Software Composition Analysis SPDX 3.0 Is Released See what's new in SPDX v3.0, such as the introduction of use case-specific profiles and increased flexibility.
Open Source Vulnerability Management What’s New in CycloneDX 1.6? CycloneDX 1.6, the newest version of the popular bill of material specification, was released this week.
Open Source Vulnerability Management SBOM Formats Explained and Compared Learn about the similarities and differences between popular SBOM (software bill of materials) formats like CycloneDX and SPDX.
Open Source Vulnerability Management Complying with the FDA’s SBOM Requirements The FDA now requires medical device manufacturers to submit an SBOM (software bill of materials) as part of the premarket review process.
Software Composition Analysis SCA vs. SAST: Comparing Security Tools SCA and SAST both support security use cases, but there there are some significant differences between the tools.
Software Composition Analysis SBOM Examples, Explained See two SBOM examples, including practical explanations for data fields and document sections.
Software Composition Analysis Understanding and Using SPDX License Identifiers and License Expressions Learn about SPDX License Identifiers and License Expressions, and see how you can use them to communicate licensing information in an SBOM.
Open Source Vulnerability Management 5 Ways an SBOM Can Strengthen Security See five ways SBOMs can improve security, including enhanced visibility into vulnerabilities and support for remediation.
Software Composition Analysis What’s New in CycloneDX 1.5? A new version of the CycloneDX bill of materials specification has been released. See what's new in CycloneDX v1.5.
Open Source Vulnerability Management VEX (Vulnerability Exploitability eXchange): Purpose and Use Cases Learn about VEX (Vulnerability Exploitability eXchange), which is used to communicate whether vulnerabilities impacting software products are actually exploitable.
Software Composition Analysis The FOSSA Podcast: SCA Purchasing and Implementation Trends Episode 4 of The FOSSA Podcast discusses how organizations are evaluating SCA tools along with important factors in a successful implementation.
Software Composition Analysis A Framework for Evaluating SBOM Tools Customizability, ease of use, and support for CycloneDX and SPDX are among the most important features of a best-in-class SBOM tool.
Open Source in the News 2023 Open Source Management Trends, Predictions, and Observations In 2023, we expect organizations to prioritize using SBOM data, automating open source license compliance, and maintaining visibility into software composition.
Software Composition Analysis How Applause Makes Open Source Management Work for Developers See how Applause has built developer-friendly open source license compliance and security programs with a significant assist from FOSSA.
Software Composition Analysis Highlights from NIST SP 800-161r1: Cybersecurity Supply Chain Risk Management See key themes and insights from NIST SP 800-161r1: “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations.”
Software Composition Analysis Best Practices for Implementing Software Composition Analysis, Featuring Rancher Labs Rancher Labs Senior Engineering Manager Hayden Barnes shares four strategies to help ensure a successful software composition analysis implementation.
Software Composition Analysis 4 Reasons Rancher Labs Chose FOSSA See why Kubernetes management company Rancher Labs (part of SUSE) chose FOSSA to reduce open source license compliance and vulnerability risk.
Software Composition Analysis Building a Sustainable Software Supply Chain OpenChain GM Shane Coughlan discusses indicators of sustainable software and specific steps your organization can take to improve security.
Inside FOSSA Announcing New Support for C/C++ Scanning, SBOMs FOSSA has released new features that enable C/C++ dependency scanning and make it easier for organizations to generate SBOMs.
Software Composition Analysis How FOSSA Addresses Challenges Scanning C/C++ Code Get an overview of challenges with scanning and identifying dependencies in C/C++ code, and see how FOSSA addresses these issues.
Open Source in the News 6 Takeaways from the Linux Foundation's SBOM Report A new report from the Linux Foundation contains a treasure trove of data on industry attitudes toward SBOMs and software supply chain security.
Open Source Vulnerability Management React Security: How to Fix Common Vulnerabilities Explore several common vulnerabilities that impact React component libraries and see how to remediate them.
Software Composition Analysis 5 Must-Have DevSecOps Tools Software composition analysis, static application security testing, and issue tracking software are examples of mission-critical DevSecOps tools.
Software Composition Analysis 4 Key Elements of Technical Due Diligence Explore key areas of conducting technical due diligence, including auditing third-party software usage and evaluating protections on intellectual property.
Software Composition Analysis Q and A: Software Bill of Materials and FOSSA Get answers to frequently asked questions about using FOSSA to generate a software bill of materials.