FOSSA Reviews

Name: FOSSA
Brand: FOSSA
Rating: 4 (12 reviews)

Vendor: FOSSA

4.3 out of 5

12 reviews
100% willing to recommend

What is FOSSA?UNIXBusinessApplication
Price:

Up to 90% of any piece of software is from open source, creating countless dependencies and areas of risk to manage. FOSSA is the most reliable automated policy engine for legal teams to maintain license compliance, security to fix vulnerabilities, and engineering to improve code quality across the entire software supply chain. As the only developer-native open source management platform, FOSSA fully integrates with your existing CI/CD pipeline to provide complete visibility and context earlier in the software development lifecycle. For the first time, teams can collaboratively shift left and audit, analyze, control, and remediate license issues and vulnerabilities right in their existing workflows.

Get the FOSSA Buyer's Guide and find out what your peers are saying about FOSSA, Veracode, Snyk and more!

FOSSA is the #9 ranked solution in top Software Composition Analysis (SCA) solutions. PeerSpot users give FOSSA an average rating of 8.6 out of 10. FOSSA is most commonly compared to Veracode: FOSSA vs Veracode. FOSSA is popular among the large enterprise segment, accounting for 67% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a manufacturing company, accounting for 24% of all views.

Helped 768,415 peers since 2012

Featured reviews

Shurjeel Tousif

CEO at SeQuenX BV

Mar 14, 2023

We use the solution for the security compliance and licensing of open-source components I am impressed with the tool’s seamless integration and quick results. I want the product to include binary scanning which is missing at the moment. Binary scanning includes code and component matching…

Read full review

DONG JOO LEE

Owner at UPS Technology

Mar 15, 2023

The solution is used for cyber security The scalability is excellent. The technical support has room for improvement. I have been using the solution for one year. I give the scalability a ten out of ten. We used technical support for the deployment. The solution's cost is a five out of ten.…

Read full review

Brett Fattori

Manager of Open Source Program Office at a financial services firm with 5,001-10,000 employees

Oct 5, 2020

The solution provides contextualized, actionable, intelligence that alerts us to compliance issues, but there is still a little bit of work to be done on it. One of the issues that I have raised with FOSSA is that when it identifies an issue that is an error, why is it in error? What detail can they give to me? They've improved, but that still needs some work. They could provide more information that helps me to identify the dependencies and then figure out where they originated from. That would give me a better idea of where to look, rather than just generically searching the web. They do provide more information than they used to, which is good, but I still think that they have a ways to go with it. Another topic is the components tab of FOSSA. It has a couple of reports that tell me the packages that are being tracked and that allow me to look up packages. That could be expanded in several ways and fixed up in several ways. It could be expanded in that, right now, you can only search for and find packages that are in use in the organization. There is no way to search for all packages, even packages that we're not using. That would be really useful to my developers, for them to be able to come into FOSSA and get more information about components before they use them. The other thing on that tab, regarding the reports, is something that I've been working on with them for a while. The reports don't really work that well for us. They do provide good information but they perform poorly with either the number of projects, or components, in the system. Reports that worked when the load was low, are now timing out before finishing. Unfortunately, that makes it a feature that I can't really roll out to the rest of the organization. For example, the due diligence report and the audit report FOSSA has would be very beneficial to my teams, but until they work for all the teams, I can't roll it out. So there is work that needs to be done on this page for reporting. If they're going to provide reports they should function and they should provide actionable information. They do provide actionable information but because they don't function, they're not really useful to me, and I need them to be. So the components tab needs work, or it needs to be removed, but I prefer that it gets the work. There are other little things that could be improved as well. On the issues tab, there is a problem with resolving issues that have been identified and that occur in a larger number of projects. It doesn't even have to be that many. We've got one component that is tied to 61 projects and we have tried to resolve it for all but it never actually works. It spins for a while, but it doesn't do anything. These aren't things that happen on a regular basis. They're not so much of an issue that the system doesn't work. There are a few other usability issues in the system, UI concerns that I have, and I bring those up on the Slack channel with them as I run into them. Quite often they address them very quickly.

Read full review

FOSSA market share

As of March 2024, the market share of FOSSA in the Software Composition Analysis (SCA) category stands at 5.1%, marking a decrease of 20.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Software Composition Analysis (SCA)

Key learnings from peers

Valuable Features

FOSSA's most valuable feature is its ability to automate the scanning of licenses through custom-tailored policies, which saves time and allows for granular analysis of flagged packages. It seamlessly integrates with a wide range of developer ecosystem tools and facilitates collaboration between legal and DevOps teams. The identification of open-source licensing issues is also highly valued, especially for organizations selling products that require disclosure of licenses to customers. The scalability of the tool and the ease of use of its out-of-the-box policy engine are also praised.

Room for Improvement

"The technical support has room for improvement."
"I want the product to include binary scanning which is missing at the moment. Binary scanning includes code and component matching through dependency management. It also includes the actual scanning and reverse engineering of the boundaries and finding out what is inside."
"One thing that can sometimes be difficult with FOSSA is understanding all that it can do. One of the ways that I've been able to unlock some of those more advanced features is through conversations with the absolutely awesome customer success team at FOSSA, but it has been a little bit difficult to find some of that information separately on my own through FAQs and other information channels that FOSSA has. The improvement is less about the product itself and more about empowering FOSSA customers to know and understand how to unlock its full potential."

ROI

FOSSA is a worthwhile investment that can help scale operations in a cost-efficient way. It allows for easy auditing, scaling, and generates reports related to open-source compliance and dependencies almost instantaneously. This eliminates the need for additional costs, overhead, and risk associated with manually scanning open-source licenses. The auditability is critical and it is a no-brainer to use FOSSA.

Pricing

FOSSA's pricing and setup cost are reasonable and competitive in the market. The product is neither cheap nor expensive, but worth the money spent to use it. It delivers value that is comparable to the alternative of hiring a team.

"The solution's cost is a five out of ten."
"FOSSA is a fairly priced product. It is not either cheaper or expensive. The pricing lies somewhere in the middle. The solution is worth the money that we are spending to use it."
"Its price is reasonable as compared to the market. It is competitively priced in comparison to other similar solutions on the market. It is also quite affordable in terms of the value that it delivers as compared to its alternative of hiring a team."

Popular Use Cases

FOSSA is primarily used for cyber security, security compliance, and licensing of open-source components. It is used by both legal and engineering teams to scan and diligence open-source software licenses. The latest enterprise version is being used. It is also used to identify licensing issues in open-source software, with a SaaS offering that can be accessed through the website. It helps developers implement solutions and identify licenses for legal purposes.

Service and Support

FOSSA's customer service and support are highly praised for being responsive, knowledgeable, and effective in resolving issues. Customers have access to customer success managers and platform engineers who work together to troubleshoot and anticipate future problems. The sales team is also known for providing personalized support. Overall, FOSSA's support is rated 10 out of 10 and customers are satisfied with the level of service provided.

Deployment

FOSSA's initial setup is generally considered easy and straightforward. Technical support was used in some cases, but overall the process was quick and brief. Stakeholders who were involved in the setup found it easy and helpful, with one noting that it took two months for all projects. The deployment strategy involved starting with some projects and evaluating FOSSA for others.

Scalability

FOSSA's solution is highly scalable. The platform has around 300 users in one company, largely consisting of the engineering team, including CTOs, directors, individual engineers, engineering managers, and security managers. FOSSA's integrations with Slack make it easy for users to receive notifications and identify issues without spending all day on the platform.

Stability

The solution of FOSSA has been consistently reliable, with no reports of any issues or downtime. Its stability is impressive and appears to be a strong point of the tool.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our FOSSA Buyer's Guide for additional reliable information.