Fossa
FOSSA, Inc.
★★★★★
3.4
/ 5
•
10 reviews
By submitting, I agree to receive periodic emails from FOSSA & accept the FOSSA Privacy Policy.
medical device cybersecurity: By submitting, I agree to receive periodic emails from FOSSA & accept the FOSSA Privacy Policy.
Consolidate SCA, BCA, and Container Security into a single solution that scales to 1000s of developers.
Eliminate vendor overlap, reduce false positives & unify security posture management across open source packages, binaries and containers.
About
**Who they are**
Fossa is a software supply chain management company founded in 2015, dedicated to helping organizations manage software supply chain risks and compliance requirements. Their mission is to eliminate the trade-off between speed, compliance, and security in software development.
**Expertise & scope**
* Universal software supply chain management for teams of all sizes.
* License compliance and policy enforcement.
* Software Bill of Materials (SBOM) generation, ingestion, analysis, and sharing.
* Code security, including real-time threat detection and remediation.
* Container scanning and binary scanning.
* Identification of dependencies at any depth, including transitive dependencies.
* Reachability-based Software Composition Analysis (SCA) to reduce false positives.
**Reputation / proof points**
* Founded in 2015.
* Supports compliance with Executive Order 14028, CISA, NTIA minimum elements, FedRAMP, and NIST standards.
Fossa is a software supply chain management company founded in 2015, dedicated to helping organizations manage software supply chain risks and compliance requirements. Their mission is to eliminate the trade-off between speed, compliance, and security in software development.
**Expertise & scope**
* Universal software supply chain management for teams of all sizes.
* License compliance and policy enforcement.
* Software Bill of Materials (SBOM) generation, ingestion, analysis, and sharing.
* Code security, including real-time threat detection and remediation.
* Container scanning and binary scanning.
* Identification of dependencies at any depth, including transitive dependencies.
* Reachability-based Software Composition Analysis (SCA) to reduce false positives.
**Reputation / proof points**
* Founded in 2015.
* Supports compliance with Executive Order 14028, CISA, NTIA minimum elements, FedRAMP, and NIST standards.
Additional information
Fossa's platform is designed to manage the complete SBOM lifecycle, from creation to distribution. They support generating accurate SBOMs with reports on all code dependencies up to unlimited depth, and can create SBOMs for previous software versions. Organizations can import SBOMs in industry-standard formats like CycloneDX and SPDX to understand and control license and security risks. Fossa offers flexibility in SBOM distribution, allowing users to download and distribute them independently or utilize Fossa's hosting services for easy access via hosted SBOM portals. This approach aids in meeting regulatory requirements and enhancing supply chain security.
Key Highlights
-
Fossa has been helping organizations manage software supply chain risks and compliance requirements since 2015.
Source
“Since 2015, organizations across the world have used FOSSA to understand and manage software supply chain risks and compliance requirements.”
-
The platform offers universal software supply chain management for small teams to enterprises.
Source
“Universal software supply chain management, for small teams to enterprises.”
-
Fossa provides automated license detection and policy enforcement.
Source
“Automated license detection and policy enforcement”
-
Supports SBOM generation and management in compliance with Executive Order 14028 and CISA.
Source
“✓Executive Order 14028 & CISA compliance”
-
Offers reachability-based Software Composition Analysis (SCA) to identify vulnerabilities in transitive dependencies with high accuracy.
Source
“FOSSA's comprehensive SCA identifies deep vulnerabilities in transitive dependencies with best-in-class accuracy.”
Certifications & Trust Signals
-
Fossa supports compliance with NTIA minimum elements, FedRAMP, and NIST compliant formats for SBOMs.
Source
“✓NTIA minimum elements compliance ✓FedRAMP and NIST compliant formats”
Buyer Snapshot
Best for
- Organizations seeking to manage software supply chain risks.
- Companies needing to ensure license compliance and code security.
- Businesses requiring robust SBOM management capabilities.
How engagement typically works
- SaaS platform for universal software supply chain management.
- Tools for automated license detection and policy enforcement.
- Solutions for generating, managing, and sharing SBOMs.
Typical deliverables
- Software Bill of Materials (SBOMs)
- License compliance reports
- Security vulnerability assessments
- Container scanning reports
Good to know
- Best when integrated into a comprehensive software development lifecycle to manage risks proactively.
Pricing
Model:
Custom pricing
HQ:
San Francisco, US
Languages:
English
Claim status:
Listed
Services & Capabilities
Medical Device Cybersecurity
Provider Type:
Software Platform
Service Categories:
SBOM Management (Software Tool), Vulnerability Management (Post-Market)
Submission Stage Support:
Pre-Submission (Planning)
Device Types Supported:
Software as a Medical Device (SaMD), Connected Hardware (IoT/WiFi/Bluetooth), Hospital/Enterprise Systems
Sbom Formats Supported:
CycloneDX, SPDX, Other
Standards Frameworks:
NTIA minimum elements compliance, FedRAMP and NIST compliant formats, Executive Order 14028, CISA compliance, NIST, FDA, PCI DSS, CRA, DORA
Pen Testing Available:
No
Threat Modeling Available:
No
Sbom Management Available:
Yes
Vulnerability Monitoring Available:
Yes
Rta Rescue Available:
No
cbam_verification
Additional medical_device_cybersecurity Details
Provider Type
Platform
Service Categories
SBOM Management, Vulnerability Management
Sbom Formats Supported
CycloneDX, SPDX
Standards Frameworks
NIST, NTIA, Executive Order 14028, CISA
