Code Security

One Platform for Complete Supply Chain Security

Consolidate SCA, BCA, and Container Security into a single solution that scales to 1000s of developers.

Issues

1/1/25 - 3/22/25

Total

+42

/ 7,010

Active

+40

/ 1,562

Ignored

—

/ 283

Remediated

+27

/ 5,165

Remediated

Ignored

Active

Feb 20

Feb 25

Mar 02

Mar 07

Mar 12

Mar 17

Mar 22

Meet our customers

UNIFIED APPROACH

Unify Software Supply Chain Security

Eliminate vendor overlap, reduce false positives & unify security posture management across open source packages, binaries and containers.

Reachability-Based Software Composition Analysis

FOSSA's comprehensive SCA identifies deep vulnerabilities in transitive dependencies with best-in-class accuracy. Built-in reachability analysis eliminates common false positives, with workflows that make remediation efficient and effective at any scale.

Deep Dependency Detection

Scan direct and transitive dependencies with total accuracy, going up to unlimited depth in nested dependency chains.

Zero-Config, Zero Noise

Intelligently scan only what ends up reachable in production with great results out of the box.

Advanced Reachability & Threat Intelligence

Access detailed vulnerability data from multiple sources including NVD, GitHub, OSV, and FOSSA's proprietary database.

Actionable Remediation Guidance

Get prioritized vulnerability fixes with our proprietary algorithm that considers exploitability, upgrade impact, and effort assessment.

CRIT 9.8

Minor fix

CVE-2019-5477

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

nokogiri

(1.5.9)

Activein4Projects

Remediation

Current

1.5.9

Partial fix

1.10.4

Complete fix

1.13.6

Recommended change:

- "nokogiri": "1.5.9"
+ "nokogiri": "1.13.6"

Vulnerability details

CVE

CVE-2019-5477

CWEs

CWE-78

EPSS Score

1.2% (78th)

Affected versions

<1.10.4

Patched versions

1.10.4

Publication date

Aug 16, 2019

Review status

Reviewed

Dependency

Risk-Based Alert Prioritization

Focus on what matters with flexible risk-based prioritization that considers exploitability, reachability, and business impact across all security findings.

Mature Security Workflows

Leverage FOSSA's battle-tested security workflows with automated triage, precise remediation recommendations, and seamless DevSecOps integration.

Unified Compliance & Governance

Streamline regulatory compliance with comprehensive reporting across SCA, BCA, and containers, eliminating the need to manage multiple compliance systems.

Trusted by Enterprise Security Teams

Leading organizations rely on FOSSA's mature SCA capabilities to secure their most critical applications at scale.

"It was easy to integrate FOSSA into our CI pipeline to generate SBOMs. Whether we're using the FOSSA dashboard or the CLI, we're able to generate an SBOM. Plus, FOSSA automates everything that can be automated."

Girish Shivanna

Principal Security Engineer, F5

Read Case Study

"We now know all of the open source components we use. If there's a new, high-severity vulnerability, we can tell unequivocally in seconds whether we're affected. We're able to identify and resolve vulnerabilities quickly."

Charles Hoffman

Principal & Director of Software Development, Milliman

Read Case Study

"FOSSA is a really good blend of licensing and security. Typically, you see vendors do one or the other better. FOSSA does both of them quite well. FOSSA has been great at helping us stay ahead with automation, efficiency, and better vulnerability prioritization."

Valentina Ditoiu

Senior Security Program Manager, UiPath

Read Case Study

4.4

Gartner Peer Insights

92%

Peerspot

Consolidate Your Security Stack Today

Join leading enterprises using FOSSA's unified security platform to eliminate tool sprawl and reduce vulnerability risk by 73%.