Product Overview
Features & Benefits
Integrations & Extensibility
Flexible Deployment
Success Accelerator Services
Product Tour
Software Composition Analysis (SCA)
Flexible Deployment
Success Accelerator Services
Product Tour

Software Composition Analysis (SCA)

SCA is critical for maintaining a strong security posture. SCA tools and techniques are used to examine software applications and identify third-party and open-source components along with their associated security vulnerabilities or legal license restrictions.

Learn More About SCA
Professional Services Overview
Open Source Audit
Open Source Insights
SAST Code Review
Third-Party API Risk Audit
Application Penetration Testing
Code Quality Audit
Tech Due Diligence Services
Software Risk Audits
Third-Party API Risk Audit
Application Penetration Testing
Code Quality Audit
Tech Due Diligence Services
Software Risk Audits
Successful software composition analysis requires not only technology but human expertise as well. This includes open source license auditing, dynamic and static application security testing, architecture risk analysis and other analysis efforts.
Learn More About Software Risk Audits
All Use Cases
Generate Complete SBOMs

Leverage Generative AI Code with Confidence

Streamline Technical Due Diligence

Prevent Intellectual Property Leakage

Streamline Technical Due Diligence

Prevent Intellectual Property Leakage

All Topics
AI-Assisted Coding
Application Security
Development Operations
License and Copyright
Mergers and Acquisitions
Open Source Software
Security Vulnerabilities
FossID Solutions
Open Source Software 101
AI-Generated Code Series
Sushi Bytes Podcast

About FossID

Customer Success

Partner Program

Auditor Big Saves

Careers

News

FossID Auditor Big Saves
Our expert open source auditors have made many “big saves” for our clients – catching unusual and elusive compliance and security issues that could have otherwise been big problems.
Check Out the Auditor Big Saves

Product Update

FossID 24.2 Introduces ID Assist to Automate Workflow for Faster Validation of Snippet Detection

At FossID, we have long been at the forefront of software composition analysis (SCA), providing unmatched precision with our pioneering snippet-level source code scanning technology. This capability has become increasingly important, especially in the era of generative AI, where software developers will integrate AI-generated code snippets, and where snippet-level SCA tools are needed as a gatekeeper against legal, security, and operational risks posed by unchecked usage of third-party and open source software.

While our technology has set industry benchmarks for precision and level of detail, it is also true that such detailed scanning will identify many more potential matches than more simplistic tools that operate only on the component level. More comprehensive data requires more advanced analysis and review tools to properly manage all these identifications. Recognizing this, we have continuously evolved our tools. In 2023, we incorporated a new generation of policy management that works at a code snippet level and leverages pre-defined license categories to streamline and automate the workflow.

Yet, our continued innovation does not stop there. Drawing on our extensive experience from many years of software audits, our team of audit experts has gained extensive knowledge about best practices when it comes to software auditing and the associated workflows. We are now taking all this expertise and introducing it as new functions within the product itself – new enhancements for expert-level analysis that we have named “ID Assist”. ID Assist extends the capabilities of FossID toolchain, with the goal of automating more of the work that historically used to be manual, minimizing the need for manual review, and leveraging the expertise that FossID has accumulated from years of software audits – so that everyone can have high-quality results without a meticulous review by an expert software auditor.

ID Assist

What is ID Assist?

ID Assist is not a new tool, but rather a new set of capabilities within our existing tools – including both FossID Workbench as well as our API and command line tools. At the very core of ID Assist is FossID’s accumulated expertise around software auditing and open source license compliance. We have now taken this knowledge and implemented it as a set of rules and algorithms that filter, rank, and sort scan results, like what a skilled software auditor would do ID Assist automates the workflow, reducing the need for manual steps. Snippet-level scanning, while comprehensive, also results in a higher volume of identifications to be analyzed. ID Assist addresses these challenges by:

  • Accurately identifying open source code snippets
  • Intelligently filtering out secondary matches
  • Applying advanced scoring to surface the true origin of a match
  • Enabling fully automatic scanning and validation workflows

ID Assist is not just an incremental update; it’s a transformative expansion of the FossID suite, designed to drastically reduce the need for manual effort and expertise in the scanning and auditing process.

How does ID Assist work?

ID Assist includes a classification and filtering algorithm at the user and scan server side, algorithms to prioritize (score) matches, and UI tools to present the results. ID Assist is your AI assistant that sifts through your source code to automatically identify and prioritize findings for faster, easier audits.

As we look to the future, FossID will expand ID Assist to include more enhancements such as holistic scanning analysis at the folder- in addition to file- and snippet-level, and new data curation capabilities directly at the Knowledge Base level Our vision is a fully automated system that independently analyzes and refines the scan results of even the most complex and challenging software codebases.

How can I use ID Assist?

Starting with Workbench 24.2, ID Assist will be a selectable option in the scan dialogue box, enabled by default but customizable for individual scans. When enabled, users will see significantly improved precision in the presented match results. As part of the “ID Assist” functionality running on the scan server side, it will also be possible to access part of the ID Assist functionality directly from the command line, for example, when using the FossID CI/CD application.

Summary

ID Assist marks a new milestone in the evolution of the FossID toolchain. By harnessing our extensive audit expertise and incorporating it directly into our SCA tools, we’re alleviating much of the intense manual effort and required license knowledge typically required in a source code scan, and are setting new standards for automation, precision, and ease of use in software composition analysis. Any detailed Software Composition Analysis tool with snippet-level capabilities needs equally capable analysis functions like ID Assist to efficiently interpret and present the results.

With ID Assist, FossID reaffirms its commitment to advancing the software industry’s standards for code compliance and security, ensuring our clients not only keep pace with but lead in the rapidly evolving digital landscape.

Documentation

More Product Information

FossID tools offer many features that help you build a comprehensive inventory of components in your software and more.
Powerful SCA Features

FossID tools offer many features that help you build a comprehensive inventory of components in your software and more.

Features & Benefits
Secure and Scalable Deployment

FossID’s Hybrid and Offline deployment models support even the strictest data privacy and confidentiality requirements.

Flexible Deployment
Services to Fast-Track Your Success

FossID’s Audit Services team is available to help you accelerate onboarding and adoption of FossID tools in your environment.

Success Accelerator Services

Talk to a Software Supply Chain Ninja

Book a discovery call with one of our experts to discuss your business needs and how our tools and services can help.

Schedule a Meeting