Generate the most accurate SBOMs with FossID Workbench
FossID Workbench combines our industry-leading scanning technology with the world’s most complete data repository of open source license and vulnerability information enabling our customers to reduce risk while compiling the most accurate Software Bill of Materials (SBOMs) possible.
Software Composition Analysis focused on License Compliance
FossID Workbench gives you one single interface to manage all your FOSS (Free and Open-Source Software):
- Detect open source down to snippet level
- Generate Software Bill of Materials (SBOMs)
- Find all licenses
- Implement open source policies
- Create Notice and License files
- Detect known vulnerable snippets
- Integrate and automate
Scan your repositories and detect all Free and Open Source Software (FOSS)
From complete components, packages, and libraries to small snippets of open source.
Generate Software Bill of Materials (SBOMs)
Automatically export and import Software Package Data Exchange (SPDX) reports containing license text, copyright statements, vulnerabilities and even snippet level information.
Understand all license-related risks in your software and be compliant
Workbench detects over 2000 different licenses (that we have encountered over years of open source auditing). From strong/weak copyleft to the most obscure source-available and non-commercial licenses. Workbench helps you understand all license related risks that could affect your products and services.
Enforce your company´s open source policies across all your development teams
Thanks to Workbench’s comprehensive policy management you can easily prevent usage of strong/weak copyleft or source-available software licenses in your products and services.
Create Notice and License files for your compliance efforts
Workbench automatically collects license text and copyright statements from all your open source so that you can automatically generate Notice and License files for your products and services at any point.
VulnSnippet Finder: Snippet detection for vulnerable open source snippets.
FossID’s Knowledge Base snippet detection capabilities have been extended to include special detection of vulnerable open source snippets. While most security scanners assume open source vulnerabilities based on component and version, VulnSnippet Finder bases its search on the exact lines of code/snippets that make your software vulnerable.
Integrate Workbench in your company’s existing tools and process.
FossID Workbench API and Command Line Interface (CLI) are designed for easy access to programable actions: trigger scans, retrieve results, generate reports, manage users, etc. Furthermore, FossID Workbench integrates in your SDLC (readily available CI/CD integration with popular automation tools) and provides tailored feedback to your dev teams.
On-premises Optional Deployment Type
Workbench is suitable for air-gapped deployment requirements. To meet the highest requirements in privacy and confidentiality, FossID Workbench (including FossID’s Knowledge Base) can be entirely deployed on-prem.
Our team of experts will take you on a guided tour of all the amazing things FossID can do. We look forward to meeting you!