Product Overview
Features & Benefits
Integrations & Extensibility
Flexible Deployment
Success Accelerator Services
Product Tour
Software Composition Analysis (SCA)
Flexible Deployment
Success Accelerator Services
Product Tour

Software Composition Analysis (SCA)

SCA is critical for maintaining a strong security posture. SCA tools and techniques are used to examine software applications and identify third-party and open-source components along with their associated security vulnerabilities or legal license restrictions.

Learn More About SCA
Professional Services Overview
Open Source Audit
Open Source Insights
SAST Code Review
Third-Party API Risk Audit
Application Penetration Testing
Code Quality Audit
Tech Due Diligence Services
Software Risk Audits
Third-Party API Risk Audit
Application Penetration Testing
Code Quality Audit
Tech Due Diligence Services
Software Risk Audits
Successful software composition analysis requires not only technology but human expertise as well. This includes open source license auditing, dynamic and static application security testing, architecture risk analysis and other analysis efforts.
Learn More About Software Risk Audits
All Use Cases
Generate Complete SBOMs

Leverage Generative AI Code with Confidence

Streamline Technical Due Diligence

Prevent Intellectual Property Leakage

Streamline Technical Due Diligence

Prevent Intellectual Property Leakage

All Topics
AI-Assisted Coding
Application Security
Development Operations
License and Copyright
Mergers and Acquisitions
Open Source Software
Security Vulnerabilities
FossID Solutions
Open Source Software 101
AI-Generated Code Series
Sushi Bytes Podcast

About FossID

Customer Success

Partner Program

Auditor Big Saves

Careers

News

FossID Auditor Big Saves
Our expert open source auditors have made many “big saves” for our clients – catching unusual and elusive compliance and security issues that could have otherwise been big problems.
Check Out the Auditor Big Saves

Product Update

FossID Workbench 24.3 Provides Application Security Management Enhancements

FossID has released version 24.3 of its Software Composition Analysis (SCA) application, Workbench. This release delivers enhancements requested by our clients and team of auditors, particularly those focused on AppSec management.

AppSec Management

To tackle the growing challenges of Application Security (AppSec) in today’s increasingly complex software supply chains, FossID 24.3 is heavily focused on enhancing your ability to uncover and share actionable insights on security vulnerabilities and exploitability.

  • VEX (Vulnerability Exploitability eXchange) integration to provide an enhanced security-centric user experience in the Workbench UI, better complementing the license-centric experience. VEX information helps software development teams go beyond identifying the presence of vulnerable components to understand and communicate their potential exploitability and mitigate risks more effectively.
  • SBOM (Software Bill of Materials) + VEX support to import, merge and export VEX data within CycloneDX and SPDX SBOM file formats ensuring compliance with existing and emerging regulatory requirements.
  • A security-centric user experience for faster, more intuitive access to security risk-related information.

workbench 24.3 vulnerabilitiesNew Vulnerabilities screen and API actions along with support for VEX information.

Notice File Report

Our new component-level Notice File report complements the existing file-level version and displays components grouped by license identifier (i.e. MIT, AGPL, Apache). The information is based on the list of components identified in the code scan.

workbench 24.3 reportChoose file-level or component-level Notice File Reports.

Miscellaneous Enhancements

In addition to the AppSec-focused features, 24.3 includes a host of improvements such as:

  • SPDX reports include a scan’s comments on components
  • CycloneDX reports include additional metadata
  • New API actions and documentation

Upgrade Today

FossID clients can take advantage of the new enhancements by accessing the Delivery Portal, downloading the new version, and upgrading their Workbench to version 24.3. Please let the FossID team at (support@fossid.com) if you have any questions.

Documentation

More Product Information

FossID tools offer many features that help you build a comprehensive inventory of components in your software and more.
Powerful SCA Features

FossID tools offer many features that help you build a comprehensive inventory of components in your software and more.

Features & Benefits
Secure and Scalable Deployment

FossID’s Hybrid and Offline deployment models support even the strictest data privacy and confidentiality requirements.

Flexible Deployment
Services to Fast-Track Your Success

FossID’s Audit Services team is available to help you accelerate onboarding and adoption of FossID tools in your environment.

Success Accelerator Services

Talk to a Software Supply Chain Ninja

Book a discovery call with one of our experts to discuss your business needs and how our tools and services can help.

Schedule a Meeting