# FOSSA Inc.
*Also known as FOSSA*

- Website: https://fossa.com
- Agent profile: https://directory.haycion.ai/agents/fossa-com

> FOSSA provides software supply chain risk management, license compliance, SBOM management, and code security for enterprises.

FOSSA is a software governance company that helps enterprises manage software supply chain risk, license compliance, and security. Since 2015, FOSSA has protected organizations around the world from security, license compliance, and code quality risks while empowering developers to move faster. The company’s mission centers on eliminating the trade-off between velocity and safety in modern software, with a focus on transparency, accountability, and collaboration across engineering, security, and legal teams. Through its approach to SBOMs, OSS license management, and risk visibility, FOSSA enables teams to understand, govern, and share their software composition and dependencies, helping customers meet regulatory expectations and reduce operational risk.

**Mission:** Our mission is centered on eliminating the sacrifice between speed, compliance, and security in today's software-driven world.

## Products & Services

### [FOSSA Scan](https://fossa.com/products/scan/)
*Product*
Streamline software supply chain security and compliance with FOSSA Scan's automated scanning capabilities.

- **Binary scanning** — Identifies Embedded Components
- **Code scanning** — Detects Vulnerabilities
- **Container scanning** — Ensures Container Security
- **SBOM management** — Manages SBOM Lifecycle
- **Dependency discovery** — Discovers All Dependencies
- **Snippet scanning** — Monitors AI Code Snippets
- **Fast onboarding** — Enables Quick Setup

### [SBOM Management](https://fossa.com/solutions/sbom-management/)
*Solution*
Streamline and secure your software supply chain with comprehensive SBOM management.

- **Regulatory Compliance Support** — Meet Regulatory Requirements
- **Auto-update and central repository** — Centralize All SBOMs
- **Due Diligence Preparation** — Accelerate Due Diligence
- **SBOM formats and hosting** — Host SBOMs and Control Access
- **SBOM sharing and portal** — Facilitate Customer Access

### [OSS License Compliance](https://fossa.com/solutions/oss-license-compliance/)
*Solution*
Seamlessly integrates license scanning into development workflows to reduce risk and accelerate software delivery.

- **Automated license detection** — Identify Open Source Licenses Automatically
- **CI/CD integration** — Integrate License Checks into CI/CD Pipelines
- **Policy enforcement** — Automate Non-Compliant License Blocking
- **Comprehensive Audit-Grade Scanning** — Achieve Audit-Grade Compliance
- **Policy customization** — Tailor Compliance Policies to Your Needs
- **Intuitive policy management** — Manage Policies Easily

### [Code Security](https://fossa.com/solutions/code-security/)
*Solution*
Enhances software security with real-time threat detection and remediation strategies.

- **CI/CD integration** — Integrate With CI/CD Pipelines
- **Real-time threat detection** — Detect Security Threats Instantly
- **Remediation guidance** — Guide Vulnerability Remediation
- **Vulnerability management** — Continuous Vulnerability Scanning
- **Deep dependency detection** — Detect Deep Dependencies
- **Automated policy enforcement** — Enforce Security Policies Automatically

### [Due Diligence](https://fossa.com/solutions/due-diligence/)
*Solution*
Streamline and expedite due diligence processes with comprehensive open source auditing.

- **Audit-grade reports** — Delivers Audit-Grade Documentation
- **Comprehensive code scan** — Offers Full Dependency Coverage
- **Remediation plan** — Facilitates Quick Issue Resolution
- **Risk assessment** — Identifies Critical Risks
- **M&A and IPO Expertise** — Supports Successful Transactions
- **Continuous compliance** — Enables Ongoing Vigilance

### [Obsolescence Management](https://fossa.com/solutions/obsolescence-management/)
*Solution*
Proactively manage end-of-life dependencies to mitigate risks and ensure software security.

- **Lifecycle Tracking** — Monitor EOL Dates
- **Migration Planning** — Create Migration Plans
- **Infrastructure Visibility** — Gain Complete Visibility
- **Monitoring and Alerts** — Receive Alerts on EOL
- **Comprehensive EOL Database** — Utilize EOL Database

### [Supplier Risk Management](https://fossa.com/solutions/supplier-risk-management/)
*Solution*
Gain visibility and control over your software supply chain to mitigate third-party risks efficiently.

- **Automotive readiness** — Meet Automotive Standards
- **Compliance management** — Ensure Compliance
- **Automated assessments** — Streamline Risk Assessments
- **Component analysis** — Identify All Dependencies
- **Supply chain mapping** — Visualize Dependencies
- **Risk propagation analysis** — Understand Risk Impact

## Market Segments

- **Open source security and composition analysis**: Discover and analyze open source components and dependencies across the SDLC to detect vulnerabilities, transitive risks, and provide remediation workflows.
- **Open source license compliance**: Automated detection, policy management, and enforcement of open source licenses with audit-grade reporting and CI/CD integration.
- **SBOM lifecycle management and regulatory compliance**: Generate, ingest, update, host, and share SBOMs to meet regulatory requirements and maintain a central SBOM repository.
- **Supply chain security and supplier risk management**: Multi-tier dependency mapping, risk propagation analysis, and supplier assessments to manage third-party component and vendor risk across the supply chain.
- **Technology M&A and audit due diligence**: Audit-grade due diligence and reporting including SBOMs, license attributions, and remediation plans for M&A, IPOs, and investor audits.
- **Component obsolescence and lifecycle management**: Track end-of-life dates, plan migrations, and monitor progress for dependencies, runtimes, and infrastructure to reduce operational risk.
