Try our new research platform with insights from 80,000+ expert users

What is FOSSA?

Get the report
Helped 852,796 peers since 2012

Featured FOSSA reviews

FOSSA mindshare

As of May 2025, the mindshare of FOSSA in the Software Composition Analysis (SCA) category stands at 3.4%, down from 4.2% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Software Composition Analysis (SCA)

PeerResearch reports based on FOSSA reviews

TypeTitleDate
CategorySoftware Composition Analysis (SCA)May 26, 2025Download
ProductReviews, tips, and advice from real usersMay 26, 2025Download
ComparisonFOSSA vs Black DuckMay 26, 2025Download
ComparisonFOSSA vs VeracodeMay 26, 2025Download
ComparisonFOSSA vs SnykMay 26, 2025Download
Suggested products
TitleRatingMindshareRecommending
GitLab4.34.4%97%84 interviewsAdd to research
Snyk4.014.8%100%45 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

By reviewers
By visitors reading reviews

Top industries

By visitors reading reviews
Manufacturing Company
27%
Computer Software Company
12%
Financial Services Firm
11%
Healthcare Company
6%
Educational Organization
6%
Government
5%
Retailer
4%
Comms Service Provider
4%
University
3%
Real Estate/Law Firm
3%
Media Company
2%
Outsourcing Company
2%
Wholesaler/Distributor
2%
Consumer Goods Company
1%
Non Profit
1%
Legal Firm
1%
Hospitality Company
1%
Construction Company
1%
Insurance Company
1%
Energy/Utilities Company
1%
Performing Arts
1%
Venture Capital & Private Equity Firm
1%
Transportation Company
1%
Recreational Facilities/Services Company
1%
Pharma/Biotech Company
1%
Logistics Company
1%
 

FOSSA reviews

Sort by:
JG
Sr. Security Architect at a computer software company with 1,001-5,000 employees
Verified user of FOSSA
Oct 12, 2020
Product version discussed: SaaS
Embedded within the software development lifecycle as close to the introduction of dependencies as possible

Pros

"Their CLI tool is very efficient. It does not send your source code over to their servers. It just does fingerprinting. It is also very easy to integrate into software development practices."

Cons

"On the legal and policy sides, there is some room for improvement. I know that our legal team has raised complaints about having to approve the same dependency multiple times, as opposed to having them it across the entire organization."
BF
Manager of Open Source Program Office at a financial services firm with 5,001-10,000 employees
Verified user of FOSSA
Oct 5, 2020
Product version discussed: 2.6.4
Compatibility with a wide range of dev tools, web and "C-type", enables us to scan across our ecosystem, including legacy software

Pros

"The most valuable feature is its ability to identify all of the components in a build, and then surface the licenses that are associated with it, allowing us to make a decision as to whether or not we allow a team to use the components. That eliminates the risk that comes with running consumer software that contains open source components."

Cons

"The solution provides contextualized, actionable, intelligence that alerts us to compliance issues, but there is still a little bit of work to be done on it. One of the issues that I have raised with FOSSA is that when it identifies an issue that is an error, why is it in error? What detail can they give to me? They've improved, but that still needs some work. They could provide more information that helps me to identify the dependencies and then figure out where they originated from."
Find out what your peers are saying about FOSSA. Updated May 2025
852,796 professionals have used our research since 2012.
PeerSpot user
Head of Open Source Engineering and Technology at a financial services firm with 10,001+ employees
Verified user of FOSSA
Sep 20, 2024
Easy to use, easy to set up, and provides relatively accurate results

Pros

"FOSSA is easy to use and set up, provides relatively accurate results, and doesn't require armies of people to get value from its use."

Cons

"If you have thousands of applications, organizing them all into teams or tags is challenging."
PeerSpot user
Senior Software Engineer at a manufacturing company with 10,001+ employees
Verified user of FOSSA
Oct 28, 2024
Dependency management enhanced with update suggestions but lacks precise vulnerability tracking

Pros

"FOSSA suggests solutions for dependency mismatches."

Cons

"FOSSA does not show the exact line of code with vulnerabilities, which adds time to the process as we have to locate these manually. "
PeerSpot user
Attorney at a legal firm with 11-50 employees
Verified user of FOSSA
Jun 30, 2020
The data provided makes it really easy and effective to determine the source of the license or security concern

Pros

"The most valuable feature is definitely the ease and speed of integrating into build pipelines, like a Jenkins pipeline or something along those lines. The ease of a new development team coming on board and integrating FOSSA with a new project, or even an existing project, can be done so quickly that it's invaluable and it's easy to ask the developers to use a tool like this. Those developers greatly value the very quick feedback they get on any licensing or security vulnerability issues."

Cons

"We have seen some inaccuracies or incompleteness with the distribution acknowledgments for an application, so there's certainly some room for improvement there. Another big feature that's missing that should be introduced is snippet matching, meaning, not just matching an entire component, but matching a snippet of code that had been for another project and put in different files that one of our developers may have created."
PeerSpot user
Sr. Director of Open Source at a comms service provider with 10,001+ employees
Verified user of FOSSA
Jun 14, 2020
Product version discussed: 2.1.11
Integrated into our build pipeline and automatically scans for compliance, giving us confidence problems will be caught

Pros

"I found FOSSA's out-of-the-box policy engine to be accurate and that it was tuned appropriately to the settings that we were looking for. The policy engine is pretty straightforward... I find it to be very straightforward to make small modifications to, but it's very rare that we have to make modifications to it. It's easy to use. It's a four-category system that handles most cases pretty well."

Cons

"Security scanning is an area for improvement. At this point, our experience is that we're only scanning for license information in components, and we're not scanning for security vulnerability information. We don't have access to that data. We use other tools for that. It would be an improvement for us to use one tool instead of two, so that we just have to go through one process instead of two."
PL
Associate General Counsel at Circleci
Verified user of FOSSA
Jul 26, 2020
Provides contextualized, easily actionable intelligence that alerts us to compliance issues

Pros

"FOSSA provided us with contextualized, easily actionable intelligence that alerted us to compliance issues. I could tell FOSSA exactly what I cared about and they would tell me when something was out of policy. I don't want to hear from the compliance tool unless I have an issue that I need to deal with. That was what was great about FOSSA is that it was basically "Here's my policy and only send me an alert if there's something without a policy." I thought that it was really good at doing that."

Cons

"I wish there was a way that you could have a more global rollout of it, instead of having to do it in each repository individually. It's possible, that's something that is offered now, or maybe if you were using the CI Jenkins, you'd be able to do that. But with Travis, there wasn't an easy way to do that. At least not that I could find. That was probably the biggest issue."
Hanumanth Ramsetty - PeerSpot user
Software Engineer at Tech Mahindra Limited
Verified user of FOSSA
Oct 28, 2024
Proactively mitigate deployment vulnerabilities with seamless dependency tracking

Pros

"FOSSA allows us to keep track of all dependencies to ensure they are up to date and not causing any vulnerabilities. "

Cons

"While running a FOSSA scan, it takes time for the results to reflect in the FOSSA UI portal. "