Visit
FOSSA screenshot
/ About /

FOSSA is a software supply chain management platform that helps engineering teams automate license compliance, security vulnerability detection, and SBOM generation for all third-party and open source code. It integrates into CI/CD workflows to scan packages, containers, binaries, and snippets, then enforces policies and guides remediation. The platform also generates license attribution notices and software bills of materials (SBOMs) on demand.

/ How it works /

FOSSA integrates into the development workflow to scan all third-party dependencies across the SDLC, enforce automated policies, provide guided remediation for vulnerabilities and license issues, and generate SBOMs and attribution notices.

/ Who it's for /

Engineering teams and software developers managing open source dependencies

/ More info /

Background.

Status
launched
Business model
freemium
Company
FOSSA
/ Discovered patterns /

Similar projects.

Coming soonSpektrail’s read on Security

Editorial take on the space this project sits in — momentum signals, adjacent moves, our call on whether the wedge is real. Get pinged when we publish a new read or when the landscape shifts.

Coming soon

Have a take on this space?

Tell us what you’d build differently, where you think the incumbents miss, or what we’ve gotten wrong about this project. Comments + reactions are coming soon.