September 2023

Posted by Noah Lackstein about 15 hours ago

August 2023

Posted by Noah Lackstein about 1 month ago

New issue inbox header to allow easier discovery of actions menu!
Grouping issues by package is now the default for all issue inboxes!
- Licensing
- Security
Bulk policy assignment within projects table
- Bulk Policy Assignment
Bulk label assignment within projects table
- Bulk Label Assignment
New security filters:
- Fix available by upgrade distance.
  - Whether a given remediation is a Patch, Minor, Major, or Unknown semantic version increment.
- Exploit Maturity
  - Whether a given CVE has a known exploit as defined by CISA exploited vulnerability catalog
New general (Licensing, Security, Quality) issue filters:
- First Found
  - Whether a given Issue has been detected within a selected time frame
    - Anytime
    - Last 7 days
    - Last 14 days
    - Last 30 days

Posted by Noah Lackstein 2 months ago

Auto Ignore Rules
- The ability to persist ignore decisions across projects, policy, and package versions!
  - Added Auto-ignore and ignore rules for licensing issues Licensing Ignore Rules
  - Added Auto-ignore and ignore rules for licensing issues Security Ignore Rules
HTML reports visual refresh
PDF reports visual refresh

Posted by Noah Lackstein 3 months ago

Added tutorial on adding custom licenses
Added tutorial on editing a dependency
Progressive dependency UI
- Upon completion of the Applying build data phase of any project analysis dependencies will now be available as we analyze them
- Includes filter for dependency status:
  - In-progress: Analyzing these dependencies
  - Analyzed: Analysis complete for these dependencies
  - Failed: An error occurred while analyzing these dependencies
Added Unique JIRA tickets per FOSSA issue to JIRA integration
Added Organization Setting within Integration > JIRA to enable unique JIRA tickets per FOSSA issue as the default action

Posted by Noah Lackstein 4 months ago

An ability to add names when correcting to custom-license . These names will appear as the licenseID in reports

Posted by Noah Lackstein 4 months ago

SPDX report enhancements to meet updated NTIA minimum elements:
- supplier & organizer by default per package
- checksum per package by default per package
- Updated creationInfo
Contributor report changes to capture weekly snapshots including:
- Contributor summary
- Contributors last 90 days
- Contributors last 364 days
Type DELETE for all project & release group deletion
Ability to select a JIRA project per issue type (Security, Licensing) in integration settings
Org project label limit increased from 100 to 500
FOSSA Project Broker v0.2.0

Posted by Noah Lackstein 6 months ago

Project and version grouping for "First party licenses" in Release group CSV reports
Declared vs Discovered license filters
Fix available filter
- Partial Fix - Nearest update to fix the selected CVE.
- Complete Fix- Nearest update to fix all vulnerabilities found on this dependency
Audit Due Diligence report fixes
Saved Issue filters for new Issues UI
- Saved issue filters for fossa test and status checks
Widespread go analysis improvements
Fossa Project Broker MVP

Posted by Noah Lackstein 6 months ago

New Projects UI Projects UI - What’s New
Auto-ignore Issues Beta
Issues v2 for Release groups
Additional Metadata for Global Issues download CSV
- ignoreReason
- ignoreNote
- userEmailWhoIgnored
- team
Performance improvement for fetching Git projects
Added Sha256 validation to the FOSSA CLI download script
Support for project labels via CLI

Posted by FOSSA Product Team 8 months ago

Set a custom organization-wide header for attribution reports
Export Ignored issues as CSV
--detect-dynamic Supports recursively inspecting binaries for dynamic dependencies (#1143)
Improved the output of fossa test (#1135)
Added support for Unity companion license and Unity package distribution license (#1136)
1Password integration to FOSSA CLI
Added yocto support
Full FOSSA CLI Changelog can be found here

Posted by FOSSA Product Team 10 months ago