Open Source Compliance

FossID is a solution for open source compliance. It detects and identifies open source components and their corresponding licenses in your code base, even if they are not declared in package manifests.

The Most Comprehensive Open Source Software Knowledge Base

FossID’s knowledge base contains the equivalent of more than 2 Petabytes of machine harvested source code from all the world’s known open source repositories.

The Fastest Open Source Software Scanning Engine

FossID’s revolutionary search engine allows for lightning fast scans (70 files/s) and includes an Artificial Intelligence (AI) component that helps eliminate false positives.

Million Unique Projects

Billion Unique Files

Billion Unique Snippets

Thousand Vulnerable Snippets

Innovate More with Open Source

Open source is essential for speed of innovation, productivity, quality, and growth in any technology company. It bringscompetitive advantages when used correctly, but rapid evolution and proliferation often cause enterprises to struggle with the identification of open source components in their code bases. FossID helps you to achieve maximum open source adoption effortlessly and securely.

Scan Your Software

A systematic process identifies free and open source in the source code base, and facilitates review and approvals steps.

 

Be in Control

Mitigate potential risks and security vulnerabilities by satisfying the discovered license obligations, and avoid costly litigations and intellectual property losses.

\

Accurate Origins

FossID’s knowledge base contains the equivalent of more than 2 Petabytes of machine harvested source code from all the world’s known open source repositories.

Precise Results

FossID’s Artificial Intelligence facilitates the analysis effort by automatically eliminating false-positives and limiting manual post-processing efforts, saving time and money.

Ease of use

The FossID scanning and identification functionality is made availablethrough a web application or a CLI. Users can easily scan, audit, generate a variety of reports, and more.

Lightning Fast Scans

FossID’s revolutionary search engine allows for lightning fast scans (70 files/s), detecting and identifying open source components and licenses even if they are not declared in package manifests.

Seamless Integration

Incorporate FossID’s lightweight clients seamlessly into your development process, as stand-alone tools, or within your continuous integration environment.

Flexible Deployments

Deploy entirely within your own network, or through the FossID cloud service. Only digital signatures of your source code are used to query the knowledge base.

Compliance Tools for Automation and Seamless Integration

FossID provides out-of- the-box tools for automated processes and seamless integration with existing tools.

FossID CLI

FossID’s programmable CLI provides scanning results in JSON format according to SPDX’s standard license identifier, which facilitates data output processing. The CLI is ideal for Continuous Integration deployments or your existing tool infrastructure.

FossID Web Application

FossID’s web application fits into your existing processes for error reporting and user management. All functionality is exposed through a RESTful API, so that it can be integrated into your compliance tools.

FossID Identifies All Forms of Open Source Software

Entire Components

Open source projects are continuously being forked and reused, which makes some scanners prone to noisy reports including irrelevant lists of secondary matches. FossID saves you lots of time and tedious analysis by fast identification of the true origin of your components, whether they are folders, libraries, archives or binaries.

Full Files

Altering files voluntarily or automatically (by QA tools or development scripts) makes identification of matches more challenging and it might even require license compliance actions. FossID’s groundbreaking search algorithms find files even if they have been edited.

Code Snippets

It is a common practice to copy paste code from the web to maximize efficiency when implementing new features or fixing bugs. FossID finds snippets of open source code and corresponding licenses, so that you can comply to your corporate guidelines and focus on what brings real value to your project.

Flexible Deployment Options

Use FossID’s cloud service or deploy FossID entirely within your own network premises.

Regular Deployment

With the regular deployment, your FossID tools are installed locally and rely on a cloud-based knowledge base to perform the open source scans. When scanning, no source code is ever transmitted to FossID’s cloud, which ensures maximum privacy for you.

Offline Deployment

For offline deployment, a copy of FossID’s knowledge base is installed within your network. As a result, performing open source scans does not involve any external dependencies or network traffic outside of your network.

FossID Web Application Videos

Detecting and identifying open source components, files and snippets.

Managing identifications in the FossID WebApp.

Creating open source compliance reports

See for yourself what FossID can do for you!