Empowering people. One line of code at a time. We encourage people to use open-source confidently & safely.
Joined May 2018
- Tweets 612
- Following 83
- Followers 138
- Likes 113
336 Photos and videos
Jun 11
🏆️ Winning it all starts with guts, grit, and determination.
Software supply chain compliance starts with an SBOM.
1
2
Jun 11
But generating an SBOM is only the first step. See why SBOM orchestration and automation should be the foundation of your EU CRA compliance strategy.
đź“– buff.ly/YaGzKHs
#EUCRA #SBOM
1
Jun 9
SBOM adoption is accelerating, but the challenge is shifting.
For many enterprises, the question is no longer, “Can we generate an SBOM?” It is, “Can we manage the full SBOM lifecycle across suppliers, products, releases, and compliance requirements?”
1
2
Jun 9
That is why we are announcing FossID Workflows.
FossID Workflows will help organizations centrally ingest, normalize, inspect, approve or reject, consolidate, and deliver compliance-ready SBOM evidence across complex software supply chains.
1
3
Jun 9
As AI-driven development increases code volume and complexity, and regulations like the EU CRA mature, SBOMs are becoming operational records of software supply chain trust.
Read more and join the waitlist buff.ly/ywAFdCN
Jun 4
⚽It’s almost here! The World Cup should be dramatic.
EU CRA compliance shouldn't be.
If you're preparing for CRA requirements, understanding what's inside your software starts with an SBOM.
Read more: buff.ly/L78xLTy
#EUCRA #SBOM #AppSec
3
Jun 2
đź’Ą 5 Open Source Compliance Surprises That Could Be Hiding in Your Codebase
Even with SBOMs & compliance processes in place, expert audits keep turning up issues no one saw coming. The reality? What you don’t know about your open-source usage can hurt you buff.ly/sSEBrts
1
7
Jun 2
In this article, FossID reveals 5 common (and costly) surprises uncovered during audits.
👉 buff.ly/sSEBrts
7
May 28
AI-generated code is everywhere.
But without compliance, it brings:
⚠️ Legal/IP risk
⚠️ Slower audits
⚠️ Lost M&A opportunities
The ROI of proactive compliance?
âś… Reduced risk
âś… Faster audits
âś… Protected IP value
1
3
May 28
Compliance isn’t a cost—it’s a growth enabler.
👉 buff.ly/XTXCoao
#AI #AppSec #SoftwareCompliance #SBOM
3
May 26
Most teams don’t struggle to generate SBOMs anymore. They struggle to manage them.
Different formats. Inconsistent quality. Manual validation.
The result? SBOMs exist, but they aren’t operational.
1
5
May 26
Our SBOM Lifecycle Management Checklist shows how to make them scalable and audit-ready.
👉️ buff.ly/Vem176C
#SBOM #DevSecOps #SoftwareSupplyChain #SoftwareSecurity
4
May 20
The pressure on software teams isn’t coming from one direction anymore.
Development is accelerating. AI is increasing the volume and speed of code creation.
At the same time, nothing about compliance expectations has changed.
What’s changed is everything in between. (1/2)
1
6
May 20
In this article, Aaron Branson shows how that shift is breaking traditional approaches to SCA... and why compliance must move from a downstream activity to something that happens as code is created.
👉 buff.ly/dndIx7P (2/2)
#DevOps #DevSecOps #SCA #AgenticSCA
10
May 18
AI-assisted coding is here, but accountability isn’t going anywhere.
In this guest post, Dr. Ibrahim Haddad breaks down what the Linux kernel’s new AI guidance really means for enterprises – and why it sets the tone for the future of software license compliance. (1/2)
1
2
May 18
If your teams are using AI to write code, this is a must-read.
Full article: buff.ly/TZ5U3eZ (2/2)
@LF_Europe @linuxfoundation @todogroup
1
May 13
FossID Workbench 26.1 is here! Why are we so excited about this release?
This marks a significant step forward in making continuous compliance practical for every team. (1/3)
1
3
May 13
As organizations scale their software development and integrate more complex supply chains, they need an SCA workflow that supports them beyond the initial scan, one that makes it easier to understand existing risks and manage new ones as they emerge. (2/3)
1
May 13
Workbench 26.1 delivers exactly that.
Read on for all the highlights and a preview of what's to come in 26.2!
buff.ly/7LDrkSO (3/3)
#SoftwareSupplyChain #OpenSourceSoftware #AppSec #DevSecOps
May 12
Go from “Do we have an SBOM?” → to → “Can we trust it, maintain it, and act on it continuously?”
Ibrahim Haddad shares a practical blueprint for operationalizing SBOMs across the full lifecycle, turning them from static artifacts into something teams can actually work with.
1
May 12
If you’re moving beyond SBOM generation, this new report is a must-read. buff.ly/GCiv7bV
#SBOM