Open Source Compliance

FOSSID is a solution for open source compliance. It detects and identifies open source components and their corresponding licenses in your code base, even if they are not declared in package manifests.

Compliance Tools for Automation and Seamless Integration

FOSSID provides out-of- the-box tools for automated processes and seamless integration with existing tools.

FOSSID CLI

FOSSID’s programmable CLI provides scanning results in JSON format according to SPDX’s standard license identifier, which facilitates data output processing. The CLI is ideal for Continuous Integration deployments or your existing tool infrastructure.

FOSSID Web Application

FOSSID’s web application fits into your existing processes for error reporting and user management. All functionality is exposed through a RESTful API, so that it can be integrated into your compliance tools.

The Most Comprehensive Open Source Software Knowledge Base

FOSSID’s knowledge base contains the equivalent of more than 2 Petabytes of machine harvested source code from all the world’s known open source repositories.

The Fastest Open Source Software Scanning Engine

FOSSID’s revolutionary search engine allows for lightning fast scans (70 files/s) and includes an Artificial Intelligence (AI) component that helps eliminate false positives.

Million Projects

Billion Files

Billion Snippets

Thousand Vulnerable Projects

FOSSID Identifies All Forms of Open Source Software

Entire Components

Open source projects are continuously being forked and reused, which makes some scanners prone to noisy reports including irrelevant lists of secondary matches. FOSSID saves you lots of time and tedious analysis by fast identification of the true origin of your components, whether they are folders, libraries, archives or binaries.

Full Files

Altering files voluntarily or automatically (by QA tools or development scripts) makes identification of matches more challenging and it might even require license compliance actions. FOSSID’s groundbreaking search algorithms find files even if they have been edited.

Code Snippets

It is a common practice to copy paste code from the web to maximize efficiency when implementing new features or fixing bugs. FOSSID finds snippets of open source code and corresponding licenses, so that you can comply to your corporate guidelines and focus on what brings real value to your project.

Flexible Deployment Options

Use FOSSID’s cloud service or deploy FOSSID solution entirely within your own network premises.

Regular Deployment

With the regular deployment, your FOSSID tools are installed locally and rely on a cloud-based knowledge base to perform the open source scans. When scanning, no source code is ever transmitted to FOSSID’s cloud, which ensures maximum privacy for you.

Offline Deployment

For offline deployment, a copy of FOSSID’s knowledge base is installed within your network. As a result, performing open source scans does not involve any external dependencies or network traffic outside of your network.

FOSSID Web Application Videos

Detecting and identifying open source components, files and snippets.

Managing identifications in the FOSSID WebApp.

Creating open source compliance reports

See for yourself what FOSSID can do for you!