OSSMOSS

OSSMOSS is an open-source software platform designed to help organizations manage open-source components across their software supply chains. The project focuses on tracking usage, assessing licenses, and coordinating governance for dependencies, with an emphasis on transparency and reproducibility.

Its core capabilities include dependency inventory, SBOM generation in SPDX and other formats, vulnerability awareness, license

Its architecture combines a core engine with a modular plugin system, allowing support for additional ecosystems

OSSMOSS began as a community-driven project and was first released in 2020. It is maintained by a

Adoption ranges from small teams to larger organizations seeking open and auditable software supply chain tooling.