Vulnerabilities
Find known vulnerabilities (CVEs), prioritize them, and drive remediation workflows.
1 min readUpdated Jul 9, 2026
Overview
FOSSA continuously checks your dependencies against known vulnerability data so you can find and fix security issues before they ship, and focus on the ones that actually matter.
What this covers
- Reviewing security issues: triage vulnerabilities across all your projects from a single inbox.
- Issue overview and comparing issues: understand the detail behind a finding and how versions differ.
- Custom risk scores and upgrade distance: tune prioritization to your risk model and find the cheapest path to a fix.
- Container scanning and SBOM vulnerability detection: extend scanning to images and imported bills of materials.
- Automated malware detection: catch dependencies published with malicious intent and gate them out of your builds.
- Ignoring issues: suppress findings that don't apply, with an audit trail.
- Vulnerability data sources: where FOSSA's vulnerability intelligence comes from.
Start here
- Reviewing security issues: the core triage workflow.
- Issue overview: how to read a single vulnerability and decide what to do.
To automate how vulnerabilities are flagged and blocked, see Policies. To surface findings in your tools, see Integrations.