FossID has released version 25.1 of its Software Composition Analysis (SCA) application, Workbench. This release delivers enhancements requested by our clients and audit services team, particularly those focused on overall user experience and improved license notice file generation.
License Notice File Generation
Workbench 25.1 introduces more flexible and precise notice generation for engineering teams. You can now generate license and copyright notices at three levels of granularity: per file, per component, or as an aggregate report. This makes it easier to track license obligations and streamline legal reviews.
The updated License Extraction and Report Generation features reduce manual overhead by automatically producing attribution files that meet internal compliance requirements and external distribution needs—whether you’re shipping to customers, delivering to partners, or preparing for M&A audits. It’s built to save time during release cycles and reduce the risk of incomplete or inaccurate disclosures.
Generate license and copyright notices per file, per component, or as an aggregate report.
Vulnerability Severity Indicator
Workbench 25.1 adds the Vulnerabilities Severity Bar – a clickable visual indicator that highlights both the number and severity of vulnerabilities for each component and presents a filtered list of CVEs by severity when clicked. It gives teams immediate context so they can prioritize fixes based on actual risk, not just raw counts.
This update enables faster, more informed decisions for engineering and AppSec teams, especially in environments with tight patching windows or limited release cadences. It’s built for workflows where risk-based triage matters.
Clicking on the New Vulnerabilities bar takes you to the Vulnerabilities view filtered by component.
Scan Activity & Progress Insight
Workbench now breaks down scan progress by detection method—dependency analysis, snippet detection, and license/copyright extraction—so you can see exactly what’s happening under the hood.
This added transparency gives engineering teams better visibility into SCA coverage and makes it easier to align scan duration with CI/CD workflows and release schedules.
See greater detail of scan progress by detection method.
Additional Improvements
FossID Release 25.1 includes additional new features, enhancements, fixes and improved documentation. Customers can access the full changelog. Highlights include:
- FossID License Extractor supports Linux ARM64 deployment, popular for its power efficiency, cost and performance scalability.
- FossID Dependency Analysis supports Soong, a build system used in the Android Open Source Project (AOSP) frequently used by embedded system manufacturers.
- FossID Dependency Analysis includes improved classification for Yocto projects.
Upgrade Today
FossID clients can take advantage of the new enhancements by accessing the Delivery Portal, downloading the new version, and upgrading their Workbench to version 25.1. Please let the FossID team at (support@fossid.com) if you have any questions.