FOSSA
Control Your Software Supply Chain

FOSSA is a software supply chain management platform that helps engineering teams automate license compliance, security vulnerability detection, and SBOM generation for all third-party and open source code. It integrates into CI/CD workflows to scan packages, containers, binaries, and snippets, then enforces policies and guides remediation. The platform also generates license attribution notices and software bills of materials (SBOMs) on demand.
FOSSA integrates into the development workflow to scan all third-party dependencies across the SDLC, enforce automated policies, provide guided remediation for vulnerabilities and license issues, and generate SBOMs and attribution notices.
Engineering teams and software developers managing open source dependencies
Background.
- Status
- launched
- Business model
- freemium
- Company
- FOSSA
Similar projects.
Editorial take on the space this project sits in — momentum signals, adjacent moves, our call on whether the wedge is real. Get pinged when we publish a new read or when the landscape shifts.
Have a take on this space?
Tell us what you’d build differently, where you think the incumbents miss, or what we’ve gotten wrong about this project. Comments + reactions are coming soon.