CodeSecure Integrates with FOSSA
April 16, 2025

CodeSecure and FOSSA announced a strategic partnership and native product integration that enables organizations to eliminate security blindspots associated with both third party and open source code.

The partnership combines CodeSecure’s CodeSentry Binary Composition Analysis (BCA) capabilities within FOSSA’s advanced software supply chain analysis and SBOM management platform. This single integrated solution provides continuous visibility for proactively detecting and mitigating software security vulnerabilities and compliance violations at every stage of the software development lifecycle (SDLC).

The CodeSentry-FOSSA integration allows App Developers and DevSecOps teams to generate comprehensive SBOMs that account for both open source and binaries contained in their software builds—providing comprehensive transparency into vulnerabilities, dependencies, and compliance violations. By identifying vulnerabilities during the development phase—when they are easier and more cost-effective to remediate—this integrated platform reduces risk and accelerates secure software delivery.

“Modern software applications are constantly growing in complexity and composed of components that developers might not fully control or even see,” said Mike Dager, CEO of CodeSecure. “Our partnership with FOSSA creates a single, cohesive platform that ensures comprehensive visibility into both open source and binary code, allowing teams to confidently manage their software supply chains from development through deployment.”

"Customers expect seamless security insights across the entire software supply chain, including first-party code, open source components, and binaries,” said Kevin Wang, CEO of FOSSA. “Integrating CodeSecure’s market leading binary analysis capabilities into the FOSSA platform allows our customers to comprehensively inventory and secure their software—eliminating critical blindspots and enhancing their security posture.”

The FOSSA platform, pre-integrated with CodeSecure CodeSentry, addresses the following DevSecOps needs:

- Comprehensive SBOM Generation: Consolidates insights from both source and binary code analysis to produce accurate, complete software inventories.

- Early Vulnerability Detection and Remediation: Identifies and helps mitigate vulnerabilities early in the development lifecycle, reducing complexity and cost.

- Unified Security and Compliance Management: Provides a single source for maintaining software licensing compliance and securing third-party dependencies.

The FOSSA platform, pre-integrated with CodeSecure’s BCA, is available immediately.

Share this

Industry News

May 14, 2025

The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the launch of the Cybersecurity Skills Framework, a global reference guide that helps organizations identify and address critical cybersecurity competencies across a broad range of IT job families; extending beyond cybersecurity specialists.

May 14, 2025

CodeRabbit is now available on the Visual Studio Code editor.

The integration brings CodeRabbit’s AI code reviews directly into Cursor, Windsurf, and VS Code at the earliest stages of software development—inside the code editor itself—at no cost to the developers.

May 14, 2025

Chainguard announced Chainguard Libraries for Python, an index of malware-resistant Python dependencies built securely from source on SLSA L2 infrastructure.

May 14, 2025

Sysdig announced the donation of Stratoshark, the company’s open source cloud forensics tool, to the Wireshark Foundation.

May 13, 2025

Pegasystems unveiled Pega Predictable AI™ Agents that give enterprises extraordinary control and visibility as they design and deploy AI-optimized processes.

May 13, 2025

Kong announced the introduction of the Kong Event Gateway as a part of their unified API platform.

May 13, 2025

Azul and Moderne announced a technical partnership to help Java development teams identify, remove and refactor unused and dead code to improve productivity and dramatically accelerate modernization initiatives.

May 13, 2025

Parasoft has added Agentic AI capabilities to SOAtest, featuring API test planning and creation.

May 13, 2025

Zerve unveiled a multi-agent system engineered specifically for enterprise-grade data and AI development.

May 12, 2025

LambdaTest, a unified agentic AI and cloud engineering platform, has announced its partnership with MacStadium(link is external), the industry-leading private Mac cloud provider enabling enterprise macOS workloads, to accelerate its AI-native software testing by leveraging Apple Silicon.

May 12, 2025

Tricentis announced a new capability that injects Tricentis’ AI-driven testing intelligence into SAP’s integrated toolchain, part of RISE with SAP methodology.

May 12, 2025

Zencoder announced the launch of Zen Agents, delivering two innovations that transform AI-assisted development: a platform enabling teams to create and share custom agents organization-wide, and an open-source marketplace for community-contributed agents.

May 08, 2025

AWS announced the preview of the Amazon Q Developer integration in GitHub.

May 08, 2025

The OpenSearch Software Foundation, the vendor-neutral home for the OpenSearch Project, announced the general availability of OpenSearch 3.0.

May 08, 2025

Jozu raised $4 million in seed funding.