Name: FOSSA
Rating: 2 (2 reviews)
Author: FOSSA

Help Desk

Web and Video Conferencing

Customer Support

Batch Management Software

Product Lifecycle Management (PLM)

Development

Business Intelligence (BI)

Collaboration

Digital Rights Management (DRM)

Enhanced 911 (E911)

Facility Management

IP PBX

Operational Analytics

Policy Management

Enterprise

Accounting

Invoicing

Nonprofit Accounting

Subscription Management

Finance and Accounting

Applicant Tracking

Corporate Learning Management

Employee Recognition

Employee Scheduling

HR Management

Payroll

Stock Option Plan Administration

Talent Intelligence

Talent Management

Workforce Analytics

Workforce Management

Human Resources

Application Performance Management (APM)

Archiving

Build Automation

Cloud Cost Management

Cloud Storage

Code Review

Configuration Management Databases

Data Mapping

Density-Optimized Servers

Email Encryption

Firewall Security Management

Fraud Detection

IP Address Management (IPAM)

IT Service Providers

Integration Platform as a Service (iPaaS)

Log Management

Managed DNS

Network Performance Monitoring

Software-Defined WAN

System Monitoring

Web Scraping

WiFi Hotspot

Workload Automation

Information Technology

A/B Testing

Ad Serving & Retargeting

All-in-One Marketing

Audio Editing

Content Management

Email Deliverability

Email Marketing

Marketing Automation

Online Proofing

Search Engine Marketing (SEM)

Social Media Management

Social Media Marketing

Survey & Forms Building

Web Analytics

Marketing

Job Site Management

Project Management

Waste Management

Writing and Proofreading Tools

Professional Services

Customer Relationship Management (CRM)

Product Configuration

Social Commerce

Sales

Laboratory Information Management

Membership Management

Roofing

Vertical-Specific

Find top rated software and services based on in-depth reviews from verified users. 400+ software categories including PaaS, NoSQL, BI, HR, and more.

SonarQube Server

SonarSource Sarl

Checkmarx

Black Duck Software Composition Analysis (SCA)

Synopsys

Snyk

Coverity Static Analysis (SAST)

Veracode

Qualys TruRisk Platform

Qualys

Palo Alto Networks Prisma Cloud

Palo Alto Networks

Malwarebytes

CAST Highlight

CAST

Mend SCA

### Software Composition Analysis
Users across various reviews have highlighted FOSSA's robust software analysis capabilities. The general sentiment leans towards positive feedback, with users appreciating the effectiveness of FOSSA's vulnerability scans and its ability to identify licensing issues within code. While some users found the tool easy to use and integrate with various platforms, others mentioned challenges in understanding the scan results and the need for training to fully leverage the software composition analysis features. Despite some concerns about scan speeds and UI performance, the consensus remains that FOSSA's software composition analysis functionality is a valuable asset for enhancing code quality and ensuring compliance.

### Vulnerability Scanning
Opinions on FOSSA's vulnerability scanning capabilities vary among users. While some users appreciate the effectiveness of the vulnerability scan in identifying potential loopholes and enhancing code quality, others find it challenging to navigate and interpret the results. There are concerns about the need for manual verification of flagged issues and the lack of detailed explanations for certain vulnerabilities. Additionally, users have reported limitations in FOSSA's performance when certain package managers are not utilized, leading to potential gaps in vulnerability detection. Despite these mixed reviews, FOSSA's focus on automating open-source compliance and security management remains a key feature for many users.

### License Compliance
Users widely appreciate FOSSA's robust license compliance features. The consensus among reviewers is that FOSSA simplifies the process of identifying and managing open-source licensing issues, ensuring compliance and mitigating legal risks. Users find the platform user-friendly, efficient, and cost-effective in scanning software licenses. FOSSA's automated scans and email alerts for license verification are particularly praised for streamlining compliance efforts. The tool's ability to automatically scan dependencies, generate compliance reports, and provide actionable insights on licensing requirements is highly valued by users. FOSSA's focus on enhancing security and compliance through effective license management is a key factor in its positive reception among users.

### Open Source Management
User opinions on FOSSA's open source management capabilities vary. While some users appreciate the time-saving aspect and user-friendly interface for identifying open-source licensing issues, others express concerns about the need for manual verification of flagged issues. The mixed feedback suggests that FOSSA's open source management functionality may have room for improvement in providing more detailed insights into potential problems within open-source dependencies.

### Dependency Management
Users generally praise FOSSA's efficient handling of dependencies. While some users appreciate the ease of importing projects, scanning dependencies, and generating compliance reports, others find that manual verification is still necessary for flagged issues. The tool's ability to identify licensing problems and suggest actions for compliance is well-received, especially for projects with numerous dependencies. However, there are concerns about the depth of analysis, with users suggesting that FOSSA could provide more detailed insights into potential issues related to dependencies used incorrectly. Integration with various CI/CD platforms is highlighted as a positive aspect, although limitations are noted when package managers are not utilized, impacting the tool's ability to recognize certain libraries and vulnerabilities. Despite some drawbacks, users value FOSSA for streamlining the process of managing dependencies and ensuring licensing compliance.

### Legal and Compliance Issues
Users seem to appreciate FOSSA's legal and compliance oversight features. Reviewers have highlighted the ease of importing projects, scanning dependencies, and generating compliance reports efficiently. However, some users have expressed concerns about the clarity of issue resolutions, particularly when manual review is required for certain compliance issues. Despite this, FOSSA's ability to streamline the management of software licenses and ensure compliance has been generally well-received by users.

FOSSA is a software solution that solves several key business problems related to open-source compliance and license management. Users have found that implementing FOSSA into their development workflow has not only ensured compliance and avoided legal issues in distributing software but has also freed up valuable time previously spent on manual compliances. By seamlessly integrating with the development workflow, FOSSA drives open-source brilliance by providing excellent quality of service and a smooth user experience.

One of the main use cases where FOSSA proves invaluable is for Node developers who heavily rely on npm packages. FOSSA simplifies the process of reading and ensuring compliance with licensing requirements for software projects with numerous dependencies. It identifies the main dependencies that need to be checked for legal compliance, providing risk management and a sense of security. This streamlines the development process by eliminating the need for tedious manual checks and reduces the risk of inadvertently using non-compliant open-source components.

Another significant problem solved by FOSSA is the ability to quickly scan components and generate simple reports. These reports not only identify licensing issues but also perform vulnerability testing, allowing users to address code loopholes and improve overall code quality. With FOSSA's automatic scanning feature, which can be linked to GitHub, every push triggers a scan with incredible speed, further enhancing efficiency and ensuring that potential vulnerabilities are addressed promptly.

Overall, FOSSA's reliable and time-saving features alleviate risk, ensure security, and simplify open-source compliance for businesses. Its intuitive interface makes it easy for new users to navigate, while its comprehensive scanning capabilities provide actionable insights for identifying and addressing licensing and code quality issues. Whether it's managing dependencies or improving overall code security, FOSSA helps businesses maintain oversight over their software licenses while streamlining their development processes.

Comprehensive and Detailed Evaluations: Several users have praised FOSSA for its highly comprehensive and detailed evaluations, which provide prompt information as required. 

Effective Security Management Toolkit: Users have commended FOSSA's security management toolkit for its ability to alert enterprises of any risks related to known vulnerabilities and license management in open-source code. This feature has been particularly helpful in reducing the time needed to identify open-source licensing issues.

User-Friendly Interface and Integration: FOSSA's user interface has received positive feedback from users, who describe it as clean and user-friendly. It makes it easy to see all the different dependencies, their licenses, and the necessary actions to ensure compliance. Additionally, users appreciate how easily FOSSA integrates with various CI/CD platforms like Jenkins, Gitlab, Bamboo, and Github, allowing them to seamlessly incorporate it into their existing workflows.

Sluggish Interface and Slow Scan Speeds: Some users have expressed dissatisfaction with the performance of FOSSA, noting that the application's interface is sluggish and scan speeds are slow. These issues need improvement to provide a smoother user experience.

Confusing User Interface for New Users: Several reviewers have mentioned that the user interface of FOSSA can be confusing, particularly for new users. They feel that the interface loads slowly and may require some time to understand its navigation and functionality.

Difficulty in Understanding Flagged Issues: A number of users have found it challenging to understand the flagged issues provided by FOSSA. They mention that some flagged dependencies have unclear resolutions, requiring manual review and making it difficult for non-experts to comprehend and resolve them effectively.

Sonatype Nexus Repository Pro

Sonatype Lifecycle Cloud

Sonatype Repository Firewall Cloud

Sonatype SBOM Manager

Sonatype Nexus Repository

Sonatype Air-Gapped Environment Nexus Repository

Sonatype Repository Firewall

Sonatype Repository Firewall for Artifactory

Sonatype Air-Gapped Environment Repository Firewall

Sonatype Air-Gapped Environment Lifecycle

Sonatype Lifecycle

Sonatype Platform

JFrog Security Essentials / Xray SCA can be used to discover and eliminate unwanted or unexpected packages, using JFrog’s database of identified malicious packages. It is presented as a DevOps-centric SCA solution for identifying and resolving security vulnerabilities and license compliance issues in open source dependencies.

Free

Pro Team

Enterprise +

JFrog Security (Xray)

FOSSA

Software Composition Analysis Tools scan open-source code software to inventory all open-source components. They then enable companies to eliminate vulnerabilities and compatibility issues with open-source licenses like GPL.

Software Composition Analysis (SCA)

Likelihood to Recommend

Support Rating

FOSSA is a leading application security and compliance platform that specializes in helping engineering teams deliver trusted software. FOSSA enables companies to prioritize real vulnerabilities in their open source software with comprehensive SCA (software composition analysis) capabilities, while also making it possible for organizations to automate compliance reporting and SBOM (software bill of materials) lifecycle management to meet customer and regulatory requirements. Founded in 2015, FOSSA is trusted by thousands of global organizations, has been downloaded nearly two million times, and has conducted nearly 100 million scans of open-source software.

FOSSA 2019-12-02 10:35:59

TrustRadius is a technology and business research firm based in Austin, Texas. The company is known as a review platform for verified B2B technology and software reviews through a proprietary algorithm and human verification.

TrustRadius

Automated emails

Home

Software Composition Analysis (SCA) Tools

I use FOSSA to scan the licenses of software I use for a side-project of mine. Overall the automated scans and emails work great! It is nice to have the peace of mind that the licenses used to create our software are all above board and cleared for redistribution/re-use. We link it to GitHub, so every push gets scanned by FOSSA as part of our quality control process.

Setup of tool.
Speed of scans.
Automated emails with reports.

Interface for loading results can be slow, this is the #1 issue we have faced.
Speed of scans could be improved.

Hard to measure the ROI, but no doubt having licenses be above board is fantastic for protection of your software.
Caused developers to make more informed decisions.

FOSSA

Overview

What is FOSSA?