Dependency Heaven
8 min
Slopsquatting: AI Hallucinations and the New Software Supply Chain Risk
Learn about slopsquatting, an emerging category of software supply chain risk that can stem from AI coding tools.
7 min
Introducing FOSSA Binary Composition Analysis (BCA)
FOSSA's new Binary Composition Analysis (BCA) product enables organizations to mange security, license compliance, and SBOMs for binary files.
8 min
SBOMs in India: Analyzing CERT-In Guidelines
An analysis of the CERT-In guidelines for building and managing an SBOM program, recommended data fields, automation support, and best practices.
Latest Articles
7 min
The Role of SBOMs in Managing DORA Compliance
An exploration of the importance of SBOMs in complying with the EU's Digital Operational Resilience Act (DORA), focusing on software tracking and monitoring requirements for financial entities.
Read Article
4 min
Winter 2025 FOSSA Product Updates
Explore the new functionalities of FOSSA for managing SBOMs, vulnerabilities, and open source license compliance, including automated NOTICE file recreation and FDA compliance support.
Read Article
4 min
License Compliance, SBOM, and Vulnerability Management for Smaller Teams: FOSSA Business Tier
FOSSA introduces a new business tier tailored for smaller teams, offering flexible pricing and comprehensive features for SBOM, vulnerability management, and license compliance.
Read Article
4 min
New Relic and FOSSA Upgrade Supply Chain Security with Connected Build-Time and Run-Time Vulnerability Management
New integration between FOSSA and New Relic provides end-to-end visibility and actionable insights for developers to manage software supply chain security efficiently.
Read Article
5 min
Introducing SBOM Policies in FOSSA
Learn about FOSSA's new SBOM policy feature that helps enforce SBOM standards for compliance and security.
Read Article
9 min
Understanding CVSS: The Common Vulnerability Scoring System
An in-depth look at the Common Vulnerability Scoring System (CVSS), its evolution, scoring methods, and its importance in prioritizing vulnerabilities.
Read Article
More Articles
Fall 2024 Software Licensing Roundup
8 min
A Proposal for the Future of SBOM Minimum Elements
11 min
Snippet Scanning, Explained
8 min
CUPS Vulnerabilities: Impact and Fixes
7 min
U.S. Army Announces New SBOM Requirements
5 min
SBOM Requirements in the EU’s CRA (Cyber Resilience Act)
20 min
4 Considerations for Effective SBOM Sharing
6 min
Actioning the Stakeholder-Specific Vulnerability Categorization (SSVC) Model
23 min
Automate Regulatory Compliance With FOSSA's New SBOM Management Add-On
14 min
FOSSA Acquires StackShare to Enhance Developer Tools Management and Security
4 min
Understanding SBOM Requirements in PCI DSS
10 min
Secure Open Source for All: FOSSA's Free Plan Just Got Better
7 min
Polyfill Supply Chain Attack: Details and Fixes
6 min
Using the CISA Kev Catalog
9 min
Defining SBOM Requirements for Software Suppliers
11 min
FOSSA Joins Forces with New Relic in the Secure Developer Alliance
How Sentry Manages Software License Compliance
5 min
SPDX 3.0 Is Released
8 min
What’s New in CycloneDX 1.6?
5 min
CVE-2024-3094: New Vulnerability Impacts XZ Utils
6 min
FOSSA Product Updates: Spring 2024
4 min
SBOM Formats Explained and Compared
14 min
Enhancing Risk Observability with FOSSA's Issue Overview Dashboard
4 min
Beyond Vulnerabilities: Understanding Package Health with FOSSA Quality
4 min
Complying with the FDA’s SBOM Requirements
8 min
Enable Global Visibility and Swift Remediation with Package Index
4 min
4 Takeaways from the ESF's OSS and SBOM Management Recommendations
7 min
Reduce Alert Fatigue with FOSSA’s Auto-Ignore Rules
4 min
Terrapin (CVE-2023-48795): New Attack Impacts the SSH Protocol
4 min
SCA vs. SAST: Comparing Security Tools
7 min
Dual-Licensing Models Explained, Featuring Heather Meeker
6 min
A Comprehensive Guide to Source-Available Software Licenses, Featuring Heather Meeker
12 min
Understanding and Using the EPSS Scoring System
7 min
Best Practices for Generating High-Quality SBOMs
10 min
Curl Vulnerabilities: Impact and Fixes (Curl 8.4.0)
4 min
5 Ways to Reduce GitHub Copilot Security and Legal Risks
8 min
SBOM Examples, Explained
10 min
Understanding and Using SPDX License Identifiers and License Expressions
7 min
Business Source License (BSL 1.1): Requirements, Provisions, and History
6 min
5 Ways an SBOM Can Strengthen Security
6 min
FOSSA Product Updates: August 2023
4 min
Direct Dependencies vs. Transitive Dependencies
3 min
Vulnerability Remediation Tactics
11 min
What’s New in CycloneDX 1.5?
9 min
VEX (Vulnerability Exploitability eXchange): Purpose and Use Cases
14 min
The FOSSA Podcast: Product Management from Startup to Enterprise
12 min
Generative AI and Software Development: Copyright Law and License Compliance
8 min
The FOSSA Podcast: Managing Engineering Projects
7 min
Heather Meeker on Open Source License Compliance Policies
11 min
Picking the Right FOSSA Deployment Model
5 min
The FOSSA Podcast: SCA Purchasing and Implementation Trends
4 min
A Framework for Evaluating SBOM Tools
11 min
The FOSSA Podcast: Structuring and Growing a Customer Success Team
8 min
Containers and Open Source License Compliance
12 min
The FOSSA Podcast: Early-Stage Technology Decisions and Regrets
10 min
2023 Open Source Management Trends, Predictions, and Observations
7 min
The FOSSA Podcast: Adopting Haskell into an Existing Codebase
12 min
How to Operationalize SBOMs Throughout the SDLC
6 min
Announcing Support for CycloneDX and SBOM Import
3 min
How to Use 1Password to Authenticate the FOSSA CLI
4 min
How Applause Makes Open Source Management Work for Developers
8 min
Complying with GPL v3’s User Product Clause
8 min
Managing OSS License Compliance Risks in Commercial Software Licensing Agreements, Featuring Jim Markwith
9 min
Announcing the GA of C and C++ Security and License Scanning
3 min
November 2022 FOSSA Product Updates
3 min
OpenSSL Vulnerability 2022: Details and Fixes
4 min
CVE-2022-42889 Text4Shell Vulnerability: Impact and Fixes
4 min
Open Source Licenses 101: Microsoft Public License (Ms-PL)
5 min
Analyzing the Securing Open Source Software Act
6 min
U.S. Government Memo Requires Self-Attestation to Secure Development Practices
7 min
Heather Meeker on Open Source License Compliance Tools
12 min
Q and A: Heather Meeker on Hot Topics in OSS License Compliance
13 min
FOSSA Earns Great Place To Work Certification
3 min
Customer Q&A: Collibra's Journey to Scaling OSS License Compliance
8 min
A Practical Guide to the SLSA Framework
9 min
How to Implement the CSRB’s Log4j Security Recommendations
10 min
Rust: How to Transform a Byte Stream for Fun and Profit
5 min
Why Open Source is ESG
6 min
Announcing the Private Beta of FOSSA Risk Intelligence
3 min
Open Source Licenses 101: SIL Open Font License (OFL)
6 min
How to Build an Open Source License Compliance Program, Featuring Jim Markwith
7 min
Understanding and Preventing Dependency Confusion Attacks
5 min
Highlights from NIST SP 800-161r1: Cybersecurity Supply Chain Risk Management
9 min
The Massive Implications of Software Freedom Conservancy vs. Vizio
9 min
Open Source Licenses 101: Boost Software License
7 min
Open Source Licenses 101: The CDDL (Common Development and Distribution License)
7 min
Best Practices for Implementing Software Composition Analysis, Featuring Rancher Labs
7 min
4 Reasons Rancher Labs Chose FOSSA
7 min
An Overview of Spring RCE Vulnerabilities
4 min
Building a Sustainable Software Supply Chain
9 min
Announcing New Support for C/C++ Scanning, SBOMs
3 min
How FOSSA Addresses Challenges Scanning C/C++ Code
7 min
The Three Pillars of Reproducible Builds
9 min
Overriding Dependency Versions and Using Version Ranges in Maven
2 min
5 Highlights from the U.S. Senate’s Log4J Vulnerability Hearing
9 min
6 Takeaways from the Linux Foundation's SBOM Report
6 min
React Security: How to Fix Common Vulnerabilities
6 min
OSS License Compliance Expert Heather Meeker on the AGPL
8 min
5 Must-Have DevSecOps Tools
6 min
Open Source Developer Sabotages npm Libraries 'Colors,' 'Faker'
4 min
Dependency Management in Visual Studio: NuGet and Beyond
15 min
Does TikTok Live Studio Violate GPL v2?
5 min
Q and A: Heather Meeker on AGPL, Truth Social, OSS License Compliance
6 min
How to Quickly Find and Remediate Log4J Vulnerabilities (Log4Shell)
3 min
How to Fix the New Log4J DoS Vulnerability: CVE-2021-45105
3 min
FOSSA Partners with OpenChain to Promote Open Source Management
3 min
Log4J "Log4Shell" Zero-Day Vulnerability: Impact and Fixes
4 min
Introducing FOSSA's New License Scanner
5 min
Managing Dependencies in .NET: .csproj, .packages.config, project.json, and More
3 min
FOSSA Product Updates: Announcing Our New and Improved CLI
3 min
DevSecOps 101: Understanding and Implementing DevSecOps Principles
7 min
Embedded Malware in NPM: Coa, Rc, Ua-parser
5 min
Open Source Software Licenses 101: The Eclipse Public License
8 min
Best Practices for Testing in Go
12 min
4 Key Elements of Technical Due Diligence
Q and A: Software Bill of Materials and FOSSA
8 min
Anatomy of a Software Supply Chain Attack
8 min
How to Generate an SBOM with FOSSA
6 min
bouk/monkey and the Importance of Knowing Your Dependencies
6 min
Role-Based Access Control (RBAC), Zero Trust, and FOSSA
4 min
3 Best Practices for OSS Management in the Automotive Industry
7 min
FOSSA Product Updates: August 2021
3 min
FOSSA Receives Highest Scores Possible in License Risk Management, SBOM Criteria in Forrester Wave
3 min
Open Source Software Licenses 101: The LGPL License
7 min
Open Source Software Licenses 101: The AGPL License
6 min
Announcing FOSSA Container Scanning
2 min
Stockfish vs. ChessBase and What it Means for GPL v3
6 min
The Minimum Required Elements of an SBOM
7 min
Analyzing the Legal Implications of GitHub Copilot
7 min
Container Image Security and Vulnerability Scanning
9 min
All About CWE-79: Cross-Site Scripting
8 min
Copyleft Licenses and the Venture Capital Connection
8 min
All About Permissive Licenses
8 min
Cybersecurity Executive Order and Software Supply Chain Security
8 min
IT Central Station: What Makes for an Effective SCA Solution
4 min
All About Copyleft Licenses
8 min
Application Security for Developers: SCA, DAST, and GitHub Actions
9 min
Software Bill Of Materials (SBOM) Formats, Use Cases, and Specifications
10 min
How SCA Helps Manage OSS Vulnerabilities
5 min
Open Source Software Licenses 101: The ISC License
5 min
Open Source Software Licenses 101: Mozilla Public License 2.0
8 min
Top Build Systems for Monorepos
7 min
Open Source Software Licenses 101: The BSD 3-Clause License
8 min
Software Supply Chain Security for Automotive Organizations
7 min
How OSS Conquered the World: Insight from Veteran Developers
3 min
Building an Open Source Program Office (OSPO)
6 min
Open Source Software Licenses 101: GPL v3
7 min
Open Source Software Licenses 101: GPL v2
7 min
How to Choose an Open Source Software License Compliance Tool
5 min
4 Takeaways from the 2021 State of Open Source Vulnerabilities Report
3 min
Open Source Licenses 101: Apache License 2.0
7 min
How to Apply a License to Your Open Source Software Project
16 min
Open Source Software Licenses 101: The MIT License
6 min
Takeaways from OpenChain ISO/IEC 5230:2020
5 min
Top Security Takeaways from the 2020 FOSS Contributor Survey
7 min
The Future of Software Composition Analysis, Featuring Forrester
5 min
Improving Page Speed Using Google PageSpeed Insights in Rails Apps
7 min
5 Ways Companies Can Get More Value From Open Source Software
9 min
SolarWinds, Supply Chain Attacks, and Software Composition Analysis
9 min
How UiPath Reduced Open Source Risk Through Team Collaboration
7 min
What is Software Composition Analysis?
5 min
Pros and Cons of Using Monorepos
6 min
How Zendesk’s Legal Team Scored an Open Source Compliance Victory
5 min
FOSSA Announces SOC 2 Compliance
3 min
How to Choose the Right Open Source License
6 min
A Look Inside FOSSA’s New Product Design
4 min
Q&A: Heather Meeker on Open Source License Notices
9 min
Heather Meeker on Open Source License Notices and Automation
10 min
A Journey Through Our New Brand and Website
12 min
A Framework for Evaluating Software Composition Analysis Tools
FOSSA Raises a $23.2M Series B
3 min
Press Release: FOSSA Accelerates Growth, Hits Significant Milestones
4 min
Introducing Open Source Security Management at Enterprise Scale
5 min
How Open Source License Audits Became a Strategic Key to M&A Success
4 min
The Huge Risk that Most IPOs Miss
8 min
Now's the Perfect Time to Evolve Legal and Engineering Collaboration
4 min
TikTok, Trump, and the Future of Open Source Surveillance
9 min
FOSSA and Container Scanning
4 min
Open Source Management: Fundamentals
15 min
Why Source Code Scanning Tools Are Essential for Open Source Compliance
5 min
FOSSA January 2020 Product Release Notes
2 min
FOSSA December 2019 Product Release Notes
2 min
Snippet Scanning: Is it Right for Your Team?
5 min
FOSSA November 2019 Product Release Notes
2 min
FOSSA Named to CNBC's Upstart 100
2 min
FOSSA Acquires Dawn Labs
2 min
FOSSA September 2019 Product Release Notes
2 min
FOSSA Raises $8.5M for Enterprise Open Source Management
4 min
DevOps and Open Source + CI/CD = Mitigating Risk Without Sacrificing Speed
2 min
FOSSA August 2019 Product Release Notes
3 min
We’re excited to partner with CircleCI to release our CircleCI orb!
1 min
FOSSA July 2019 Product Release Notes
1 min
A Partnership Between Legal Teams and Software Engineers is More Important Than Ever
1 min
FOSSA Marketing Intern Reflection
3 min
WTFPL to Beerware: Top 6 Out-There Open Source Licenses
3 min
FOSSA June 2019 Product Release Notes
2 min
All About Open Source Licenses
6 min
What is a Private Artifact Repository?
3 min
Still Asking Engineers to Fill Out Open Source Request Forms?
7 min
We’re Excited to Announce Our CNCF Membership
1 min
FOSSA May 2019 Product Release Notes
3 min
A Case For Continuous Compliance
5 min
Creating a Comprehensive 3rd-Party Package License Policy for OSS
9 min
Why Open Source License Compliance Needs to Be CI-Agnostic
5 min
Automating Open Source Reports with FOSSA at Applause
3 min
Cost/Benefit Analysis: Manual Audits vs Automated License Compliance
5 min
Fast Integration Tests for 3rd Party Services - The Easy Way
5 min
Reflecting on 1 year of early-stage engineering
3 min
Which Open Source License Is Best for Commercialization?
4 min
Discussing Commons Clause on Software Engineering Daily
2 min
Pathologies of Go Package Management
10 min
FOSSA 0.8.0: Overhauling our onboarding system + other usability improvements
4 min
300+ New Licenses Supported in FOSSA
3 min
JS Foundation chooses FOSSA as the Open Source License Cert. Provider
5 min
Combating Alert Fatigue with a Global Issue Dashboard
5 min
Open sourcing FOSSA’s build analysis in fossa-cli
3 min
Delivering a better on-premises experience
4 min
Legal Concerns for SaaS Companies Going On-Prem
5 min
Organization-wide issues & conditional policies
5 min
Don’t Over-REACT to the Facebook Patents License
7 min
The Ultimate GPL Survival Guide
6 min
Announcing FOSSA Public Beta & Funding
7 min
You can’t get around code scanning if you care about open source licenses
6 min
How SmartThings runs IoT open source compliance across dozens of releases per day
5 min
FOSSA partners with npm to deliver open source license compliance
4 min