Breaking
FOSSA named Category Innovator in 2026 Latio Application Security Report Snippet Scanning launched to tackle AI code copyright risk StackShare acquired in 2024 Used by Uber, Zendesk, Verizon and UiPath ~$35M+ raised across seed, Series A and Series B Founded 2015 in San Francisco by Kevin Wang FOSSA named Category Innovator in 2026 Latio Application Security Report Snippet Scanning launched to tackle AI code copyright risk StackShare acquired in 2024 Used by Uber, Zendesk, Verizon and UiPath ~$35M+ raised across seed, Series A and Series B Founded 2015 in San Francisco by Kevin Wang
FOSSA company logo
FOSSA / San Francisco, CA
Est. 2015
Company Profile · Developer Tools · Software Supply Chain

FOSSA.

The company that keeps track of the open source inside your software - so shipping fast never quietly turns into a legal or security problem.

SCA License Compliance SBOM Management Vuln Management Snippet Scanning
2015
Founded
$35M+
Raised
~57
Employees
10+ yrs
In Category
01

What FOSSA Does

Roughly four out of every five lines in a modern application are open source code that no one on the team actually wrote. It arrives through package managers, containers, and - increasingly - AI coding assistants. FOSSA exists because someone still has to be accountable for all of it. The San Francisco company builds a platform that scans software continuously to answer three questions engineering, security, and legal teams keep asking: what open source is in here, is any of it vulnerable, and are we allowed to use it the way we are using it?

"FOSSA aims to eliminate the sacrifice between speed, compliance, and security in today's software-driven world."

Founded in 2015 by Kevin Wang, FOSSA started with a deceptively narrow problem: open source license compliance. Every open source component carries a license, and those licenses carry obligations - attribution, disclosure, sometimes the requirement to open your own code. Miss one and it can surface at the worst possible moment, usually during an acquisition or a security audit. FOSSA automated the grunt work of finding those obligations and turning them into reports.

From that beachhead the company expanded outward. Today the platform covers software composition analysis (SCA) for security vulnerabilities, Software Bill of Materials (SBOM) generation in the SPDX and CycloneDX standards, container scanning, binary analysis, and snippet detection for copied code. The through-line is consistent: give developers visibility and control over their software supply chain without making them slow down to get it.

What keeps FOSSA distinctive is where it sits. Many competitors lead with security scanning; FOSSA is equally fluent in the legal and compliance side, which matters enormously to enterprises that ship software to customers, regulators, or the government - all of whom increasingly demand a verifiable bill of materials.

The product philosophy is developer-first. FOSSA's command-line scanner is itself open source, licensed under MPL-2.0, and drops directly into CI/CD pipelines. Adoption tends to start with an engineer running a free scan and grows into an enterprise contract once legal and security teams see the value.

"Since 2015, FOSSA has worked to protect businesses from security, license compliance, and code quality risks in modern software development."
- FOSSA, on its own mission
02

The Problem & Who It Serves

The problem it solves

Modern software is assembled, not written. That speed is a gift, but it hides three liabilities in plain sight:

  • Unknown license obligations that can block a deal or force disclosure
  • Vulnerabilities buried deep in transitive dependencies
  • No trustworthy inventory of what is actually shipping - a problem regulators now want solved with SBOMs

FOSSA turns each of these from a manual, end-of-cycle scramble into an automated, continuous check inside the pipeline.

Who uses it

FOSSA sells to engineering, security, and legal teams at enterprises and fast-growing software companies. Publicly cited customers include:

Uber Zendesk Twitter Verizon Fitbit UiPath

Beyond paying customers, a wide base of open source maintainers uses the free FOSSA CLI to add license and dependency checks to their own projects.

03

Products & Services

Since 2017

License Compliance

Automated detection of open source licenses, policy enforcement, and generation of attribution and disclosure reports on a continuous basis.

Since 2021

SBOM Management

Generate, analyze, and share Software Bills of Materials in SPDX and CycloneDX for customers and regulators.

Since 2021

Code Security (SCA)

Finds vulnerabilities in direct and transitive dependencies, with reachability analysis to cut false positives.

Since 2023

Container Security

Scans container images for open source components, licenses, and known vulnerabilities.

Since 2024

Snippet Scanning

Detects copied open source code snippets to manage IP and copyright risk introduced by AI coding tools.

Open Source

FOSSA CLI

Free, MPL-2.0 command-line scanner that drops dependency analysis directly into CI/CD pipelines.

04

How It's Different & How It Makes Money

Where it fits in the market

FOSSA competes in software composition analysis alongside Snyk, Mend, Black Duck (Synopsys), Sonatype, and newer entrants like Endor Labs. Where many rivals lead with security, FOSSA is unusually strong on the legal and compliance edge - license policy, attribution, and SBOMs - which is exactly the ground that regulation is now moving onto.

Two other differentiators stand out. Its reachability analysis tries to answer whether a vulnerability is actually exploitable in your app, cutting the alert fatigue that plagues scanners. And its 2024 Snippet Scanning product addresses a question most tools ignore: when an AI assistant writes your code, whose code is it copying?

The business model

FOSSA runs an open-core, B2B SaaS model. A free, open source CLI drives bottom-up developer adoption; a commercial subscription platform sells to enterprises, scaling to thousands of developers. Revenue comes primarily from annual enterprise contracts.

That structure - free tool first, enterprise deal later - is the same playbook that produced its earliest investor interest, and it is why FOSSA's brand is well known among individual engineers, not just procurement teams.

Earn developer trust first. Sell to the enterprise later.

05

Funding

FOSSA has raised roughly $35-41M across three disclosed rounds. Its seed round is notable for its angel roster - Salesforce CEO Marc Benioff, YouTube co-founder Steve Chen, and Skype co-founder Jaan Tallinn all wrote checks.

Seed / 2017
$2.2M
Series A / 2019
$8.5M
Series B / 2020
$23.2M

LEAD INVESTORS: BAIN CAPITAL VENTURES · COSTANOA VENTURES · CANVAS VENTURES · NORWEST

06

Timeline

2015

FOSSA is founded

Kevin Wang founds FOSSA in San Francisco to automate open source management for developers.

2017

Seed round and product launch

Raises $2.2M led by Bain Capital Ventures with angels including Marc Benioff, and launches its public beta.

2019

Series A and Dawn Labs acquisition

Raises $8.5M Series A led by Bain Capital Ventures and acquires design studio Dawn Labs.

2020

Series B

Raises $23.2M to expand beyond licensing into security and SBOM management.

2024

Snippet Scanning and StackShare

Launches Snippet Scanning for AI copyright risk and acquires developer tool community StackShare.

2026

Category Innovator recognition

Named a Category Innovator in the Latio Application Security Report for SBOM Compliance Management and Patch Assistance.

07

People & Fun Facts

Leadership

Kevin Wang - Founder & Chairman. Started FOSSA in 2015 on a thesis about managing the open source that powers modern software.

Aaron Williams - Chief Executive Officer.

HQ: 114 SANSOME ST, SAN FRANCISCO, CA

Fun facts

  • A fossa is a cat-like predator native to Madagascar - a memorable animal namesake.
  • FOSSA's own scanner is open source (MPL-2.0) - the same kind of license it helps customers track.
  • Its seed round included Marc Benioff, Steve Chen, and Jaan Tallinn.
  • In 2024, a supply chain company bought StackShare, a site where developers publicly list their tools.
08

Watch & Demos

Product walkthroughs, talks, and interviews from FOSSA's channels and the wider open source community.

09

FAQ

What does FOSSA do?

FOSSA provides a software supply chain platform that automates open source license compliance, software composition analysis (SCA), vulnerability management, and SBOM generation across packages, containers, binaries, and code snippets.

Who founded FOSSA and when?

FOSSA was founded in 2015 by Kevin Wang, who now serves as Chairman. Aaron Williams is CEO.

Who are FOSSA's customers?

FOSSA serves enterprise engineering, security, and legal teams. Publicly cited customers include Uber, Zendesk, Twitter, Verizon, Fitbit, and UiPath.

Is FOSSA open source?

FOSSA offers a free, open source command-line scanner licensed under MPL-2.0, alongside a commercial SaaS platform sold to enterprises.

How much funding has FOSSA raised?

FOSSA has raised roughly $35-41M across a $2.2M seed (2017), an $8.5M Series A (2019), and a $23.2M Series B (2020).

10

Links & Sources

Share this profile