FOSSA's engineering team recently held its first hack week. After soliciting input from across product, customer success, go-to-market, and leadership teams, our engineers picked 15 projects to build.
Broadly, these projects fell into three distinct categories:
- Internal tools
- Work to lay the foundation for medium- and long-term features
- Customer-facing features and improvements that have already been deployed (or are the process of being deployed)
In this blog, we'll focus on four specific hack week projects that fell into the last category since those are the ones that our customers will be able to benefit from today. But a hearty congratulations and thank you to all the FOSSA engineers who participated!
FOSSA’s Velocity Panel: Faster Navigation, Faster Results
FOSSA engineers Dave Lunny and Dennis Yu approached their hack week project with a clear objective: make it as easy as possible to navigate and take action in the FOSSA app.
The end result was the FOSSA Velocity Panel — inspired in part by GitHub's Command Palette — which enables users to easily navigate, search, and execute commands in just a few keystrokes.
Using the Velocity Panel to Search and Navigate
First, enter Command K or Ctrl + K from anywhere in the FOSSA app. This will bring up a search bar. Then, start to type your desired location — for example, if you want to import a new project via GitHub, you'd start to type “GitHub,” and you'd see the relevant options pop up as in the screenshot below.
Or, if you want to see the vulnerabilities that your most recent scan surfaced for a given project, you can start to type in the project name. And so on and so forth.
This functionality is designed to be as intuitive as possible — you won't need the exact destination name, just something close to it — but it is particularly recommended for experienced FOSSA users who know their way around our app.
License Policy Page Improvements: Search and Bulk Actions
FOSSA engineer Tyler Duddy's hack week project focused on a mission-critical part of our application for anyone involved in open source license compliance management: the license policies page.
FOSSA's license policies determine whether licensing issues will be created when you run a scan — if FOSSA detects licenses on an organization's “flag” or “deny” list, it will surface the issue accordingly.
The new license policy page has several improvements that make it easier for organizations to understand and modify their policies.
License Search
There are four policy columns on FOSSA's license policies page:
- Approve: These licenses are acceptable to the user in all cases
- Flag for Review: These licenses (which often include weak copyleft, e.g. the LGPL) will be flagged to the user for additional review
- Deny: These licenses will be denied in all cases
- Uncategorized: Licenses in FOSSA's database that have not been added to a policy
Now, when you visit the license policies page, you'll see a search bar that allows users to quickly determine how specific licenses are categorized (and to find more information on those specific licenses).
Bulk Actions
It's also now much easier to modify your license policies. Simply check the box of each license you want to move — or easily select all (or deselect all) — and let FOSSA know the new category for the licenses. This saves users significant time when interacting with licenses on the policy page.
Upgraded Rule Creation and Editing
There have also been improvements to the way users can create and edit conditional license rules. Conditional license rules play an important role in ensuring the proper categorization (e.g. approve, flag, deny) depending on the context in which the licensed dependency is used. For example, there are different compliance obligations for certain licenses when a library is statically vs. dynamically linked. Licenses can also have different requirements for dependencies that are simply copied compared to dependencies that are modified.
This enhanced rule creation flow gives you more granular control over how you treat licenses based on these conditions.
Webhook Notifications: Making FOSSA Data Even More Useful
The first two items we covered in this blog focused on improving our customers' experience directly in the FOSSA application. Engineer Lee Brown's project aims to improve your experience with FOSSA outside of the app by providing more ways to get alerted when issues surface.
Previously, FOSSA customers could enable or disable a variety of notifications that would be delivered via Slack or email. Now, in addition to those two methods, you can choose to use new webhook notifications.
Webhook notifications are intended for customers running their own web server or web app that can take in these requests. The end result is that you'll be able to pipe FOSSA issue data — such as project title, locator, and breakdown of new issues by category and type — they will be sent as the JSON body of a POST request to the configured endpoint.
For more information on setting up webhooks, please reach out to your customer success contact.
User-Defined Dependencies: Going Global
As more FOSSA customers have started adopting SBOMs, there's been a significant increase in the number of user-defined dependencies across projects.
User-defined dependencies refer to the scenario where FOSSA analyzes an SBOM that includes components without a PURL identifier. In these cases (or in cases where the PURL does not specify a package manager that FOSSA supports), the component will be turned into a user defined dependency
As you might expect, we often see specific user-defined dependencies appear in multiple FOSSA projects. (Just like we often see the same open source dependency in multiple projects.)
FOSSA engineer Noah Lackstein's hack week project improves the way our app handles these user-defined dependencies. Now, when a user-defined dependency is created in FOSSA, that dependency will be recognized with the same locator across all projects. This makes it much easier to manage user-defined dependencies across your organization — if you need to modify a user-defined dependency, those changes will take effect globally, in all of your projects.
Putting a Bow on Hack Week
As we reflect on FOSSA's first hack week, it's gratifying to see that so many of our team's projects are already making a difference for our customers. From simplifying navigation within the FOSSA app to improving the experience with our license compliance policies page, hack week was undoubtedly a success.
If you are a current FOSSA customer who would like more information on any of these projects, please feel free to reach out to your customer success representative. (You can also email customer-success@fossa.com.
If you aren't currently a FOSSA user but would like more information about our platform, you can get in touch with our team by filling out the form on this page.