Custom knowledge base volumes simplify detection and tracking of commercial and proprietary components in your software.
STOCKHOLM, Sweden, November 11, 2025 – FossID today announced the launch of Custom Volumes, a powerful new capability that enables organizations to create their own Knowledge Base of custom and proprietary software components that they include in their applications.
This feature expands the scope of Software Composition Analysis (SCA) beyond scanning for open-source software to also finding proprietary and third-party software – helping enterprises confidently answer the question “what’s in your software?”.
A New Approach to Finding Non-Open Source Components
Until now, FossID has offered Component Intake functionality that trains the system to find exact matches to non-open source components like commercial and proprietary binaries. Now, with Custom Volumes, users can easily train FossID to find commercial and proprietary software components. Beyond exact matches, this leverages FossID’s patented signature scanning engine to find snippets of their own source code and address a wider range of software integrity challenges.
Protecting Intellectual Property while Enabling Open Source Contribution is Key
Many FossID customers have expressed a strong interest in contributing to open source projects as part of responsible open source adoption and maintenance but have been cautious due to the risk of internal IP leakage.
One such FossID customer in the global semiconductor space, said “License compliance is almost becoming secondary for us. Protecting our IP is the number one thing we’re after.”
With Custom Volumes, FossID alleviates this concern by employing its snippet detection engine to scan proposed open source contributions for the presence of proprietary code. Early adopters have expressed confidence that this provides a reliable safeguard against unintentional IP leakage.
Expanding SCA Scope to Meet Emerging SBOM Requirements
The second challenge Custom Volumes was built to address is helping organizations comply with Software Bill of Materials (SBOM) requirements such as those in the EU Cyber Resilience Act (CRA), which requires SBOMs to document commercial components in devices and software.
FossID has already been helping organizations produce SBOMs and copyright and license notice files to track open source usage, and, with Custom Volumes, the same SCA workflows can now identify those non-open source components for inclusion in reports.
FossID explains this evolution: “For years, Software Composition Analysis usage has focused specifically on open-source components,” said Daniel Forsgren, Chief Technology Officer at FossID. “With Custom Volumes, we’re expanding that viewpoint. Our customers can now leverage the same precision and confidentiality of FossID scanning across any dataset they define – making SCA an even more powerful tool for software supply chain integrity, IP protection, and long-term product security.”
Extend FossID to scan against any source code you define. Use FossID utilities to stand up a Custom Volume. You can configure and run scans using either FossID Workbench (web application) or FossID Toolbox (stateless scanner).
Now Available
Custom Volumes are available as an add-on to FossID SCA tooling, supported by the same secure, privacy-preserving scanning methodology that ensures no source code ever leaves the customer environment.
To see how FossID and Custom Volumes could benefit your organization, visit fossid.com/contact.
About FossID
FossID provides software risk management solutions that enable enterprises to leverage open source, third-party, and AI-generated code with confidence. Powered by FossID Workbench, a Software Composition Analysis (SCA) toolset, FossID also provides open source audit, technical due diligence, and code review services to help clients manage legal, security, and operational software supply chain risk.
Learn more: https://www.fossid.com
Follow us: Blog | LinkedIn | X | GitHub
Media Contact
Aaron Branson
FossID Media Relations
media@fossid.com