FOSSA: Audit-Grade Open Source Dependency Protection

Automate License Compliance with FOSSA

What is FOSSA?

FOSSA is a software composition analysis tool that continuously scans for open-source components and tracks dependencies and license compliance. FOSSA is an open source management platform used by companies like UBER, SLACK, and NIKE with a policy engine. They have default policies for websites and hosted services that are used for Statistical Analysis System applications.

Use case of FOSSA

FOSSA helps you to manage your open-source components. FOSSA plugs into your development workflow to help your team automatically track, manage, and remediate issues with the open source you use to:

  • Stay compliant with software licenses and generate required attribution documents
  • Enforce usage and licensing policies throughout your CI/CD workflow
  • Monitor and remediate security vulnerabilities
  • Flag code quality issues and outdated components proactively

Open-source software is a huge asset for a growing company but open-source license compliance can be difficult using legacy tools that are inflexibly forcing the legal team to spend too much time manually addressing gaps. So we need an automated way to cover all license approval scenarios. FOSSA works with all our favorite coding languages- python, C/C++, JavaScript, etc. So Let’s begin with How to run your first scan using FOSSA.

Continue reading “FOSSA: Audit-Grade Open Source Dependency Protection”