# FOSSA Reviews **Vendor:** FOSSA **Category:** [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis) **Average Rating:** 4.2/5.0 **Total Reviews:** 15 ## About FOSSA Open source is a critical part of your software. In the average modern software product, over 80% of the source code shipped is derived from open source. Each component can have cascading legal, security, and quality implications for your customers, making it one of the most important things to manage correctly. FOSSA helps you manage your open source components. We plug into your development workflow to help your team automatically track, manage, and remediate issues with the open source you use to: - Stay compliant with software licenses and generate required attribution documents - Enforce usage and licensing policies throughout your CI/CD workflow - Monitor and remediate security vulnerabilities - Flag code quality issues and outdated components proactively By enabling open source, we help development teams increase development velocity and decrease risk. ## FOSSA Pros & Cons **What users like:** - Users value the **easy integrations** of FOSSA, seamlessly scanning dependencies within their CI/CD pipelines. (1 reviews) - Users value the **effective issue resolution** in FOSSA, enabling quick identification and recommendations for library vulnerabilities. (1 reviews) - Users value FOSSA's **effective remediation solutions** , as it identifies issues and recommends fixes for vulnerabilities in libraries. (1 reviews) - Users value the **risk management features** of FOSSA, effectively identifying vulnerabilities and recommending fixes for dependencies. (1 reviews) - Users value the **security insights** provided by FOSSA, which help in identifying and addressing vulnerabilities effectively. (1 reviews) - Security Scanning (1 reviews) - Testing Services (1 reviews) - Vulnerability Detection (1 reviews) - Vulnerability Identification (1 reviews) ## FOSSA Reviews ### 1. Fossa for enterprise applications **Rating:** 4.0/5.0 stars **Reviewed by:** Pavan Kumar G. | Software Engineer, Information Technology and Services, Enterprise (> 1000 emp.) **Reviewed Date:** March 11, 2025 **What do you like best about FOSSA?** We are using Fossa for spring boot applications and for angular UI applications. We are using maven dependencies for the spring boot applications , Fossa scans our spring boot application after running through the pipeline since we have integrated security tools in our tekton pipeline. Fossa identifies all the libraries and dependencies from our gardle and maven. It will show issues, security , quality of the libraries along with the severity and also recommends the fixes for the vulnerabilities. But sometimes fix won't show immediately. **What do you dislike about FOSSA?** The main thing I like about the fossa is environment specific and alerts if any dependency have security vulnerabilities fossa will send a alert so that we can easily notice vulnerabilities in the project. **What problems is FOSSA solving and how is that benefiting you?** The main thing about the fossa it scans all the libraries and find out the vulnerabilities in the project. It saves from data breach and security issues. I will recommend for every enterprise application must use this tool to detect security vulnerabilities. ### 2. "The FOSSA Experience" **Rating:** 5.0/5.0 stars **Reviewed by:** Elvis M. | System Engineer Associate, Mechanical or Industrial Engineering, Enterprise (> 1000 emp.) **Reviewed Date:** September 07, 2023 **What do you like best about FOSSA?** The product is effective and efficient and it has aspects that enable automated scans of emails and licenses which are quite amazing. The product is also easy and simple to use and also integrates quite easily with other applications which awesome. **What do you dislike about FOSSA?** The performance of the product is amazing except that sometimes the system is sluggish though not often. Amazing product. **What problems is FOSSA solving and how is that benefiting you?** It is through this platform that we are able to monitor and ensure all legal and licenses compliances to avoid any issues during our sales and marketing. ### 3. The FOSSA Effect. **Rating:** 5.0/5.0 stars **Reviewed by:** Yatur N. | Sales Manager , Information Technology and Services, Mid-Market (51-1000 emp.) **Reviewed Date:** July 25, 2023 **What do you like best about FOSSA?** This product is easy and simple to use and integrates very well with other applications like Gitlab. I like how effective and efficient with multiple build systems and its vulnerability. Another aspect is the automated scans of emails and licences which are quite amazing. **What do you dislike about FOSSA?** The system is sometimes slow though not quite often. This can be improved. **What problems is FOSSA solving and how is that benefiting you?** It is through this platform that we have ensured there's license compliance and avoided any issues when we're doing our sales and marketing of our products. ### 4. Helped me find major problems in my code **Rating:** 5.0/5.0 stars **Reviewed by:** kanti b. | Senior Relationship Manager, Small-Business (50 or fewer emp.) **Reviewed Date:** October 31, 2022 **What do you like best about FOSSA?** Using Fossa I was able to import my project from GitHub, run a scan and immediately it pointed out all the licensing problems in my code. It discovered several dependencies that I was not legally allowed to use without a license! **What do you dislike about FOSSA?** While Fossa discovered 3 major problems and suggested a way to resolve them, it also found 8 problems with unclear resolution that need a manual review. Since I am not a legal expert, the vague error is hard to understand and resolve. **What problems is FOSSA solving and how is that benefiting you?** Since I am a Node developer, I use `npm` packages all the time. My app has many dependencies which themselves have many more. I cannot manually go and check out the licenses of all these hundreds of OSS packages. Fossa is useful for me as it identifies the main 10 or so dependencies that I need to check and can assume my project is legally using the rest. ### 5. Easy to use tool to monitor license compliance **Rating:** 4.0/5.0 stars **Reviewed by:** Dhruv B. | Software Engineer, Small-Business (50 or fewer emp.) **Reviewed Date:** October 31, 2022 **What do you like best about FOSSA?** Fossa made it easy to import a project, automatically scan all dependencies and generate a report of any compliance issues. It automatically figured out the language and dependency management tools. Fossa has a clean user interface that makes it very easy to see all the different dependencies, their licenses and what actions need to be taken to ensure that my code complies with the licensing requirements of its dependencies. **What do you dislike about FOSSA?** Many issues flagged by Fossa are shown as flagged and need to be verified manually with messages like "These dependencies can be problematic if used in the wrong ways". It doesn't explain what the wrong way is. Since Fossa has access to my code and its open source dependencies, it should be able to go deeper and find real problems. **What problems is FOSSA solving and how is that benefiting you?** Software projects have so many dependencies these days. A simple JavaScript app can have hundreds of direct, and thousands of indirect dependencies. Reading all of their licensing requirements and ensuring compliance is not manually feasible. There are other tools like Fossa but Fossa makes the process very intuitive for someone new to this like I am. ### 6. FOSSA for unmanaged dependencies **Rating:** 3.5/5.0 stars **Reviewed by:** Sahil G. | QA Cybersecurity Engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** October 31, 2022 **What do you like best about FOSSA?** the best thing about FOSSA is it is very easy to use and is easily integrated with various CI/CD platforms like Jenkins, Gitlab, Bamboo, Github, etc.. plus we can check vulnerabilities in dependencies on every build and their UI is very user friendly **What do you dislike about FOSSA?** FOSSA is not performing well when there is no package manager used to manage dependencies like maven, pip, Gradle, etc.. in that case, FOSSA is unable to recognize the libraries and does not report any vulnerability, plus the FOSSA database is not very updated for C/C++, rpm based libraries **What problems is FOSSA solving and how is that benefiting you?** FOSSA is good when there is the proper usage of the dependency packaging format for the software development and due to its plug and play integration it is very easy to use and developer friendly ### 7. Best Solution to Open Source Software Licensing Issues **Rating:** 4.0/5.0 stars **Reviewed by:** JAZEEL ANWAR J. | Technical Lead, Small-Business (50 or fewer emp.) **Reviewed Date:** October 31, 2022 **What do you like best about FOSSA?** It reduces the time needed to identify open-source licensing issues. It is easy to use and it is user-friendly. It allows you to know the licenses of the libraries etc. It offers its service at an affordable price. **What do you dislike about FOSSA?** There is not much to dislike about the product. There will be difficulty in understanding all the things that it can do. Sometimes the web app is too slow. All other stuff seems good for me. **What problems is FOSSA solving and how is that benefiting you?** It can be used to scan the licenses of software. The quality of service is excellent, and the user experience is also good. Linking GitHub to FOSSA so that every push will be scanned. The speed of the scan is incredible. ### 8. FOSSA REVIEW **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Leisure, Travel & Tourism | Mid-Market (51-1000 emp.) **Reviewed Date:** November 21, 2022 **What do you like best about FOSSA?** FOSSA stands for Free and Open Source Software Analysis which automates the management of open source compliance and security. Up to 90% of the code in software development is subject to open-source licensing, and it is susceptible to plenty of security and legal issues. FOSSA takes care of this issue with its security management toolkit that alerts enterprises if they are at risk by looking into the known vulnerabilities and license management in the open-source code. **What do you dislike about FOSSA?** The UI of FOSSA loads slowly, and even though it is claimed that FOSSA scans in real-time, the speed with which the scan is done can be drastically improved for an overall better user experience. **What problems is FOSSA solving and how is that benefiting you?** Once FOSSA was implemented, the developer team had much more time on hand than before since many hours were put into open-source compliances previously. FOSSA seamlessly integrated into the development workflow and drove open-source brilliance. ### 9. Ensuring Legal Compliance with FOSSA! **Rating:** 4.0/5.0 stars **Reviewed by:** Karan S. | manager, Mid-Market (51-1000 emp.) **Reviewed Date:** February 03, 2023 **What do you like best about FOSSA?** Their evaluations are highly comprehensive and detailed, and they provide information promptly as required. **What do you dislike about FOSSA?** The performance of the application's interface is sluggish and the scan speeds are also slow and in need of improvement. Besides these issues, the rest of the features function excellently. **What problems is FOSSA solving and how is that benefiting you?** FOSSA helps us maintain oversight over our software licenses to ensure compliance and avoid any legal issues in distributing the software we develop. ### 10. For competence and due diligence use this product!! **Rating:** 4.5/5.0 stars **Reviewed by:** Eric I. | Paving advisor, Small-Business (50 or fewer emp.) **Reviewed Date:** October 31, 2022 **What do you like best about FOSSA?** They are very comprehensive and thorough in their evaluations and send info when needed. **What do you dislike about FOSSA?** While I am no engineer, I d have some background, but these guys and girls are brilliant, sometimes too brilliant for me and I need to dumb it down. But, no complaints as of now. **What problems is FOSSA solving and how is that benefiting you?** Risk management comes to mind. I don't feel as vulnerable as I was in the past. They came through and laid a plane out for security and to keep things safe and secure. The only issue I have had was lag in my internet, which is not on them. ### 11. Best SaaS for License Scanning & Automation **Rating:** 4.5/5.0 stars **Reviewed by:** Umesh Kumar J. | d, Small-Business (50 or fewer emp.) **Reviewed Date:** November 02, 2022 **What do you like best about FOSSA?** The automated scans of email and licenses attracted me the most. Overall as of now I found Fossa is the best solution in the market for the scanning and verification of licences. **What do you dislike about FOSSA?** The interface of the application is slow, and the speed of the scans is also plodding and needs improvement. Apart from these, everything works great !! **What problems is FOSSA solving and how is that benefiting you?** We use FOSSA to keep the check over our software so that the licenses we use to create any software are okay and we can distribute it without legal complications. ### 12. License Compliance at Fingertips! **Rating:** 3.0/5.0 stars **Reviewed by:** Verified User in Construction | Small-Business (50 or fewer emp.) **Reviewed Date:** October 31, 2022 **What do you like best about FOSSA?** Helped a sister company of ours understand and mitigate risk assessment for an IPO. By using FOSSA, among other tools, we were able to have a smooth IPO launch. **What do you dislike about FOSSA?** We found that some of the real time tools were somewhat slow, but they were not a detriment to overall performance and still kept everything up to speed. **What problems is FOSSA solving and how is that benefiting you?** It helped tremendously with OSS tasks and uses. As we were going live, we wanted to alleviate risk and FOSSA allowed us to keep security of our code at bay. Not to mention it checked for quality and quality from an outside view. ### 13. My experience with FOSSA **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Telecommunications | Mid-Market (51-1000 emp.) **Reviewed Date:** October 31, 2022 **What do you like best about FOSSA?** I have used FOSSA for vulnerability testing in my previous organization. FOSSA can be integrated with multiple build systems and it's vulnerability scan is also effective **What do you dislike about FOSSA?** It is difficult for new users to understand how FOSSA works and how to generate the results. It also needs the training to understand the vulnerability scan and improve code quality **What problems is FOSSA solving and how is that benefiting you?** FOSSA was used for vulnerability testing, and it generated a scan result that can be used to find the loopholes. The engineering team can use it to improve the code quality of the application. ### 14. Good tool for FOSS license compliance **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Computer Software | Small-Business (50 or fewer emp.) **Reviewed Date:** October 31, 2022 **What do you like best about FOSSA?** FOSSA was easy to set up and integrate with our GitHub repositories. Once connected it made it easy to audit the FOSS licenses of the components we use. **What do you dislike about FOSSA?** Pricing is based on per-developer licensing, which is ok at the beginning but expensive to scale up. **What problems is FOSSA solving and how is that benefiting you?** We always need to ensure that we aren't accidentally violating the licenses of components and dependencies we use. It took a long time to complete those audits manually. FOSSA quickly scanned all our components and provided a simple report. ### 15. Review of FOSSA **Rating:** 3.5/5.0 stars **Reviewed by:** Deep T. | Senior Legal Recruiter, Enterprise (> 1000 emp.) **Reviewed Date:** October 31, 2022 **What do you like best about FOSSA?** I used FOSSA to scan the licenses of software I use. Set up of tool and speed of scanning is great. I also like automated email with reports feature. **What do you dislike about FOSSA?** Nothing to dislike as of now. Everything seems fine to me. **What problems is FOSSA solving and how is that benefiting you?** It's very reliable and time saving. - [View FOSSA pricing details and edition comparison](https://www.g2.com/products/fossa/reviews?open_modal_url=%2Ffr%2Fproducts%2Ffossa%2Fwishlists%3Fhost_path%3D%252Fproducts%252Ffossa%252Freviews%26source%3Dsticky_header_pin§ion=pricing&secure%5Bexpires_at%5D=2026-06-14+07%3A47%3A23+-0500&secure%5Bsession_id%5D=6c55cb45-cd48-402a-b98a-831cfa0aff57&secure%5Btoken%5D=49ca2842ba0b79a56c097dea1d76c85a59f5a09107c9fbc51f834cfdf8c7bf40&format=llm_user) ## FOSSA Features **Performance** - Issue Tracking - Detection Rate - False Positives - Automated Scans **Functionality - Software Composition Analysis ** - Language Support - Integration - Transparency **Functionality - Software Bill of Materials (SBOM)** - Format Support - Annotations - Attestation **Network** - Compliance Testing - Perimeter Scanning - Configuration Monitoring **Effectiveness - Software Composition Analysis** - Remediation Suggestions - Continuous Monitoring - Thorough Detection **Management - Software Bill of Materials (SBOM)** - Monitoring - Dashboards - User Provisioning **Application** - Manual Application Testing - Static Code Analysis - Black Box Testing **Agentic AI - Vulnerability Scanner** - Autonomous Task Execution - Proactive Assistance ## Top FOSSA Alternatives - [Mend.io](https://www.g2.com/products/mend-io/reviews) - 4.3/5.0 (105 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) - 4.7/5.0 (790 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) - 4.5/5.0 (877 reviews)