JIRA: Breaking Change, Update Required

FOSSA’s Jira integration now supports connecting multiple Jira Sites to the same FOSSA instance. This change requires updates to your configurations within your integration settings.

FOSSA September 2019 Release Notes - Jira Integration

Webhooks on Jira that send notifications to FOSSA will need to be reconfigured to include an authorization key. The new webhook URL can be found in Settings > Integrations > Jira. For more information on configuring webhooks, please see our documentation. If the webhooks are not updated, then exported issues that are closed on Jira will not be resolved on FOSSA.

Adding Projects

Archive Uploader

We’ve overhauled our archive uploader to improve both product stability and performance. Our investments in the archive uploader infrastructure not only improves analysis speed , but also allow FOSSA to support much larger file sizes.

FOSSA September 2019 Release Notes - Quick Import


New Reporting Format: SPDX  

SPDX is an industry-standard that makes reporting and communicating open source dependencies easier. We are excited to roll out SPDX to all our users. Contact us at if you are interested in getting it activated for your account.

FOSSA September 2019 Release Notes - SPDX Reporting Format
Please contact to activate SPDX reporting for your account

New Report Data Available: Dependency Graphs for Provided Builds

Understand how each open source component is brought into your product by including Dependency Paths in your reports. You can include dependency graphs by selecting Customize Columns in the reporting view for each project.

FOSSA September 2019 Release Notes - Deep Dependencies


In addition to improving general stability and performance, we have made the following updates:

RPM Support

We now support integrating the FOSSA-CLI with projects using RPM as the package manager. Please check out these docs to get started.

FOSSA Report Dependency Update

The CLI command fossa report dependencies outputs a JSON report that now includes the open source component’s version and commit hash. This allows Golang dependencies to have their commit hashes explicitly defined in CLI reports.

Python Support 2.0

We have updated our Python analyzer to improve accuracy and performance.