If there have been no recent code changes to your repository, you might assume that building an application is a static, reproducible process. But in modern applications that depend heavily on open source packages, this is not true. Package versions are constantly changing, often introducing unexpected risks or vulnerabilities and sometimes even new licenses.
FOSSA monitors these changes, identifying any new licensing issues or security risks in each package revision. This enables teams to adopt a posture of proactive, continuous management of their open source software. But for teams with a large number of repositories and projects, it has the potential to create redundant alerts related to the same underlying issue.
To help solve this problem, FOSSA recently launched auto-ignore rules, a feature designed to significantly streamline license compliance and vulnerability remediation. By creating a rule just once, you can apply it across other projects or future versions of a given package. This approach not only minimizes the need to resolve the same issue in multiple places but also dramatically reduces the number of open issues and the time spent on them, decreasing alert fatigue for your team.
This feature isn't just about reducing the number of alerts; it's about creating an intelligent system that remembers your decisions and applies them across your projects and future package versions.
How Auto-Ignore Rules Reduce Re-Work
FOSSA's new auto-ignore feature saves time in multiple scenarios:
- Applying decisions to future revisions: Auto-ignore rules eliminate duplicative work by applying your decisions from one revision to future revisions. Typically, open source licenses change infrequently — you shouldn’t have to continuously resolve the same licensing issues on every revision. For example, once your team approves the license for a particular package version, auto-ignore rules can extend this acceptance to future versions of the package, as long as the license remains unchanged. This means your team won't be bogged down by alerts for the same licensing issue every time the package is updated — a significant step toward efficient license compliance management.
- Applying decisions to all projects that share the same policy: Another key advantage is the application of auto-ignore rules across projects with shared policies. For instance, if your team determines that a specific issue is irrelevant for any SaaS application, you can apply an auto-ignore rule across all projects governed by your SaaS application policy. This ensures that all similar projects benefit from your vetting efforts, avoiding the need to resolve the same issue repeatedly across multiple projects.
- Applying decisions from a project to its release group: Similarly, if you’ve ignored an issue for an individual project, you can now also apply that decision to the release that contains that revision of the package.
- Applying decisions globally: If you’ve made a decision about a particular package issue, you can also apply it to all projects globally.
A User-Friendly Experience for Enhanced Efficiency
Designed with a focus on user experience, auto-ignore rules are integrated seamlessly into your existing FOSSA workflow. When ignoring an issue, simply select where else this rule should apply, and a new auto-ignore rule will be created.
FOSSA is the only license compliance solution that remembers what decisions you’ve made and applies them to other projects, so you don’t have to resolve the same issue in multiple places.
Take the Next Step Toward Effective OSS Management
Current FOSSA customers can leverage auto-ignore rules in their workflow today. You can reference our documentation for more information.
If you aren’t yet a FOSSA customer and are interested in auto-ignore rules, getting started is straightforward. You can sign up for a FOSSA premium account (recommended for smaller organizations) for immediate access to this feature, or request a demo (recommended for larger organizations) to get an in-depth look at how auto-ignore rules can help make your license compliance and security efforts more effective and efficient.
With the addition of auto-ignore rules, we are excited to continue enabling teams to focus on what truly matters for security and license compliance in their organizations.