FOSSA Reviews

Name: FOSSA
Brand: FOSSA
Rating: 4.3 (15 reviews)

Vendor: FOSSA

4.3 out of 5

15 reviews
92% willing to recommend

What is FOSSA?

Up to 90% of any piece of software is from open source, creating countless dependencies and areas of risk to manage. FOSSA is the most reliable automated policy engine for legal teams to maintain license compliance, security to fix vulnerabilities, and engineering to improve code quality across the entire software supply chain. As the only developer-native open source management platform, FOSSA fully integrates with your existing CI/CD pipeline to provide complete visibility and context earlier in the software development lifecycle. For the first time, teams can collaboratively shift left and audit, analyze, control, and remediate license issues and vulnerabilities right in their existing workflows.

Get the FOSSA Buyer's Guide and find out what your peers are saying about FOSSA, GitLab, Snyk and more!

FOSSA is the #9 ranked solution in top Software Composition Analysis (SCA) solutions. PeerSpot users give FOSSA an average rating of 8.6 out of 10. FOSSA is most commonly compared to GitLab: FOSSA vs GitLab. FOSSA is popular among the large enterprise segment, accounting for 70% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a manufacturing company, accounting for 26% of all views.

Helped 851,604 peers since 2012

Featured FOSSA reviews

Hanumanth Ramsetty

Software Engineer at Tech Mahindra Limited

Before using FOSSA, we could only identify issues after deployment in the Cloud Run. Now, with FOSSA, we identify dependency issues or vulnerabilities during the CI phase itself. This proactive approach has eliminated the need to search the internet for solutions, as FOSSA provides updated recommendations automatically. This has made the process more efficient and mitigated risks before deployment.

Read full review

Justin Giannone

Sr. Security Architect at a computer software company with 1,001-5,000 employees

It is a combination of both features and the perspective that FOSSA tries to take, which is sort of different than a lot of their competitors. The main feature and perspective that they take is their desire to be embedded within the software development lifecycle as close to the introduction of dependencies as possible. That has allowed us to build these checks and FOSSA execution into the pull request checks that run automatically whenever an engineer opens a pull request to introduce new code changes into a code base. The solution’s compatibility with a wide range of developer ecosystem tools is incredibly easy to use. I've written a handful of scripts to even ease that process even more. It is at the point where, in order for one of our teams to integrate FOSSA into their development process, it requires them to add essentially two commands to their pull requests check pipeline. That builds in a bit more functionality than the FOSSA command line tool provides out-of-the-box. However, just executing FOSSA can be achieved by adding a single line to a continuous integration pipeline. With all of the various platforms that you can use to build your project, FOSSA is incredibly easy to integrate. Their CLI tool is very efficient. It does not send your source code over to their servers. It just does fingerprinting. It is also very easy to integrate into software development practices.

Read full review

Brett Fattori

Manager of Open Source Program Office at a financial services firm with 5,001-10,000 employees

The solution provides contextualized, actionable, intelligence that alerts us to compliance issues, but there is still a little bit of work to be done on it. One of the issues that I have raised with FOSSA is that when it identifies an issue that is an error, why is it in error? What detail can they give to me? They've improved, but that still needs some work. They could provide more information that helps me to identify the dependencies and then figure out where they originated from. That would give me a better idea of where to look, rather than just generically searching the web. They do provide more information than they used to, which is good, but I still think that they have a ways to go with it. Another topic is the components tab of FOSSA. It has a couple of reports that tell me the packages that are being tracked and that allow me to look up packages. That could be expanded in several ways and fixed up in several ways. It could be expanded in that, right now, you can only search for and find packages that are in use in the organization. There is no way to search for all packages, even packages that we're not using. That would be really useful to my developers, for them to be able to come into FOSSA and get more information about components before they use them. The other thing on that tab, regarding the reports, is something that I've been working on with them for a while. The reports don't really work that well for us. They do provide good information but they perform poorly with either the number of projects, or components, in the system. Reports that worked when the load was low, are now timing out before finishing. Unfortunately, that makes it a feature that I can't really roll out to the rest of the organization. For example, the due diligence report and the audit report FOSSA has would be very beneficial to my teams, but until they work for all the teams, I can't roll it out. So there is work that needs to be done on this page for reporting. If they're going to provide reports they should function and they should provide actionable information. They do provide actionable information but because they don't function, they're not really useful to me, and I need them to be. So the components tab needs work, or it needs to be removed, but I prefer that it gets the work. There are other little things that could be improved as well. On the issues tab, there is a problem with resolving issues that have been identified and that occur in a larger number of projects. It doesn't even have to be that many. We've got one component that is tied to 61 projects and we have tried to resolve it for all but it never actually works. It spins for a while, but it doesn't do anything. These aren't things that happen on a regular basis. They're not so much of an issue that the system doesn't work. There are a few other usability issues in the system, UI concerns that I have, and I bring those up on the Slack channel with them as I run into them. Quite often they address them very quickly.

Read full review

FOSSA mindshare

As of May 2025, the mindshare of FOSSA in the Software Composition Analysis (SCA) category stands at 3.4%, down from 4.2% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Software Composition Analysis (SCA)

PeerResearch reports based on FOSSA reviews

Type	Title	Date
Category	Software Composition Analysis (SCA)	May 20, 2025	Download
Product	Reviews, tips, and advice from real users	May 20, 2025	Download
Comparison	FOSSA vs Black Duck	May 20, 2025	Download
Comparison	FOSSA vs Veracode	May 20, 2025	Download
Comparison	FOSSA vs Snyk	May 20, 2025	Download

Title	Rating	Mindshare	Recommending
GitLab	4.3	4.4%	97%	84 interviews Add to research
Snyk	4.0	14.8%	100%	45 interviews Add to research

Valuable Features

FOSSA's most valuable feature is its ability to automate the scanning of licenses through custom-tailored policies, which saves time and allows for granular analysis of flagged packages. It seamlessly integrates with a wide range of developer ecosystem tools and facilitates collaboration between legal and DevOps teams. The identification of open-source licensing issues is also highly valued, especially for organizations selling products that require disclosure of licenses to customers. The scalability of the tool and the ease of use of its out-of-the-box policy engine are also praised.

"FOSSA allows us to keep track of all dependencies to ensure they are up to date and not causing any vulnerabilities."
"FOSSA suggests solutions for dependency mismatches."
"FOSSA is easy to use and set up, provides relatively accurate results, and doesn't require armies of people to get value from its use."

Room for Improvement

FOSSA users suggest improvements in areas including distribution acknowledgments, snippet and security scanning, and project categorization. They find reporting and documentation incomplete, experiencing issues with component analysis, dependency management, and legal approvals. The interface presents challenges in manageability, especially for large-scale organizations. Users express the need for enhanced binary scanning, technical support, and API development while noting limitations in identifying precise code vulnerabilities, onboarding, and training. Some report slow interface updates post-scan.

"While running a FOSSA scan, it takes time for the results to reflect in the FOSSA UI portal."
"FOSSA does not show the exact line of code with vulnerabilities, which adds time to the process as we have to locate these manually."
"If you have thousands of applications, organizing them all into teams or tags is challenging."

ROI

FOSSA is a worthwhile investment that can help scale operations in a cost-efficient way. It allows for easy auditing, scaling, and generates reports related to open-source compliance and dependencies almost instantaneously. This eliminates the need for additional costs, overhead, and risk associated with manually scanning open-source licenses. The auditability is critical and it is a no-brainer to use FOSSA.

Pricing

FOSSA's pricing and setup cost are reasonable and competitive in the market. The product is neither cheap nor expensive, but worth the money spent to use it. It delivers value that is comparable to the alternative of hiring a team.

"The solution's pricing is good and reasonable because you can literally use a lot of it for free."
"The solution's cost is a five out of ten."
"FOSSA is a fairly priced product. It is not either cheaper or expensive. The pricing lies somewhere in the middle. The solution is worth the money that we are spending to use it."

Popular Use Cases

FOSSA is primarily used for cyber security, security compliance, and licensing of open-source components. It is used by both legal and engineering teams to scan and diligence open-source software licenses. The latest enterprise version is being used. It is also used to identify licensing issues in open-source software, with a SaaS offering that can be accessed through the website. It helps developers implement solutions and identify licenses for legal purposes.

Service and Support

FOSSA's customer service and support are highly praised for being responsive, knowledgeable, and effective in resolving issues. Customers have access to customer success managers and platform engineers who work together to troubleshoot and anticipate future problems. The sales team is also known for providing personalized support. Overall, FOSSA's support is rated 10 out of 10 and customers are satisfied with the level of service provided.

Deployment

FOSSA's initial setup is generally considered easy and straightforward. Technical support was used in some cases, but overall the process was quick and brief. Stakeholders who were involved in the setup found it easy and helpful, with one noting that it took two months for all projects. The deployment strategy involved starting with some projects and evaluating FOSSA for others.

Scalability

FOSSA's solution is highly scalable. The platform has around 300 users in one company, largely consisting of the engineering team, including CTOs, directors, individual engineers, engineering managers, and security managers. FOSSA's integrations with Slack make it easy for users to receive notifications and identify issues without spending all day on the platform.

Stability

The solution of FOSSA has been consistently reliable, with no reports of any issues or downtime. Its stability is impressive and appears to be a strong point of the tool.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our FOSSA Buyer's Guide for additional reliable information.