FossID Software Composition Analysis

FossID provides Software Composition Analysis (SCA) technology and audit services for enterprise software development teams. The company's platform detects open source software components, including complete packages and code snippets as small as six lines, within complex codebases. Using digital fingerprinting methodology, FossID identifies components while preserving source code confidentiality and draws from an extensive open source software knowledge base.

The company was founded in 2016 by open source software auditors to address license compliance and security vulnerability risks associated with open source software use in proprietary development. FossID was acquired by Snyk in 2021 but was reacquired by its founders in 2022. The platform generates Software Bills of Materials (SBOMs) in standard formats including SPDX and CycloneDX, supporting Source and Build SBOM types through integration with CI/CD workflows.

FossID serves Fortune 500 organizations across automotive, financial services, manufacturing, technology, and telecommunications sectors. The technology is designed for developers working with C/C++ and other languages, as well as business users in legal and compliance roles. The company offers both automated SCA tooling and professional audit services for technical due diligence in M&A transactions, intellectual property protection, and software supply chain integrity. The platform integrates into existing software development lifecycles to enable detection of declared and undeclared open source components, direct and transitive dependencies, and associated license and vulnerability information.