Try our new research platform with insights from 80,000+ expert users
FOSSA Logo

FOSSA Reviews

Vendor: FOSSA
4.3 out of 5
Leave a review

What is FOSSA?

Up to 90% of any piece of software is from open source, creating countless dependencies and areas of risk to manage. FOSSA is the most reliable automated policy engine for legal teams to maintain license compliance, security to fix vulnerabilities, and engineering to improve code quality across the entire software supply chain. As the only developer-native open source management platform, FOSSA fully integrates with your existing CI/CD pipeline to provide complete visibility and context earlier in the software development lifecycle. For the first time, teams can collaboratively shift left and audit, analyze, control, and remediate license issues and vulnerabilities right in their existing workflows.
Get the FOSSA Buyer's Guide and find out what your peers are saying about FOSSA, GitLab, Snyk and more!
FOSSA is the #9 ranked solution in top Software Composition Analysis (SCA) solutions. PeerSpot users give FOSSA an average rating of 8.6 out of 10. FOSSA is most commonly compared to GitLab: FOSSA vs GitLab. FOSSA is popular among the large enterprise segment, accounting for 68% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a manufacturing company, accounting for 23% of all views.
Buyer's Guide
FOSSA
July 2025
Get the report
Helped 862,452 peers since 2012

Featured FOSSA reviews

Read more reviews

FOSSA mindshare

As of July 2025, the mindshare of FOSSA in the Software Composition Analysis (SCA) category stands at 3.3%, down from 4.0% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Software Composition Analysis (SCA)

PeerResearch reports based on FOSSA reviews

TypeTitleDate
CategorySoftware Composition Analysis (SCA)Jul 19, 2025Download
ProductReviews, tips, and advice from real usersJul 19, 2025Download
ComparisonFOSSA vs Black DuckJul 19, 2025Download
ComparisonFOSSA vs SnykJul 19, 2025Download
ComparisonFOSSA vs VeracodeJul 19, 2025Download
Suggested products
TitleRatingMindshareRecommending
GitLab4.24.2%97%85 interviewsAdd to research
Snyk4.014.1%100%48 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

FOSSA's most valuable feature is its ability to automate the scanning of licenses through custom-tailored policies, which saves time and allows for granular analysis of flagged packages. It seamlessly integrates with a wide range of developer ecosystem tools and facilitates collaboration between legal and DevOps teams. The identification of open-source licensing issues is also highly valued, especially for organizations selling products that require disclosure of licenses to customers. The scalability of the tool and the ease of use of its out-of-the-box policy engine are also praised.

  • "FOSSA allows us to keep track of all dependencies to ensure they are up to date and not causing any vulnerabilities."
  • "FOSSA suggests solutions for dependency mismatches."
  • "FOSSA is easy to use and set up, provides relatively accurate results, and doesn't require armies of people to get value from its use."

Room for Improvement

FOSSA users suggest improvements in areas including distribution acknowledgments, snippet and security scanning, and project categorization. They find reporting and documentation incomplete, experiencing issues with component analysis, dependency management, and legal approvals. The interface presents challenges in manageability, especially for large-scale organizations. Users express the need for enhanced binary scanning, technical support, and API development while noting limitations in identifying precise code vulnerabilities, onboarding, and training. Some report slow interface updates post-scan.
  • "While running a FOSSA scan, it takes time for the results to reflect in the FOSSA UI portal."
  • "FOSSA does not show the exact line of code with vulnerabilities, which adds time to the process as we have to locate these manually."
  • "If you have thousands of applications, organizing them all into teams or tags is challenging."

ROI

FOSSA is a worthwhile investment that can help scale operations in a cost-efficient way. It allows for easy auditing, scaling, and generates reports related to open-source compliance and dependencies almost instantaneously. This eliminates the need for additional costs, overhead, and risk associated with manually scanning open-source licenses. The auditability is critical and it is a no-brainer to use FOSSA.

Pricing

FOSSA's pricing and setup cost are reasonable and competitive in the market. The product is neither cheap nor expensive, but worth the money spent to use it. It delivers value that is comparable to the alternative of hiring a team.

  • "The solution's pricing is good and reasonable because you can literally use a lot of it for free."
  • "The solution's cost is a five out of ten."
  • "FOSSA is a fairly priced product. It is not either cheaper or expensive. The pricing lies somewhere in the middle. The solution is worth the money that we are spending to use it."

Popular Use Cases

FOSSA is primarily used for cyber security, security compliance, and licensing of open-source components. It is used by both legal and engineering teams to scan and diligence open-source software licenses. The latest enterprise version is being used. It is also used to identify licensing issues in open-source software, with a SaaS offering that can be accessed through the website. It helps developers implement solutions and identify licenses for legal purposes.

Service and Support

FOSSA's customer service and support are highly praised for being responsive, knowledgeable, and effective in resolving issues. Customers have access to customer success managers and platform engineers who work together to troubleshoot and anticipate future problems. The sales team is also known for providing personalized support. Overall, FOSSA's support is rated 10 out of 10 and customers are satisfied with the level of service provided.

Deployment

FOSSA's initial setup is generally considered easy and straightforward. Technical support was used in some cases, but overall the process was quick and brief. Stakeholders who were involved in the setup found it easy and helpful, with one noting that it took two months for all projects. The deployment strategy involved starting with some projects and evaluating FOSSA for others.

Scalability

FOSSA's solution is highly scalable. The platform has around 300 users in one company, largely consisting of the engineering team, including CTOs, directors, individual engineers, engineering managers, and security managers. FOSSA's integrations with Slack make it easy for users to receive notifications and identify issues without spending all day on the platform.

Stability

The solution of FOSSA has been consistently reliable, with no reports of any issues or downtime. Its stability is impressive and appears to be a strong point of the tool.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our FOSSA Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
By visitors reading reviews

Top industries

By visitors reading reviews
Manufacturing Company
23%
Financial Services Firm
12%
Computer Software Company
12%
Educational Organization
7%
Healthcare Company
7%
Government
4%
Retailer
4%
Comms Service Provider
4%
University
4%
Real Estate/Law Firm
3%
Construction Company
2%
Media Company
2%
Insurance Company
2%
Outsourcing Company
2%
Performing Arts
2%
Non Profit
1%
Wholesaler/Distributor
1%
Consumer Goods Company
1%
Legal Firm
1%
Hospitality Company
1%
Energy/Utilities Company
1%
Transportation Company
1%
Venture Capital & Private Equity Firm
1%
Pharma/Biotech Company
1%

Compare FOSSA with alternative products

Go!

Learn more about FOSSA

FOSSA customers

AppDyanmic, Uber, Twitter, Zendesk, Confluent

Related questions

  • 46
What tools do you rely on for building a DevSecOps pipeline?
  • 40
What alternatives are there for Fortify WebInspect and Fortify SCA?
  • 47
What is the best way to track open-source license compatibility?
  • 73
How long does SCA scanning take?
  • 170
Why is Software Composition Analysis (SCA) important for companies?
  • 86
Differences between Black Duck & Veracode
  • 18
What SCA solution do you recommend?
  • 11
Is there an SCA solution that finds and fixes vulnerabilities?
  • 23
Can I get SCA in my IDE?
  • 2
When evaluating Software Composition Analysis, what aspect do you think is the most important to look for?

Product Categories

Product Categories
Software Composition Analysis (SCA)

Popular Comparisons

Popular Comparisons
GitLab vs FOSSA Logo
GitLab vs FOSSA
Snyk vs FOSSA Logo
Snyk vs FOSSA
Veracode vs FOSSA Logo
Veracode vs FOSSA
Black Duck vs FOSSA Logo
Black Duck vs FOSSA
Mend.io vs FOSSA Logo
Mend.io vs FOSSA
JFrog Xray vs FOSSA Logo
JFrog Xray vs FOSSA
Sonatype Lifecycle vs FOSSA Logo
Sonatype Lifecycle vs FOSSA
Checkmarx Software Composition Analysis vs FOSSA Logo
Checkmarx Software Composition Analysis vs FOSSA
FlexNet Code Insight vs FOSSA Logo
FlexNet Code Insight vs FOSSA
FossID Workbench vs FOSSA Logo
FossID Workbench vs FOSSA
See all alternatives