All Announcements SBOM Security Licensing Open Source Press

Dependency Heaven

Jan 9, 2026

fossabot’s Strategic Updates Keep Getting Smarter

fossabot's stategic updates adapt your app code to upstream library changes, now with an enhanced planner and improved CI signals

Germany’s BSI SBOM Guidelines: What You Need to Know

Jan 7, 2026

7 min

Germany’s BSI SBOM Guidelines: What You Need to Know

See technical details and important themes from Germany's influential BSI SBOM guidelines.

Dec 10, 2025

3 min

What’s New in CycloneDX 1.7

Learn about the new features and improvements in CycloneDX 1.7, including new patent-related fields and expanded cryptography support.

Latest Articles

Comparing Declared and Discovered OSS Licenses

Nov 25, 2025

4 min

Comparing Declared and Discovered OSS Licenses

Organizations are successfully generating SBOMs for security, regulatory compliance, and business reasons, but struggle with their distribution.

Simplifying OSS License Analysis with FOSSA License Concluded

FOSSA's new license concluded feature simplifies the process of analyzing multiple declared and discovered licenses associated with a single dependency.

Dependency Heaven

fossabot’s Strategic Updates Keep Getting Smarter

Germany’s BSI SBOM Guidelines: What You Need to Know

What’s New in CycloneDX 1.7

Latest Articles

Comparing Declared and Discovered OSS Licenses

Simplifying OSS License Analysis with FOSSA License Concluded

A Practical Guide to Common Platform Enumeration (CPE)

Heather Meeker on AI Coding Assistants and OSS License Compliance

FOSSA Welcomes SBOM Pioneer Allan Friedman as a Senior Advisor

How Open Source License Scanners Work

More Articles

The Guide to SBOMs and FedRAMP Compliance

Announcing fossabot: AI Agent for Strategic Dependency Updates

Automating Dependency Updates at FOSSA

FOSSA Acquires EdgeBit: From Scanning to Updating

Shai-Hulud Malware and FOSSA's Impact Assessment Tool

Rewriting an NPM Package's Semver Based on Breaking Changes

Manage AI Coding Tool Risks with FOSSA Snippet Scanning

4 Ways to Generate an SBOM

Complying with SEBI SBOM Requirements

Analyzing 5 Major OSS License Compliance Lawsuits

The SBOM Tool Buyer's Guide

Introducing Dynamic SBOM Sharing in FOSSA

Operationalizing Exceptions with Time-Based Ignore Rules

FOSSA Issue Diffs: Understanding Your Evolving Risk Posture

Understanding the PURL Specification (Package URL)

A VP of Engineering’s Perspective on FOSSA’s AI Journey

When Builds Bite Back: The Surprising Pitfalls of Maven Environments and Reproducibility

Revisiting FOSSA Hack Week and Its Customer Impact

May 2025 FOSSA Product Updates

Annotate Dependencies with Context: Introducing Package Labels in FOSSA

Slopsquatting: AI Hallucinations and the New Software Supply Chain Risk

Introducing FOSSA Binary Composition Analysis (BCA)

SBOMs in India: Analyzing CERT-In Guidelines

The Role of SBOMs in Managing DORA Compliance

Winter 2025 FOSSA Product Updates

License Compliance, SBOM, and Vulnerability Management for Smaller Teams: FOSSA Business Tier

New Relic and FOSSA Upgrade Supply Chain Security with Connected Build-Time and Run-Time Vulnerability Management

Introducing SBOM Policies in FOSSA

Understanding CVSS: The Common Vulnerability Scoring System

Fall 2024 Software Licensing Roundup

A Proposal for the Future of SBOM Minimum Elements

Snippet Scanning, Explained

CUPS Vulnerabilities: Impact and Fixes

U.S. Army Announces New SBOM Requirements

SBOM Requirements in the EU’s CRA (Cyber Resilience Act)

4 Considerations for Effective SBOM Sharing

Actioning the Stakeholder-Specific Vulnerability Categorization (SSVC) Model

Automate Regulatory Compliance With FOSSA's New SBOM Management Add-On

FOSSA Acquires StackShare to Enhance Developer Tools Management and Security

Understanding SBOM Requirements in PCI DSS

Secure Open Source for All: FOSSA's Free Plan Just Got Better

Polyfill Supply Chain Attack: Details and Fixes

Using the CISA Kev Catalog

Defining SBOM Requirements for Software Suppliers

FOSSA Joins Forces with New Relic in the Secure Developer Alliance

How Sentry Manages Software License Compliance

SPDX 3.0 Is Released

What’s New in CycloneDX 1.6?

CVE-2024-3094: New Vulnerability Impacts XZ Utils

FOSSA Product Updates: Spring 2024

SBOM Formats Explained and Compared

Enhancing Risk Observability with FOSSA's Issue Overview Dashboard

Beyond Vulnerabilities: Understanding Package Health with FOSSA Quality

Complying with the FDA’s SBOM Requirements

Enable Global Visibility and Swift Remediation with Package Index

4 Takeaways from the ESF's OSS and SBOM Management Recommendations

Reduce Alert Fatigue with FOSSA’s Auto-Ignore Rules

Terrapin (CVE-2023-48795): New Attack Impacts the SSH Protocol

SCA vs. SAST: Comparing Security Tools

Dual-Licensing Models Explained, Featuring Heather Meeker

A Comprehensive Guide to Source-Available Software Licenses, Featuring Heather Meeker

Understanding and Using the EPSS Scoring System

Best Practices for Generating High-Quality SBOMs

Curl Vulnerabilities: Impact and Fixes (Curl 8.4.0)

5 Ways to Reduce GitHub Copilot Security and Legal Risks

SBOM Examples, Explained

Understanding and Using SPDX License Identifiers and License Expressions

Business Source License (BSL 1.1): Requirements, Provisions, and History