Happy Memorial Day! We’d like to announce some major license data quality updates that we’ve introduced this weekend.

Over 300 New Licenses

We’ve made a massive increase to our library supported licenses. Not only can FOSSA recognize a broader variety, but it can also now differentiate between over 20+ variations of the BSD License, 15+ variations of the GPL and a wide variety of non-standard proprietary licenses.

New variations of the “BSD” license captured by FOSSA

To follow this, we’ve updated our default policy templates to include new common exceptions and licenses. Contact support@fossa.io for help migrating to new policies.

Major Improvements to Data & Report Quality

We’ve reworked how we resolve unknown license matches which has led to a significant increase in report quality. In addition, we’ve improved and standardized our copyright scanning and license reporting format to make rendering attribution notices extremely reliable.

Reliable attribution, copyright notices & deep license matches in FOSSA reports

Overall, reports generated by FOSSA should look both significantly cleaner and full of raw attribution notices.

Native Support for SPDX License IDs & Standards

The SPDX License List is a standard list of commonly found licenses maintained by the Linux Foundation. It defines standard identifiers, license texts and attribution guidelines for hundreds of common licenses and exceptions used in free and open source software.

FOSSA has supported SPDX identifiers for years—but now, FOSSA natively speaks SPDX under the hood.

For FOSSA Enterprise customers, this ensures 2 things:

  1. All reports are fully compliant with industry-standard attribution practices
  2. API data should be significantly easier to integrate into toolchains, especially those that follow specifications like OpenChain

Increased Performance & Issue Hints

Finally, we’ve improved the speed at which license data is resolved and loaded throughout FOSSA. Now, anywhere license data is handled throughout the application should be much faster.

This has also allowed us to introduce richer data into the dependency browsing experience, like highlighting issues directly in the view:

Flagged dependency in the Deep Dependency Browser

We hope you find these updates useful. As always, we’re eager to hear your feedback.