Read about open source, SBOMs, licensing, SCA, and compliance
from the nexB team.

Python-inspector: Easily resolve Python dependencies
Resolve Python dependencies without requiring additional builds and installs.
30 MINUTE READ
FOSS Daily
FOSS Daily for licensing “hygiene” and vulnerability compliance
Pay attention to your software – especially your open source components – as a daily habit.
6 MINUTE READ
universal software package identifier
PURLs of Wisdom: Universal software package identification
Accurately identify third-party software packages with PURL.
3 MINUTE READ
Dependency Resolution
Non-Vulnerable Dependency Resolution
Dependencies may come with vulnerabilities that can be exploited by attackers.
3 MINUTE READ
ScanCode LicenseDB
ScanCode LicenseDB: 2,000+ licenses curated in a public database
The ScanCode LicenseDB is all about identifying a wide variety of licenses that are actually found in software.
2 MINUTE READ
Dual License
What is a Dual License Anyway?
Make it easier for users and remove the word “Dual” from your software project notice vocabulary.
2 MINUTE READ
Software Composition Analysis
SCA the FOSS Way – Part 1: Software Composition Analysis
SCA is critical for modern software development – for both proprietary and open source software.
13 MINUTE READ
Copyright
Do you really need to update the copyright statement each new year?
Developers update their project’s copyright notices at each new year, but why is it needed?
3 MINUTE READ
VulnerableCode Cover
VulnerableCode v31 expands vulnerability coverage
VulnTotal cross-validates vulnerability coverage across other checking tools and databases.
2 MINUTE READ
Version
There and back again: A software versioning story
One software version control to rule them (modern software development) all?
10 MINUTE READ
License clarity scoring
Providing Clarity on License Clarity Scoring in ScanCode
When automating SCA, License Clarity Scoring helps determine if scan results require more review.
3 MINUTE READ
VulnerableCode
VulnerableCode: Find FOSS vulnerabilities, improve FOSS security
Automate finding FOSS component security vulnerabilities, using open data and FOSS tools.
3 MINUTE READ
VulnerableCode Cover
VulnerableCode v30 publicly available with new UI and API access
VulnerableCode is as a free and open database of open source software package vulnerabilities.
4 MINUTE READ
Google Summer of Code 2022
Google Summer of Code: Open source SCA tools with AboutCode
nexB is a mentor organization for student developers to work on open source development.
2 MINUTE READ
SBOM
Software Bill of Materials and Software Composition Analysis
We’ve never seen anything that raises the urgency for Software Composition Analysis like this.
5 MINUTE READ
License Compliance
nexB on GPL 3.0 and Related License Compliance Issues
The severity of Copyleft license-related issues depends on the context of OSS license policies.
8 MINUTE READ
JAVA
Using Copyleft-licensed software components in a Java application
Key considerations while using Copyleft-licensed software components in a Java application.
4 MINUTE READ
Compliance
Importance of snippet matching for software provenance analysis
Is snippet matching worth the resources involved for FOSS compliance?
5 MINUTE READ
Documentation
How much documentation for a software project?
There is never enough documentation! Docs encourage users to discover more.
1 MINUTE READ
Linux Foundation
What are the membership levels in the Linux Foundation?
Open Source Stack Exchange answers questions about the business of open source.
1 MINUTE READ
Opensource stack exchange
Open Source Stack Exchange: Can a team be a copyright holder?
Concise copyright statements are better for both your team and your users.
1 MINUTE READ
JS redistribution
Is a page that contains Javascript considered redistribution?
JavaScript in a web page is code redistributed to whoever loads this page in their browser.
1 MINUTE READ
Compliance
Wix vs. WordPress and what we can learn about the GPL
“If I were being honest, I’d say that Wix copied WordPress without attribution…”
3 MINUTE READ
Software Dependencies
Software Dependencies: A not-too-technical guide
Larger software systems and products are assembled from many software components.
7 MINUTE READ
Open Source
What are the Benefits of Using Open Source Software?
Free/Libre Open Source Software (FLOSS) refers to freedom (libre), not price.
2 MINUTE READ
Open Source cover
What is Open Source Software (OSS)? And Is It Free to Use?
Open source software (OSS) is software composed of source code open to the general public.
3 MINUTE READ
Attribution
Best Practices for Open Source Software (OSS) Attribution
What is actually legally required? What is the best way to meet FOSS attribution obligations?
9 MINUTE READ
Attribution
OSS Attribution Case Study: DataTables and Healthcare.gov
Developers are not likely to do a good job fulfilling OSS obligations without clear guidance.
3 MINUTE READ