License

7 min
open-source, software license
Read Article

Open Source Licenses 101: The CDDL (Common Development and Distribution License)

7 min
open-source, licenses
Read Article

Best Practices for Implementing Software Composition Analysis, Featuring Rancher Labs

7 min
software, SCA
Read Article

4 Reasons Rancher Labs Chose FOSSA

7 min
Rancher, FOSSA, Open Source Management
Read Article

An Overview of Spring RCE Vulnerabilities

4 min
Spring, RCE, Security
Read Article

Building a Sustainable Software Supply Chain

9 min
software, security
Read Article

Announcing New Support for C/C++ Scanning, SBOMs

3 min
FOSSA, C/C++, SBOM
Read Article

How FOSSA Addresses Challenges Scanning C/C++ Code

7 min
C/C++, Code Scanning
Read Article

The Three Pillars of Reproducible Builds

9 min
software, security, builds
Read Article

Overriding Dependency Versions and Using Version Ranges in Maven

2 min
Java, Maven
Read Article

5 Highlights from the U.S. Senate’s Log4J Vulnerability Hearing

9 min
software security, cybersecurity
Read Article

6 Takeaways from the Linux Foundation's SBOM Report

6 min
SBOM, Cybersecurity
Read Article

React Security: How to Fix Common Vulnerabilities

6 min
React, Security, Vulnerabilities
Read Article

OSS License Compliance Expert Heather Meeker on the AGPL

8 min
Open Source, AGPL
Read Article

5 Must-Have DevSecOps Tools

6 min
DevSecOps, tools
Read Article

Open Source Developer Sabotages npm Libraries 'Colors,' 'Faker'

4 min
npm, open source, sabotage
Read Article

Dependency Management in Visual Studio: NuGet and Beyond

15 min
Visual Studio, NuGet
Read Article

Does TikTok Live Studio Violate GPL v2?

5 min
GPL, license compliance
Read Article

Q and A: Heather Meeker on AGPL, Truth Social, OSS License Compliance

6 min
AGPL, Open Source, License Compliance
Read Article

How to Quickly Find and Remediate Log4J Vulnerabilities (Log4Shell)

3 min
Log4J, security, vulnerability
Read Article

How to Fix the New Log4J DoS Vulnerability: CVE-2021-45105

3 min
Log4J, Vulnerability
Read Article

FOSSA Partners with OpenChain to Promote Open Source Management

3 min
Open Source, Compliance
Read Article

Log4J "Log4Shell" Zero-Day Vulnerability: Impact and Fixes

4 min
vulnerability, security
Read Article

Introducing FOSSA's New License Scanner

5 min
license scanning, software updates
Read Article

Managing Dependencies in .NET: .csproj, .packages.config, project.json, and More

3 min
.NET, dependency management
Read Article

FOSSA Product Updates: Announcing Our New and Improved CLI

3 min
CLI, FOSSA
Read Article

DevSecOps 101: Understanding and Implementing DevSecOps Principles

7 min
DevSecOps, Security, Development
Read Article

Embedded Malware in NPM: Coa, Rc, Ua-parser

5 min
NPM, Security, Malware
Read Article

Open Source Software Licenses 101: The Eclipse Public License

8 min
eclipse, open-source, licenses
Read Article

Best Practices for Testing in Go

12 min
Go, Testing
Read Article

4 Key Elements of Technical Due Diligence

7 min
technical due diligence, M&A
Read Article

Q and A: Software Bill of Materials and FOSSA

8 min
Software, SBOM
Read Article

Anatomy of a Software Supply Chain Attack

8 min
cybersecurity, software security
Read Article

How to Generate an SBOM with FOSSA

6 min
SBOM, FOSSA
Read Article

bouk/monkey and the Importance of Knowing Your Dependencies

6 min
open-source, license compliance
Read Article

Role-Based Access Control (RBAC), Zero Trust, and FOSSA

4 min
cybersecurity, zero trust, access control
Read Article

3 Best Practices for OSS Management in the Automotive Industry

7 min
open-source, automotive
Read Article

FOSSA Product Updates: August 2021

3 min
FOSSA, Product Updates
Read Article

FOSSA Receives Highest Scores Possible in License Risk Management, SBOM Criteria in Forrester Wave

3 min
SCA, FOSSA
Read Article

Open Source Software Licenses 101: The LGPL License

7 min
open source licenses, LGPL
Read Article

Open Source Software Licenses 101: The AGPL License

6 min
open-source, AGPL, licenses
Read Article

Announcing FOSSA Container Scanning

2 min
container scanning, security
Read Article

Stockfish vs. ChessBase and What it Means for GPL v3

6 min
GPL, chess, open-source
Read Article

The Minimum Required Elements of an SBOM

7 min
SBOM, software, compliance
Read Article

Analyzing the Legal Implications of GitHub Copilot

7 min
GitHub, Legal, Copilot
Read Article

Container Image Security and Vulnerability Scanning

9 min
Container Security, Vulnerability Scanning
Read Article

All About CWE-79: Cross-Site Scripting

8 min
XSS, security, web vulnerabilities
Read Article

Copyleft Licenses and the Venture Capital Connection

8 min
open-source, venture capital
Read Article

All About Permissive Licenses

8 min
open-source, licenses
Read Article

Cybersecurity Executive Order and Software Supply Chain Security

8 min
cybersecurity, software supply chain, security, executive order
Read Article

IT Central Station: What Makes for an Effective SCA Solution

4 min
SCA, Software, Security
Read Article

All About Copyleft Licenses

8 min
open-source, licenses
Read Article

Application Security for Developers: SCA, DAST, and GitHub Actions

9 min
application security, GitHub Actions
Read Article

Software Bill Of Materials (SBOM) Formats, Use Cases, and Specifications

10 min
SBOM, software
Read Article

How SCA Helps Manage OSS Vulnerabilities

5 min
OSS, SCA, software
Read Article

Open Source Software Licenses 101: The ISC License

5 min
open-source, licenses
Read Article

Open Source Software Licenses 101: Mozilla Public License 2.0

8 min
Open Source, Software Licensing
Read Article

Top Build Systems for Monorepos

7 min
build systems, monorepos
Read Article

Open Source Software Licenses 101: The BSD 3-Clause License

8 min
open-source, software licenses
Read Article

Software Supply Chain Security for Automotive Organizations

7 min
software security, automotive industry
Read Article

How OSS Conquered the World: Insight from Veteran Developers

3 min
open-source, OSS
Read Article

Building an Open Source Program Office (OSPO)

6 min
OSPO, open-source
Read Article

Open Source Software Licenses 101: GPL v3

7 min
open-source, licenses
Read Article

Open Source Software Licenses 101: GPL v2

7 min
open-source, GPL, license
Read Article

How to Choose an Open Source Software License Compliance Tool

5 min
open-source, compliance
Read Article

4 Takeaways from the 2021 State of Open Source Vulnerabilities Report

3 min
vulnerabilities, open-source, programming languages
Read Article

Open Source Licenses 101: Apache License 2.0

7 min
open-source, apache license, software licenses
Read Article

How to Apply a License to Your Open Source Software Project

16 min
open-source, license
Read Article

Open Source Software Licenses 101: The MIT License

6 min
open-source, licenses
Read Article

Takeaways from OpenChain ISO/IEC 5230:2020

5 min
open-source, compliance
Read Article

Top Security Takeaways from the 2020 FOSS Contributor Survey

7 min
Open Source, Security
Read Article

The Future of Software Composition Analysis, Featuring Forrester

5 min
software, open-source
Read Article

Improving Page Speed Using Google PageSpeed Insights in Rails Apps

7 min
Rails, Google PageSpeed
Read Article

5 Ways Companies Can Get More Value From Open Source Software

9 min
open-source, software development
Read Article

SolarWinds, Supply Chain Attacks, and Software Composition Analysis

9 min
supply chain attacks, cybersecurity
Read Article

How UiPath Reduced Open Source Risk Through Team Collaboration

7 min
open-source, risk management
Read Article

What is Software Composition Analysis?

5 min
software, analysis
Read Article

Pros and Cons of Using Monorepos

6 min
monorepos, software development
Read Article

How Zendesk’s Legal Team Scored an Open Source Compliance Victory

5 min
open-source, compliance
Read Article

FOSSA Announces SOC 2 Compliance

3 min
SOC 2, compliance
Read Article

How to Choose the Right Open Source License

6 min
open-source, licensing
Read Article

A Look Inside FOSSA’s New Product Design

4 min
design, product update
Read Article

Q&A: Heather Meeker on Open Source License Notices

9 min
Open Source, License Compliance
Read Article

Heather Meeker on Open Source License Notices and Automation

10 min
open-source, license compliance
Read Article

A Journey Through Our New Brand and Website

12 min
branding, website redesign
Read Article

A Framework for Evaluating Software Composition Analysis Tools

5 min
Software Composition Analysis, Risk Mitigation
Read Article

FOSSA Raises a $23.2M Series B

3 min
funding, open-source
Read Article

Press Release: FOSSA Accelerates Growth, Hits Significant Milestones

4 min
open-source, security management
Read Article

Introducing Open Source Security Management at Enterprise Scale

5 min
security, open-source
Read Article

How Open Source License Audits Became a Strategic Key to M&A Success

4 min
open-source, M&A
Read Article

The Huge Risk that Most IPOs Miss

8 min
IPOs, Risk Management
Read Article

Now's the Perfect Time to Evolve Legal and Engineering Collaboration

4 min
open-source, compliance
Read Article

TikTok, Trump, and the Future of Open Source Surveillance

9 min
surveillance, open-source
Read Article

FOSSA and Container Scanning

4 min
container, docker
Read Article

Open Source Management: Fundamentals

15 min
Enterprise, Software
Read Article

Why Source Code Scanning Tools Are Essential for Open Source Compliance

5 min
open-source, compliance
Read Article

FOSSA January 2020 Product Release Notes

2 min
FOSSA, Product Updates
Read Article

FOSSA December 2019 Product Release Notes

2 min
FOSSA, release notes
Read Article

Snippet Scanning: Is it Right for Your Team?

5 min
open-source, software composition analysis
Read Article

FOSSA November 2019 Product Release Notes

2 min
Read Article

FOSSA Named to CNBC's Upstart 100

2 min
startups, open-source, recognition
Read Article

FOSSA Acquires Dawn Labs

2 min
Acquisition, Developer Tools
Read Article

FOSSA September 2019 Product Release Notes

2 min
FOSSA, Product Release, Integrations
Read Article

FOSSA Raises $8.5M for Enterprise Open Source Management

4 min
Enterprise, Open Source
Read Article

DevOps and Open Source + CI/CD = Mitigating Risk Without Sacrificing Speed

2 min
DevOps, CI/CD
Read Article

FOSSA August 2019 Product Release Notes

3 min
FOSSA, release notes
Read Article

We’re excited to partner with CircleCI to release our CircleCI orb!

1 min
CircleCI, Open Source
Read Article

FOSSA July 2019 Product Release Notes

1 min
Product Release, FOSSA, CLI
Read Article

A Partnership Between Legal Teams and Software Engineers is More Important Than Ever

1 min
legal, engineering
Read Article

FOSSA Marketing Intern Reflection

3 min
Marketing, Internship
Read Article

WTFPL to Beerware: Top 6 Out-There Open Source Licenses

3 min
open-source, licenses
Read Article

FOSSA June 2019 Product Release Notes

2 min
FOSSA, release notes
Read Article

All About Open Source Licenses

6 min
open-source, licenses
Read Article

What is a Private Artifact Repository?

3 min
open-source, artifact repository
Read Article

Still Asking Engineers to Fill Out Open Source Request Forms?

7 min
open-source, software development
Read Article

We’re Excited to Announce Our CNCF Membership

1 min
open-source, CNCF
Read Article

FOSSA May 2019 Product Release Notes

3 min
product, release notes
Read Article

A Case For Continuous Compliance

5 min
open-source, compliance
Read Article

Creating a Comprehensive 3rd-Party Package License Policy for OSS

9 min
OSS, Open Source Compliance
Read Article

Why Open Source License Compliance Needs to Be CI-Agnostic

5 min
open-source, license compliance
Read Article

Automating Open Source Reports with FOSSA at Applause

3 min
open-source, FOSSA
Read Article

Cost/Benefit Analysis: Manual Audits vs Automated License Compliance

5 min
compliance, audits
Read Article

Fast Integration Tests for 3rd Party Services - The Easy Way

5 min
integration tests, third-party services
Read Article

Reflecting on 1 year of early-stage engineering

3 min
software engineering, startups
Read Article

Which Open Source License Is Best for Commercialization?

4 min
open-source, licenses
Read Article

Discussing Commons Clause on Software Engineering Daily

2 min
open-source, business models
Read Article

Pathologies of Go Package Management

10 min
Go, package management
Read Article

FOSSA 0.8.0: Overhauling our onboarding system + other usability improvements

4 min
FOSSA, software updates
Read Article

300+ New Licenses Supported in FOSSA

3 min
FOSSA, licenses
Read Article

JS Foundation chooses FOSSA as the Open Source License Cert. Provider

5 min
JavaScript, Open Source
Read Article

Combating Alert Fatigue with a Global Issue Dashboard

5 min
alert fatigue, dashboard
Read Article

Open sourcing FOSSA’s build analysis in fossa-cli

3 min
open-source, dependency-analysis
Read Article

Delivering a better on-premises experience

4 min
on-premises, deployment, FOSSA
Read Article

Legal Concerns for SaaS Companies Going On-Prem

5 min
SaaS, Legal, On-Prem
Read Article

Organization-wide issues & conditional policies

5 min
compliance, policies
Read Article

Don’t Over-REACT to the Facebook Patents License

7 min
open-source, Facebook, patents
Read Article

The Ultimate GPL Survival Guide

6 min
GPL, open-source, compliance
Read Article

Announcing FOSSA Public Beta & Funding

7 min
FOSSA, Open Source
Read Article

You can’t get around code scanning if you care about open source licenses

6 min
open-source, code scanning
Read Article

How SmartThings runs IoT open source compliance across dozens of releases per day

5 min
IoT, SmartThings
Read Article

FOSSA partners with npm to deliver open source license compliance

4 min
open-source, compliance
Read Article