London-originated but Boston-headquartered cloud native application security company Snyk has acquired FossID, a software composition analysis tool that scans code for open source licenses and vulnerabilities.
Based in Sweden, FossID was founded with a mission to give developers a solution that detects all footprints of free and open source software (FOSS) within code bases, from entire components to code snippets and including license obligations and compliance issues.
FossID was created based on the team’s experience working with FOSS
specifically within the complexities of open source software used within legacy as well as embedded modern applications.
By joining forces with Snyk, FossID’s capabilities will be integrated into Snyk’s Software Composition Analysis (SCA) product, Snyk Open Source, extending the developer-first security and license compliance mindset and experience to teams currently leveraging C/C++.
With over six million developers using C/C++ to build their applications, including teams both modernising legacy applications and building new embedded Internet of Things (IoT) applications, FossID’s technology allows Snyk to reach a larger percentage of the current 27 million developers across the globe.
“With FossID’s powerful capabilities to find, fix and monitor vulnerabilities in all forms of open source software, Snyk is now accelerating our vision to bring security to every developer in the world,” said Peter McKay, CEO, Snyk. “Together with this world class team, we look forward to reaching millions more of the world’s developers, empowering them to build applications securely while also staying a step ahead of their competition.”
Sneaking up on (code) snippets
The functionality here includes control of unmanaged code, inclusive of snippet detection: FossID’s solution identifies vulnerabilities in all forms of open source, including the detection of snippets (a few lines of code copied from the open source software package). This has been historically difficult and is a critical problem to solve for developers looking to increasingly own security responsibilities within their organisations.
FossID’s license compliance engine is able to automatically inspect applications with speed and accuracy to detect license and copyright information, this is thanks to its AI-powered patent-pending software solution that relies on an audit-grade database of over 1900 licenses.