| Product | Market Share (%) |
|---|---|
| FOSSA | 3.1% |
| Black Duck | 16.7% |
| Snyk | 13.1% |
| Other | 67.1% |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| GitLab | 4.2 | 4.3% | 97% | 86 interviewsAdd to research |
| Snyk | 4.0 | 13.1% | 100% | 48 interviewsAdd to research |
FOSSA's most valuable feature is its ability to automate the scanning of licenses through custom-tailored policies, which saves time and allows for granular analysis of flagged packages. It seamlessly integrates with a wide range of developer ecosystem tools and facilitates collaboration between legal and DevOps teams. The identification of open-source licensing issues is also highly valued, especially for organizations selling products that require disclosure of licenses to customers. The scalability of the tool and the ease of use of its out-of-the-box policy engine are also praised.
FOSSA is a worthwhile investment that can help scale operations in a cost-efficient way. It allows for easy auditing, scaling, and generates reports related to open-source compliance and dependencies almost instantaneously. This eliminates the need for additional costs, overhead, and risk associated with manually scanning open-source licenses. The auditability is critical and it is a no-brainer to use FOSSA.
FOSSA's pricing and setup cost are reasonable and competitive in the market. The product is neither cheap nor expensive, but worth the money spent to use it. It delivers value that is comparable to the alternative of hiring a team.
FOSSA is primarily used for cyber security, security compliance, and licensing of open-source components. It is used by both legal and engineering teams to scan and diligence open-source software licenses. The latest enterprise version is being used. It is also used to identify licensing issues in open-source software, with a SaaS offering that can be accessed through the website. It helps developers implement solutions and identify licenses for legal purposes.
FOSSA's customer service and support are highly praised for being responsive, knowledgeable, and effective in resolving issues. Customers have access to customer success managers and platform engineers who work together to troubleshoot and anticipate future problems. The sales team is also known for providing personalized support. Overall, FOSSA's support is rated 10 out of 10 and customers are satisfied with the level of service provided.
FOSSA's initial setup is generally considered easy and straightforward. Technical support was used in some cases, but overall the process was quick and brief. Stakeholders who were involved in the setup found it easy and helpful, with one noting that it took two months for all projects. The deployment strategy involved starting with some projects and evaluating FOSSA for others.
FOSSA's solution is highly scalable. The platform has around 300 users in one company, largely consisting of the engineering team, including CTOs, directors, individual engineers, engineering managers, and security managers. FOSSA's integrations with Slack make it easy for users to receive notifications and identify issues without spending all day on the platform.
The solution of FOSSA has been consistently reliable, with no reports of any issues or downtime. Its stability is impressive and appears to be a strong point of the tool.
| Company Size | Count |
|---|---|
| Small Business | 5 |
| Midsize Enterprise | 1 |
| Large Enterprise | 7 |
| Company Size | Count |
|---|---|
| Small Business | 68 |
| Midsize Enterprise | 41 |
| Large Enterprise | 202 |
| Author info | Rating | Review Summary |
|---|---|---|
| Head of Open Source Engineering and Technology at a financial services firm with 10,001+ employees | 5.0 | I find FOSSA to be a beneficial software composition analysis tool, especially for license compliance and vulnerability detection. It's easy to use, but managing thousands of applications can be challenging due to limitations in its user interface. |
| Senior Software Engineer at a manufacturing company with 10,001+ employees | 3.0 | I use FOSSA to manage project dependencies, similar to SonarQube. It efficiently resolves issues but lacks features like displaying specific code lines with vulnerabilities. It's more of an add-on, and the process can be confusing for new users. |
| Software Engineer at Tech Mahindra Limited | 4.0 | In our project, we integrate FOSSA into our CI/CD pipeline to monitor dependencies and license status, detecting vulnerabilities and expired licenses promptly. However, the FOSSA UI portal delays updating scan results, requiring manual refreshes after pipeline execution. |
| Owner at UPS Technology | 2.5 | I use FOSSA for cybersecurity because it offers excellent scalability. However, I've noticed that their technical support could be improved. I haven't used or considered other solutions, and there's no specific cloud provider involved in our deployment. |
| CEO at SeQuenX BV | 4.0 | I use FOSSA for security compliance and licensing of open-source components. I value its seamless integration and quick results, but I wish it included binary scanning for better component matching and reverse engineering. |
| Sr. Security Architect at a computer software company with 1,001-5,000 employees | 4.0 | No summary available |
| Manager of Open Source Program Office at a financial services firm with 5,001-10,000 employees | 4.5 | No summary available |
| Program Manager at a consumer goods company with 10,001+ employees | 5.0 | No summary available |
