No more typing reviews! Try our Samantha, our new voice AI agent.
FOSSA Logo

FOSSA pros and cons

Vendor: FOSSA
4.3 out of 5
Leave a review

Pros & Cons summary

FOSSA integrates into build pipelines, easing onboarding for developers with its accurate and customizable policy engine. Contextual alerts are provided, enhancing decision-making on open-source components. While the tool excels in licensing investigation, it lacks snippet matching and a unified security scan. Global implementation challenges exist with certain CI tools, and improvements are needed in error information, categories, and API functionalities, as well as legal aspects regarding dependency approvals.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

FOSSA integrates easily and quickly into existing workflows, providing rapid feedback on licensing and security issues, which is highly valued by developers.
FOSSA's policy engine is accurate, requires minimal adjustments, and effectively alerts users only when there are compliance issues that need attention.
FOSSA efficiently identifies all components within a build, displaying associated licenses which aids in compliance and risk management.
Support from FOSSA is highly reliable, with a proactive team ready to assist with any queries or issues.
FOSSA's CLI tool respects privacy by only fingerprinting data locally and offers granular control over open-source licenses, helping teams make informed decisions about component usage.

CONS

FOSSA has inaccuracies with distribution acknowledgments needing improvement.
Security scanning only focuses on licenses, not vulnerabilities, requiring external tools.
Dependency approval must be repeated multiple times across the organization.
FOSSA's API requires broader development to reduce reliance on the GUI.
Technical support and understanding of advanced features can be improved.
 

FOSSA Pros review quotes

reviewer2588340 - PeerSpot reviewer
reviewer2588340
Senior Software Engineer at a manufacturing company with 10,001+ employees
Oct 24, 2024
FOSSA suggests solutions for dependency mismatches.
Read full review
reviewer1470294 - PeerSpot reviewer
reviewer1470294
Head of Open Source Engineering and Technology at a financial services firm with 10,001+ employees
Sep 11, 2024
FOSSA is easy to use and set up, provides relatively accurate results, and doesn't require armies of people to get value from its use.
Read full review
Hanumanth Ramsetty - PeerSpot reviewer
Hanumanth Ramsetty
Software Engineer at Tech Mahindra Limited
Oct 24, 2024
FOSSA allows us to keep track of all dependencies to ensure they are up to date and not causing any vulnerabilities.
Read full review
Buyer's Guide
FOSSA
May 2026
Free Report: FOSSA Reviews and More
Learn what your peers think about FOSSA. Get advice and tips from experienced pros sharing their opinions. Updated: May 2026.
DOWNLOAD NOW
893,221 professionals have used our research since 2012.
CL
Reviewer630753
Data Privacy Officer at a healthcare company with 51-200 employees
May 16, 2021
One of the things that I really like about FOSSA is that it allows you to go very granular. For example, if there's a package that's been flagged because it's subject to a license that may be conflicts with or raises a concern with one of the policies that I've set, then FOSSA enables you to go really granular into that package to see which aspects of the package are subject to which licenses. We can ultimately determine with our engineering teams if we really need this part of the package or not. If it's raising this flag, we can make really actionable decisions at a very micro level to enable the build to keep pushing forward.
Read full review
DONG JOO LEE - PeerSpot reviewer
DONG JOO LEE
Owner at UPS Technology
Mar 15, 2023
The scalability is excellent.
Read full review
Shurjeel Tousif - PeerSpot reviewer
Shurjeel Tousif
CEO at SeQuenX BV
Mar 14, 2023
I am impressed with the tool’s seamless integration and quick results.
Read full review
reviewer1581849 - PeerSpot reviewer
reviewer1581849
Application Security Specialist at a computer software company with 10,001+ employees
May 20, 2021
Being able to know the licenses of the libraries is most valuable because we sell products, and we need to provide to the customers the licenses that we are using.
Read full review
it_user1581558 - PeerSpot reviewer
it_user1581558
Private
May 19, 2021
Policies and identification of open-source licensing issues are the most valuable features. It reduces the time needed to identify open-source software licensing issues.
Read full review
JG
Justin Giannone
Sr. Security Architect at a computer software company with 1,001-5,000 employees
Oct 12, 2020
Their CLI tool is very efficient. It does not send your source code over to their servers. It just does fingerprinting. It is also very easy to integrate into software development practices.
Read full review
EG
Eric Griswold
Principal Release Engineer at Puppet
Sep 27, 2020
What I really need from FOSSA, and it does a really good job of this, is to flag me when there are particular open source licenses that cause me or our legal department concern. It points out where a particular issue is, where it comes from, and the chain that brought it in, which is the most important part to me.
Read full review
Show 5 more reviews (out of 15)
 

FOSSA Cons review quotes

reviewer2588340 - PeerSpot reviewer
reviewer2588340
Senior Software Engineer at a manufacturing company with 10,001+ employees
Oct 24, 2024
FOSSA does not show the exact line of code with vulnerabilities, which adds time to the process as we have to locate these manually.
Read full review
reviewer1470294 - PeerSpot reviewer
reviewer1470294
Head of Open Source Engineering and Technology at a financial services firm with 10,001+ employees
Sep 11, 2024
If you have thousands of applications, organizing them all into teams or tags is challenging.
Read full review
Hanumanth Ramsetty - PeerSpot reviewer
Hanumanth Ramsetty
Software Engineer at Tech Mahindra Limited
Oct 24, 2024
While running a FOSSA scan, it takes time for the results to reflect in the FOSSA UI portal.
Read full review
Buyer's Guide
FOSSA
May 2026
Free Report: FOSSA Reviews and More
Learn what your peers think about FOSSA. Get advice and tips from experienced pros sharing their opinions. Updated: May 2026.
DOWNLOAD NOW
893,221 professionals have used our research since 2012.
CL
Reviewer630753
Data Privacy Officer at a healthcare company with 51-200 employees
May 16, 2021
One thing that can sometimes be difficult with FOSSA is understanding all that it can do. One of the ways that I've been able to unlock some of those more advanced features is through conversations with the absolutely awesome customer success team at FOSSA, but it has been a little bit difficult to find some of that information separately on my own through FAQs and other information channels that FOSSA has. The improvement is less about the product itself and more about empowering FOSSA customers to know and understand how to unlock its full potential.
Read full review
DONG JOO LEE - PeerSpot reviewer
DONG JOO LEE
Owner at UPS Technology
Mar 15, 2023
The technical support has room for improvement.
Read full review
Shurjeel Tousif - PeerSpot reviewer
Shurjeel Tousif
CEO at SeQuenX BV
Mar 14, 2023
I want the product to include binary scanning which is missing at the moment. Binary scanning includes code and component matching through dependency management. It also includes the actual scanning and reverse engineering of the boundaries and finding out what is inside.
Read full review
reviewer1581849 - PeerSpot reviewer
reviewer1581849
Application Security Specialist at a computer software company with 10,001+ employees
May 20, 2021
On the dashboard, there should be an option to increase the column width so that we can see the complete name of the GitHub repository. Currently, on the dashboard, we see the list of projects, but to see the complete name, you have to hover your mouse over an item, which is annoying.
Read full review
it_user1581558 - PeerSpot reviewer
it_user1581558
Private
May 19, 2021
For open-source management, FOSSA's out-of-the-box policy engine is easy to use, but the list of licenses is not as complete as we would like it to be. They should add more open-source licenses to the selection.
Read full review
JG
Justin Giannone
Sr. Security Architect at a computer software company with 1,001-5,000 employees
Oct 12, 2020
On the legal and policy sides, there is some room for improvement. I know that our legal team has raised complaints about having to approve the same dependency multiple times, as opposed to having them it across the entire organization.
Read full review
EG
Eric Griswold
Principal Release Engineer at Puppet
Sep 27, 2020
I would like the FOSSA API to be broader. I would like not to have to interact with the GUI at all, to do the work that I want to do. I would like them to do API-first development, rather than a focus on the GUI.
Read full review
Show 5 more reviews (out of 15)

Product Categories

Product Categories
Software Composition Analysis (SCA)

Popular Comparisons

Popular Comparisons
Snyk vs FOSSA Logo
Snyk vs FOSSA
GitLab vs FOSSA Logo
GitLab vs FOSSA
Veracode vs FOSSA Logo
Veracode vs FOSSA
JFrog Xray vs FOSSA Logo
JFrog Xray vs FOSSA
Black Duck SCA vs FOSSA Logo
Black Duck SCA vs FOSSA
Mend.io vs FOSSA Logo
Mend.io vs FOSSA
Sonatype Lifecycle vs FOSSA Logo
Sonatype Lifecycle vs FOSSA
Sonatype Repository Firewall vs FOSSA Logo
Sonatype Repository Firewall vs FOSSA
Checkmarx Software Composition Analysis vs FOSSA Logo
Checkmarx Software Composition Analysis vs FOSSA
Oligo vs FOSSA Logo
Oligo vs FOSSA
FlexNet Code Insight vs FOSSA Logo
FlexNet Code Insight vs FOSSA
FossID Workbench vs FOSSA Logo
FossID Workbench vs FOSSA
SCANOSS vs FOSSA Logo
SCANOSS vs FOSSA
Contrast SCA vs FOSSA Logo
Contrast SCA vs FOSSA
See all alternatives

Product Categories

Product Categories
Software Composition Analysis (SCA)

Popular Comparisons

Popular Comparisons
Snyk vs FOSSA Logo
Snyk vs FOSSA
GitLab vs FOSSA Logo
GitLab vs FOSSA
Veracode vs FOSSA Logo
Veracode vs FOSSA
JFrog Xray vs FOSSA Logo
JFrog Xray vs FOSSA
Black Duck SCA vs FOSSA Logo
Black Duck SCA vs FOSSA
Mend.io vs FOSSA Logo
Mend.io vs FOSSA
Sonatype Lifecycle vs FOSSA Logo
Sonatype Lifecycle vs FOSSA
Sonatype Repository Firewall vs FOSSA Logo
Sonatype Repository Firewall vs FOSSA
Checkmarx Software Composition Analysis vs FOSSA Logo
Checkmarx Software Composition Analysis vs FOSSA
Oligo vs FOSSA Logo
Oligo vs FOSSA
FlexNet Code Insight vs FOSSA Logo
FlexNet Code Insight vs FOSSA
FossID Workbench vs FOSSA Logo
FossID Workbench vs FOSSA
SCANOSS vs FOSSA Logo
SCANOSS vs FOSSA
Contrast SCA vs FOSSA Logo
Contrast SCA vs FOSSA
See all alternatives
Related questions
  • 66
What tools do you rely on for building a DevSecOps pipeline?
  • 74
What alternatives are there for Fortify WebInspect and Fortify SCA?
  • 48
What is the best way to track open-source license compatibility?
  • 86
How long does SCA scanning take?
  • 282
Why is Software Composition Analysis (SCA) important for companies?
  • 66
Differences between Black Duck & Veracode
  • 67
What SCA solution do you recommend?
  • 70
Is there an SCA solution that finds and fixes vulnerabilities?
  • 84
Can I get SCA in my IDE?
  • 74
When evaluating Software Composition Analysis, what aspect do you think is the most important to look for?