FOSSA logo
Platform
FOSSA Platform
The Modern Open Source Risk Management Platform
FOSSA Platform
Product
Vulnerability Management
License Compliance
Solutions
SBOM Management
Continuous Compliance
Due Diligence
Shift Code Security Left
Generative AI Risk Management
Resources
Getting Started with FOSSA
Documentation
Blog
Resource Library
Events
tl;drLegal
Company
About FOSSA
Customers
Careers
Partners
Press
Contact Us
For Developers
Pricing
Log In
|
Start for Free
Schedule Demo
Log In
|
Sign Up
|

Dependency Heaven

Open source, dependencies, and licensing by the people at FOSSA.

  • Vulnerability Management
  • License Compliance
  • Open Source in the News
  • Software Composition Analysis
  • Developers
OSS License Compliance Expert Heather Meeker on the AGPL
Open Source License Compliance

OSS License Compliance Expert Heather Meeker on the AGPL

Heather Meeker, one of the world's foremost experts on open source license compliance, discusses the AGPL and its provisions covering network deployment.

  • Heather Meeker
    Heather Meeker
6 min read
5 Must-Have DevSecOps Tools
Software Composition Analysis

5 Must-Have DevSecOps Tools

Software composition analysis, static application security testing, and issue tracking software are examples of mission-critical DevSecOps tools.

  • FOSSA Editorial Team
    FOSSA Editorial Team
4 min read
Open Source Developer Sabotages npm Libraries ‘Colors,’ ‘Faker’
Open Source in the News

Open Source Developer Sabotages npm Libraries ‘Colors,’ ‘Faker’

The developer behind popular npm libraries "Colors" and "Faker" intentionally sabotaged both packages. Here's what to do if your application is impacted.

  • FOSSA Editorial Team
    FOSSA Editorial Team
3 min read
Dependency Management 
in Visual Studio: NuGet and Beyond
Developer Perspectives

Dependency Management in Visual Studio: NuGet and Beyond

Learn how to manage NuGet package dependencies for your .NET projects using Visual Studio.

  • Cristian Taran
12 min read
Q and A: Heather Meeker on AGPL, Truth Social, OSS License Compliance
Open Source License Compliance

Q and A: Heather Meeker on AGPL, Truth Social, OSS License Compliance

Heather Meeker, one of the world's leading OSS license compliance experts, shares insight on the AGPL and the Truth Social license compliance controversy.

  • FOSSA Editorial Team
    FOSSA Editorial Team
4 min read
Does TikTok Live Studio Violate GPL v2?
Open Source in the News

Does TikTok Live Studio Violate GPL v2?

TikTok recently released a limited test of a new live streaming service, TikTok Live Studio, that may be in violation of the GPL v2 open source software license.

  • FOSSA Editorial Team
    FOSSA Editorial Team
4 min read
How to Quickly Find and Remediate Log4J Vulnerabilities (Log4Shell)
Open Source Vulnerability Management

How to Quickly Find and Remediate Log4J Vulnerabilities (Log4Shell)

See how your organization can quickly identify and remediate Log4J vulnerabilities in your code.

  • Solomon Rubin
    Solomon Rubin
3 min read
How to Fix the New Log4J DoS Vulnerability: CVE-2021-45105
Open Source Vulnerability Management

How to Fix the New Log4J DoS Vulnerability: CVE-2021-45105

See the impact of the new Log4J denial of service (DoS) vulnerability, and get guidance on how to fix it.

  • Solomon Rubin
    Solomon Rubin
2 min read
FOSSA Partners with OpenChain to Promote Open Source Management
Inside FOSSA

FOSSA Partners with OpenChain to Promote Open Source Management

FOSSA has partnered with OpenChain to help organizations build and maintain successful open source software license compliance programs.

  • FOSSA Editorial Team
    FOSSA Editorial Team
2 min read
Log4J "Log4Shell" Zero-Day Vulnerability: Impact and Fixes
Open Source Vulnerability Management

Log4J "Log4Shell" Zero-Day Vulnerability: Impact and Fixes

A critical vulnerability has been discovered in Apache Log4J, the popular java open source logging library. Here's what happened and how to fix it.

  • Solomon Rubin
    Solomon Rubin
  • Matthew Schwartz
    Matthew Schwartz
3 min read
Introducing FOSSA's New License Scanner
Inside FOSSA

Introducing FOSSA's New License Scanner

Here's what you can expect with FOSSA's new and improved OSS license scanner.

  • Scott Patten
4 min read
Managing Dependencies in .NET: .csproj, .packages.config, project.json, and More
Developer Perspectives

Managing Dependencies in .NET: .csproj, .packages.config, project.json, and More

Get an overview of the artifacts involved in .NET dependency management, how they interact, and how to use them.

  • Cristian Taran
8 min read
FOSSA Product Updates: Announcing Our New and Improved CLI
Inside FOSSA

FOSSA Product Updates: Announcing Our New and Improved CLI

Our upgraded CLI will make FOSSA integrations easier to deploy by reducing the amount of configuration needed by users.

  • FOSSA Editorial Team
    FOSSA Editorial Team
2 min read
DevSecOps 101: Understanding and Implementing DevSecOps Principles
Open Source Vulnerability Management

DevSecOps 101: Understanding and Implementing DevSecOps Principles

See how DevSecOps principles can make software development more secure, and discover strategies for an effective DevSecOps implementation.

  • FOSSA Editorial Team
    FOSSA Editorial Team
5 min read
Embedded Malware in NPM: Coa, Rc, Ua-parser
Open Source in the News

Embedded Malware in NPM: Coa, Rc, Ua-parser

Several widely used NPM packages have been struck by malware in recent weeks. Get a deep dive into how the incidents happened and what you can do about them.

  • Gauthami Polasani
    Gauthami Polasani
  • Solomon Rubin
    Solomon Rubin
4 min read
Open Source Software Licenses 101: The Eclipse Public License
Open Source License Compliance

Open Source Software Licenses 101: The Eclipse Public License

Get an overview of the Eclipse Public License, including key requirements and how it compares to other weak copyleft open source licenses.

  • FOSSA Editorial Team
    FOSSA Editorial Team
6 min read
Best Practices for Testing in Go
Developer Perspectives

Best Practices for Testing in Go

Get step-by-step guidance on writing effective tests in Go, including choosing what to test and how to make it work in your application.

  • Jessica Black
    Jessica Black
8 min read
4 Key Elements of Technical Due Diligence
Software Composition Analysis

4 Key Elements of Technical Due Diligence

Explore key areas of conducting technical due diligence, including auditing third-party software usage and evaluating protections on intellectual property.

  • FOSSA Editorial Team
    FOSSA Editorial Team
5 min read
Q and A: Software Bill of Materials and FOSSA
Software Composition Analysis

Q and A: Software Bill of Materials and FOSSA

Get answers to frequently asked questions about using FOSSA to generate a software bill of materials.

  • FOSSA Editorial Team
    FOSSA Editorial Team
6 min read
Anatomy of a Software Supply Chain Attack
Open Source Vulnerability Management

Anatomy of a Software Supply Chain Attack

Software supply chain attacks are an increasingly common and dangerous type of cyberattack. Here's how to defend against them.

  • Matthew Schwartz
    Matthew Schwartz
6 min read
How to Generate an SBOM with FOSSA
Software Composition Analysis

How to Generate an SBOM with FOSSA

See how your organization can use FOSSA to generate a comprehensive software bill of materials in a few easy steps.

  • Deepak Mehta
5 min read
bouk/monkey and the Importance of Knowing Your Dependencies
Open Source in the News

bouk/monkey and the Importance of Knowing Your Dependencies

A recent news item involving the bouk/monkey open source program shows why it's so important for organizations to have visibility into their dependencies.

  • FOSSA Editorial Team
    FOSSA Editorial Team
4 min read
Role-Based Access Control (RBAC), Zero Trust, and FOSSA
Inside FOSSA

Role-Based Access Control (RBAC), Zero Trust, and FOSSA

Get an overview of FOSSA's role-based access control (RBAC), and see how it can help improve your organization's security posture.

  • FOSSA Editorial Team
    FOSSA Editorial Team
3 min read
3 Best Practices for OSS Management in the Automotive Industry
Software Composition Analysis

3 Best Practices for OSS Management in the Automotive Industry

Experts share tips and strategies to help automotive organizations improve their open source management programs.

  • FOSSA Editorial Team
    FOSSA Editorial Team
5 min read
FOSSA Product Updates: August 2021
Inside FOSSA

FOSSA Product Updates: August 2021

FOSSA has launched several new features, including container scanning, analysis target configuration, expanded language support, and more.

  • Gauthami Polasani
    Gauthami Polasani
2 min read
  • For the Love of Open Source © 2024 FOSSA, Inc.
  • Privacy Policy
  • Terms & Conditions