FOSSA Pros and Cons

FOSSA Pros

Brett Fattori
Manager of Open Source Program Office at a financial services firm with 5,001-10,000 employees
The most valuable feature is its ability to identify all of the components in a build, and then surface the licenses that are associated with it, allowing us to make a decision as to whether or not we allow a team to use the components. That eliminates the risk that comes with running consumer software that contains open source components.
View full review »
Patrick Lonergan
Associate General Counsel at Circleci
FOSSA provided us with contextualized, easily actionable intelligence that alerted us to compliance issues. I could tell FOSSA exactly what I cared about and they would tell me when something was out of policy. I don't want to hear from the compliance tool unless I have an issue that I need to deal with. That was what was great about FOSSA is that it was basically "Here's my policy and only send me an alert if there's something without a policy." I thought that it was really good at doing that.
View full review »
Justin Giannone
Sr. Security Architect at a computer software company with 1,001-5,000 employees
Their CLI tool is very efficient. It does not send your source code over to their servers. It just does fingerprinting. It is also very easy to integrate into software development practices.
View full review »
Learn what your peers think about FOSSA. Get advice and tips from experienced pros sharing their opinions. Updated: August 2020.
442,283 professionals have used our research since 2012.
reviewer1361748
Sr. Director of Open Source at a comms service provider with 10,001+ employees
I found FOSSA's out-of-the-box policy engine to be accurate and that it was tuned appropriately to the settings that we were looking for. The policy engine is pretty straightforward... I find it to be very straightforward to make small modifications to, but it's very rare that we have to make modifications to it. It's easy to use. It's a four-category system that handles most cases pretty well.
View full review »
reviewer1357983
Attorney at a legal firm with 11-50 employees
The most valuable feature is definitely the ease and speed of integrating into build pipelines, like a Jenkins pipeline or something along those lines. The ease of a new development team coming on board and integrating FOSSA with a new project, or even an existing project, can be done so quickly that it's invaluable and it's easy to ask the developers to use a tool like this. Those developers greatly value the very quick feedback they get on any licensing or security vulnerability issues.
View full review »
Eric Griswold
Principal Release Engineer at Puppet
What I really need from FOSSA, and it does a really good job of this, is to flag me when there are particular open source licenses that cause me or our legal department concern. It points out where a particular issue is, where it comes from, and the chain that brought it in, which is the most important part to me.
View full review »
Christina Luu
Program Manager at a consumer goods company with 10,001+ employees
The support team has just been amazing, and it helps us to have a great support team from FOSSA. They are there to triage and answer all our questions which come up by using their product.
View full review »

FOSSA Cons

Brett Fattori
Manager of Open Source Program Office at a financial services firm with 5,001-10,000 employees
The solution provides contextualized, actionable, intelligence that alerts us to compliance issues, but there is still a little bit of work to be done on it. One of the issues that I have raised with FOSSA is that when it identifies an issue that is an error, why is it in error? What detail can they give to me? They've improved, but that still needs some work. They could provide more information that helps me to identify the dependencies and then figure out where they originated from.
View full review »
Patrick Lonergan
Associate General Counsel at Circleci
I wish there was a way that you could have a more global rollout of it, instead of having to do it in each repository individually. It's possible, that's something that is offered now, or maybe if you were using the CI Jenkins, you'd be able to do that. But with Travis, there wasn't an easy way to do that. At least not that I could find. That was probably the biggest issue.
View full review »
Justin Giannone
Sr. Security Architect at a computer software company with 1,001-5,000 employees
On the legal and policy sides, there is some room for improvement. I know that our legal team has raised complaints about having to approve the same dependency multiple times, as opposed to having them it across the entire organization.
View full review »
Learn what your peers think about FOSSA. Get advice and tips from experienced pros sharing their opinions. Updated: August 2020.
442,283 professionals have used our research since 2012.
reviewer1361748
Sr. Director of Open Source at a comms service provider with 10,001+ employees
Security scanning is an area for improvement. At this point, our experience is that we're only scanning for license information in components, and we're not scanning for security vulnerability information. We don't have access to that data. We use other tools for that. It would be an improvement for us to use one tool instead of two, so that we just have to go through one process instead of two.
View full review »
reviewer1357983
Attorney at a legal firm with 11-50 employees
We have seen some inaccuracies or incompleteness with the distribution acknowledgments for an application, so there's certainly some room for improvement there. Another big feature that's missing that should be introduced is snippet matching, meaning, not just matching an entire component, but matching a snippet of code that had been for another project and put in different files that one of our developers may have created.
View full review »
Eric Griswold
Principal Release Engineer at Puppet
I would like the FOSSA API to be broader. I would like not to have to interact with the GUI at all, to do the work that I want to do. I would like them to do API-first development, rather than a focus on the GUI.
View full review »
Christina Luu
Program Manager at a consumer goods company with 10,001+ employees
I would like more customized categories because our company is so big. This is doable for them. They are still in the stages of trying to figure this out since we are one of their biggest companies that they support.
View full review »
Learn what your peers think about FOSSA. Get advice and tips from experienced pros sharing their opinions. Updated: August 2020.
442,283 professionals have used our research since 2012.