We recently announced a significant product update that encompasses improvements both in the visible GUI elements like the FossID Web Application, but also in underlying back-end components.

The update brings new functionality, improvements and bug fixes to new and existing customers, including dependency analysis, notice builder, multiple matches per file, binary file extraction, and more. Overall, customers will notice the following behavior:

  • Improved scan performance.
  • Improved scan results.
  • Improved resilience against code modifications.
  • Improved license resolution.

 

Updated file and component license results

File and Component license information for Knowledge Base match results is significantly more precise and more detailed than previously.

The scan pipeline detects a much larger number of licenses and license variations and the scan algorithms have been improved to give more accurate and up to date results.

 

Updated license database

The number of licenses in the license database in a fresh installation of the tool has been significantly increased. The data for previously existing licenses has been updated where needed.

New and improved FossID features

Among the noteworthy feature additions and improvements, FossID highlights dependency analysis, copyright notice builder, binary file extraction and multiple component matches per file:

 

Support for multiple component matches per file

More than one component identification can now be assigned to a single file, either manually through the scan interface (or API) or when importing scan data from another tool.

 

Copyright and license notice builder

A new report type collects all license and copyright information from the files in a scan target. The information is returned in a text file, starting with a summary of all copyright statements and identifiers for all declared licenses followed by the details for each individual file.

 

Package dependency analysis

Regular FossID scans are augmented with the option of extracting information of detected build time dependencies from popular package managers such as npm, Gradle and Maven. FossID presents information about component versions, component license and source of the component.

 

Archive (.zip, .tar.gz, etc) and .jar file extraction

There are two new options for uploading source code to scans:

  1. Recursively extract archive files will when enabled extract files of types (.zip, .bz2, .gz, etc) before a scan starts
  2. .jar files can be configured not to be extracted, to always be extracted, or to be extracted only if FossID cannot find any matches against the full file

(Option 1 will not affect .jar files at all as those are completely depending on option 2)

Let us help you with your open source compliance and security!

Consent

2 + 15 =