Get the most accurate reports thanks to the biggest Knowledge Base in the industry, which identifies the true origin of your code, instead of leaving you with incomplete scan results or inaccurate lists of endless matches.
Lightning Fast Scans
FOSSID’s extreme code search algorithm scans files in milliseconds. That’s up to 1000 times faster than the competition. Thus introducing no time penalty in your development cycle.
Whether as stand-alone tool or within a continuous integration environment, FOSSID’s lightweight Linux or Windows clients can be incorporated seamlessly into your development process.
Safe and Private
Your code is never uploaded or sent to the server. For maximum privacy and reliability, FOSSID can be deployed entirely within your work network so that performing scans does not involve any external dependencies or traffic outside your network premises.
How Does FOSSID Work?
Today, software developers are as likely to use open source software as they are to implement their own. Because of that, identifying what licenses reside in your software requires a systematic process for scanning and analyzing source code.
FOSSID is a software solution for open source identification. It detects open source components and their corresponding licenses in your code base, even if they are not declared in a package manifests. FOSSID is the ultimate open source scanning engine thanks to a state-of-the-art scanning engine and the most extensive open source Knowledge Base on the market:
The Biggest and Fastest Knowledge Base
FOSSID’s Knowledge Base is a constantly expanding repository that stores information about 37 million open source projects or more than 7 billion open source files. That is not only the biggest of its kind, but also the fastest, as it incorporates a revolutionary search algorithm that allows for lightning fast scans. Furthermore, FOSSID’s Knowledge Base is designed to expand rapidly to keep up with the exponential growth of free and open source software.
Thousand Vulnerable Projects
Identifies All Forms Of Open Source
Open source projects are continuously being forked and reused, which makes other scanners generate noisy reports that include irrelevant lists of secondary matches. That leads to time consuming and tedious analysis. FOSSID saves you lots of time by quickly identifying the true origin of your components, whether they are folders, libraries, archives or binaries, so that you do not waste your time investigating faulty reports.
Identify not only untouched files but also modified ones. Altering files voluntarily or automatically (by QA tools or development scripts) makes identification of matches more challenging and it might even require license compliance actions. FOSSID’s groundbreaking search algorithms find files even if they have been edited.
Detect smaller footprints of open source in your projects. Today, it is a common practice to copy paste code from the web, to maximize efficiency when implementing new features or fixing bugs. FOSSID finds snippets of open source code and corresponding licenses, so that you can comply to your corporate guidelines and focus on what brings real value to your project.
Customers may choose to either use FOSSID cloud service, or deploy FOSSID solution entirely within their own network premises.
Customers who choose to use a cloud based FOSSID solution get a dedicated server to perform open source scans. No source code is ever transmitted to FOSSID servers when performing cloud based scans (not even file-names), only digital signatures of source code are being used to query the Knowledge Base.
When a customer chooses to have FOSSID solution deployed locally, an entire copy of FOSSID’s Knowledge Base is installed within customer’s network premises. As a result, performing open source scans does not involve any external dependencies or network traffic outside customer’s network.