# FossID Reviews **Vendor:** FossID **Category:** [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis) **Average Rating:** 4.0/5.0 **Total Reviews:** 2 ## About FossID FossID is a Software Composition Analysis (SCA) suite designed to give organizations clear, defensible insight into the software they build and ship. It helps teams understand exactly what third-party, open source, and commercial code exists in their products so they can manage license compliance, intellectual property risk, and security with confidence. Agentic SCA by FossID brings software supply chain integrity into the moment of code creation for continuous, real-time license and security compliance so you can move at AI-speed and eliminate reactive code rework. FossID is ideal for organizations that value accuracy, transparency, and control over their software supply chain. It is widely used by manufacturers of embedded systems and software-driven products in industries such as automotive, aerospace, medical devices, industrial automation, electronics, and telecom, where regulatory requirements and long product lifecycles demand a higher standard of software governance. FossID is also trusted by legal, compliance, and GRC teams that need reliable, auditable results, as well as by acquirers and investors conducting technical due diligence. FossID analyzes real source code rather than relying solely on declared dependencies. FossID identifies reused components and code snippets with high precision, detecting fragments as small as six lines of code. This approach delivers more accurate results in complex, mixed codebases, including legacy systems, embedded software, and environments influenced by AI-assisted development. Key differentiators include deep snippet-level detection that remains effective even when code has been modified or reformatted, a 200M+ component open source knowledge base covering more than 2,500 licenses, and strong identification of license and copyright obligations. FossID is deployed in a way that ensures that source code never leaves the organization, a critical requirement for security- and IP-sensitive teams. FossID supports software supply chain integrity across the entire development and release lifecycle. Engineers use it early to identify and resolve issues before code is merged. Legal and compliance teams rely on it to validate policy compliance, manage license obligations and produce accurate SBOMs. Governance, Risk, and Compliance leaders use FossID to demonstrate software supply chain transparency, reduce audit risk, and support regulatory compliance initiatives, including the EU Cyber Resilience Act. The primary value of FossID is confidence. Confidence in what is inside your software, confidence in your compliance posture, and confidence that your teams can move forward efficiently without introducing unnecessary risk. ## FossID Reviews ### 1. Powerful, Customizable Scanning with Accurate License Detection and Great Support **Rating:** 4.0/5.0 stars **Reviewed by:** Jackie L. | Legal Ops Data Analyst, Enterprise (> 1000 emp.) **Reviewed Date:** April 16, 2026 **What do you like best about FossID?** The depth and customizability of FossID’s search capabilities are standout features for our use at Elastic. Being able to granularly set the scan depth allows our team to tailor the process to our specific needs, ensuring we aren't bogged down by noise while still capturing critical details. The tool’s ability to accurately return license types automatically has been a game-changer, saving our audit a significant amount of manual effort and time. On top of the technical performance, their support team is exceptionally responsive and helpful, making them a true partner in our compliance efforts. **What do you dislike about FossID?** While the tool is incredibly powerful for technical audits, we would like to see more built-in workflow automation features specifically designed to streamline the experience for non-technical or business users. Enhancing the UI to be more intuitive for those who aren't deep in the code every day would further bridge the gap between our engineering and compliance teams. **What problems is FossID solving and how is that benefiting you?** FossID has been instrumental in helping Elastic build out its Open Source Dependency audit and compliance function from the ground up. Before, each audit took months to complete; now, we have the ability to conduct a scan in real time and obtain narrowed results the same day. The amount of time saved is a huge win for us. Note: We received a contractual discount for providing this honest feedback. **Official Response from Aaron Branson:** > Thank you for the detailed and constructive feedback! We're so glad to hear we're making a positive impact and also see where we can improve. ### 2. Detects Code-Snippets reliable and has good usabiilty **Rating:** 4.0/5.0 stars **Reviewed by:** Nikolaus F. | department head, Mid-Market (51-1000 emp.) **Reviewed Date:** June 16, 2025 **What do you like best about FossID?** Detects code-snippets reliable and has good usabiilty, especially the side-by-side comparision for identifying code-snippets is great. It can be integrated in GitLab CI and offers command-line API for automation. The integration was smooth and the customer support is responsive. **What do you dislike about FossID?** Price is still high. Though competitors are definitely more expensive, the fee is still high for organizations that don't use it extensively but only once in a while. Sometimes the customer support could be more responsive. I would rather have less new features but the basic ones at a lower price. **What problems is FossID solving and how is that benefiting you?** Make OSS-Compliance more save when distributing software and reduce effort for developers (when integrating in CI). - [View FossID pricing details and edition comparison](https://www.g2.com/products/fossid-fossid/reviews?section=pricing&secure%5Bexpires_at%5D=2026-05-21+07%3A41%3A05+-0500&secure%5Bsession_id%5D=1f3f4e46-4af5-4a13-b596-ed8dd09bf372&secure%5Btoken%5D=25b7a4000b8bd5b57e294f69319feebc977334969b58caa7c397b131fa4666ae&format=llm_user) ## FossID Integrations - [Git](https://www.g2.com/products/git/reviews) - [GitHub](https://www.g2.com/products/github/reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) ## FossID Features **Functionality - Software Composition Analysis ** - Language Support - Integration - Transparency **Functionality - Software Bill of Materials (SBOM)** - Format Support - Annotations - Attestation **Effectiveness - Software Composition Analysis** - Remediation Suggestions - Continuous Monitoring - Thorough Detection **Management - Software Bill of Materials (SBOM)** - Monitoring - Dashboards - User Provisioning ## Top FossID Alternatives - [GitHub](https://www.g2.com/products/github/reviews) - 4.7/5.0 (2,282 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) - 4.5/5.0 (874 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) - 4.7/5.0 (782 reviews)