FOSSA

The tool scans a codebase and its associated build artifacts to identify every third‑party component, regardless of programming language, framework, or packaging format. It extracts dependency information from source files, container images, compiled binaries and code snippets, then produces a software bill of materials (SBOM) and license attribution data.

It evaluates identified components against security vulnerability databases and open‑source license policies, flagging violations and providing remediation guidance. The system can enforce policy rules automatically within continuous‑integration pipelines and generate compliance reports for regulatory or audit purposes.

Designed for use on macOS, the solution operates without requiring custom configuration files, aiming to simplify integration into existing development workflows while covering a broad set of languages and CI/CD runtimes. It is positioned for teams that need to manage open‑source risk, license compliance and software‑supply‑chain transparency.