Open Source Compliance
FOSSID is a solution for open source compliance. It detects and identifies open source components and their corresponding licenses in your code base, even if they are not declared in package manifests.
Compliance Tools for Automation and Seamless Integration
FOSSID provides out-of- the-box tools for automated processes and seamless integration with existing tools.
FOSSID’s programmable CLI provides scanning results in JSON format according to SPDX’s standard license identifier, which facilitates data output processing. The CLI is ideal for Continuous Integration deployments or your existing tool infrastructure.
FOSSID Web Application
FOSSID’s web application fits into your existing processes for error reporting and user management. All functionality is exposed through a RESTful API, so that it can be integrated into your compliance tools.
The Most Comprehensive Open Source Software Knowledge Base
FOSSID’s knowledge base contains the equivalent of more than 2 Petabytes of machine harvested source code from all the world’s known open source repositories.
The Fastest Open Source Software Scanning Engine
FOSSID’s revolutionary search engine allows for lightning fast scans (70 files/s) and includes an Artificial Intelligence (AI) component that helps eliminate false positives.
Thousand Vulnerable Projects
FOSSID Identifies All Forms of Open Source Software
Open source projects are continuously being forked and reused, which makes some scanners prone to noisy reports including irrelevant lists of secondary matches. FOSSID saves you lots of time and tedious analysis by fast identification of the true origin of your components, whether they are folders, libraries, archives or binaries.
Altering files voluntarily or automatically (by QA tools or development scripts) makes identification of matches more challenging and it might even require license compliance actions. FOSSID’s groundbreaking search algorithms find files even if they have been edited.
It is a common practice to copy paste code from the web to maximize efficiency when implementing new features or fixing bugs. FOSSID finds snippets of open source code and corresponding licenses, so that you can comply to your corporate guidelines and focus on what brings real value to your project.
Flexible Deployment Options
Use FOSSID’s cloud service or deploy FOSSID solution entirely within your own network premises.
With the regular deployment, your FOSSID tools are installed locally and rely on a cloud-based knowledge base to perform the open source scans. When scanning, no source code is ever transmitted to FOSSID’s cloud, which ensures maximum privacy for you.
For offline deployment, a copy of FOSSID’s knowledge base is installed within your network. As a result, performing open source scans does not involve any external dependencies or network traffic outside of your network.
FOSSID Web Application Videos
Detecting and identifying open source components, files and snippets.
Managing identifications in the FOSSID WebApp.
Creating open source compliance reports