The FOSSA product and engineering teams have been hard at work shipping new features and enhancements to help you mitigate open source risk and enhance software transparency. 

Collectively, the latest FOSSA updates enable a new level of visibility across your organization’s open source software supply chain. Our recent updates allow you to:

  • Quickly find new zero-day vulnerabilities with FOSSA’s Package Index
  • See your risk profile and track remediation progress with the new issue overview dashboard
  • Proactively secure your open source supply chain with FOSSA Quality
  • Enhance software transparency with the ability to ingest SPDX SBOMs 
  • Resolve issues faster with more dependency information at your fingertips 

Quickly Find New Zero-Day Vulnerabilities With Package Index

You can now find zero-day vulnerabilities anywhere across your organization in minutes instead of weeks. Package Index is a centralized, comprehensive inventory — a single source cataloging every package used in every project across your organization. You can search by either package name or CVE ID to quickly identify which projects use the vulnerable components across your organization. 

FOSSA Package Index

Read the blog to learn more about Package Index

See Your Risk Profile and Track Remediation Progress With the Issue Overview Dashboard

The issue overview dashboard is a single place to quickly see outstanding security, licensing, and quality issues across your entire environment. The dashboard also allows you to track the progress of your remediation efforts; it can be viewed on a team level or a project level in addition to the default organization-level view.

FOSSA's Issue Dashboard tracks remediation efforts

Read the blog to learn more about the issue overview dashboard

Proactively Secure Your Open Source Supply Chain With FOSSA Quality

Go beyond just vulnerability data with package health signals that enable you to maintain a proactive security posture. FOSSA Quality allows you to keep abandoned packages, outdated packages, empty packages, and native code out of your software supply chain. You can also use FOSSA Quality to allow or deny the use of certain packages across your organization or just for certain projects. 

FOSSA Quality manages risks before they turn into vulnerabilities

Read the blog to learn more about FOSSA Quality

FOSSA Adds Support for SPDX SBOM Imports

FOSSA now supports importing SBOMs in SPDX in addition to CycloneDX, making it easier than ever to get the software transparency you need. This enhancement will make it simple to analyze SBOMs from internal teams or third-party suppliers, regardless of the format they choose. 

FOSSA now supports importing SPDX SBOMs

Sign up or sign in to your FOSSA account to import your SBOM.

Resolve Issues Faster With More Dependency Information at Your Fingertips

Dependencies in the FOSSA UI have a new look and feel, surfacing more actionable information than ever before. You can use the dependency page to see all dependencies included in a given project, to determine exactly how a dependency has been included in a project, and to find dependency metadata quickly.

There's more detail on dependencies in FOSSA's UI
There's more detail on dependency relationships in FOSSA's UI

Read the docs to learn more about the dependencies UI in FOSSA

Getting Started With FOSSA

These latest enhancements make it easier than ever to drive software transparency and mitigate risk in your open source software. For more information about getting started with these features, current customers can view our documentation or reach out to customer-success@fossa.com

Not a current FOSSA customer? Schedule a demo to see how FOSSA can help enhance your software transparency and mitigate your open source risk.