FOSSA
fossa.comControl Your Software Supply Chain
Securitysoftware-supply-chainopen-source-compliancesbomlicense-managementvulnerability-scanningdependency-managementdevsecops
About
FOSSA is a software supply chain management platform that helps engineering teams automate license compliance, security vulnerability detection, and SBOM generation for all third-party and open source code. It integrates into CI/CD workflows to scan packages, containers, binaries, and snippets, then enforces policies and guides remediation. The platform also generates license attribution notices and software bills of materials (SBOMs) on demand.
Problem
Modern software products contain over 80% open source code, creating significant legal, security, and quality risks that are difficult to track and manage manually.
For
Engineering teams and software developers managing open source dependencies
How it works
FOSSA integrates into the development workflow to scan all third-party dependencies across the SDLC, enforce automated policies, provide guided remediation for vulnerabilities and license issues, and generate SBOMs and attribution notices.
Business model
freemium
Status
launched
Company
FOSSA