FOSSA May 2019 Product Release Notes

We’ve been hard at work in May, focusing on simplifying reporting, enhancing the CLI, and getting up and running with Private Github Repos.

Jira Integration Update: Changes Required

We have updated our Jira Integration support based on Atlassian product updates. To continue using Jira Cloud and FOSSA’s Jira integration, you will need to switch from password-based authentication to an API token. To successfully integrate you  need to generate a Jira API token and update the credentials on your FOSSA account’s Jira settings page. Please note that this change may not affect on-premises Jira users.

Introducing Team Reports

Need a report for a combination of FOSSA projects? Leverage Teams! Surface all the information you need at once. Teams allow you to great different groupings of people or projects (typically repos) in order to create customizable groups. Rather than compiling and de-duping bill of materials across several projects you can create a comprehensive overview across multiple FOSSA projects leveraging teams. Teams should be leveraged for reporting when different legal members review different projects and product is made up of a group of FOSSA projects. Try it!

Improved NuGet Support

We’ve improved support for NuGet declared dependencies. We improved categorization for licenses declared in .nuspec files to streamline attribution reporting.

Improved Gradle Support

We’ve improved our Gradle dependency parsing. We’ve also added custom configurations to the FOSSA CLI. You can now configure timeout and retry when executing Gradle commands. For more information check out our Gradle configuration docs.

Improved Dependency Editing

FOSSA allows you to update dependency information to inform our intelligent issue resolution and reduce false positives in future scans. We’ve enabled a “Delete Correction” button if your edit no longer applies.

FOSSA CLI Enhancements

We’ve enhanced fossa-test, making it easier to understand why a build has failed. We’ve both included information about the dependencies out of compliance with your policies as well as re-formatted outputs.

Sample fossa test output

We have also enhanced the fossa-init command. It will now work on any project, even if the version control system in place is not actively supported.

Other Enhancements

  • Teammate invitation flow: we’ve made it easier to invite people and understand who in your organization is already part of your FOSSA team
  • Improved error message specificity
  • Improved GitHub imports for private repos
  • Updated documentation on the CLI and updated FAQs

For any questions about these updates feel free to contact us at support@fossa.com.