Case Study: Cloud Native Computing Foundation streamlines open source risk management with FOSSA

Why CNCF Projects Prefer FOSSA

The Cloud Native Computing Foundation (CNCF), the organization behind major open source projects like Kubernetes and Prometheus, needed to manage open source license compliance and security for its 160+ projects. Their challenge was to automate a previously manual and costly process to save time and ensure IP cleanliness while giving individual project maintainers the freedom to choose their own tools. They turned to the software composition analysis tool from vendor FOSSA for a solution.

By implementing FOSSA, CNCF projects gained a developer-friendly solution with a great CLI and web UI that simplified getting started. FOSSA's early support for the Go language and SBOM standards was also a key benefit. The results were significant, with roughly two-thirds of CNCF projects adopting FOSSA. This allowed the foundation to scale down costly manual audits, saving both time and money across the board while making developers more mindful of their software dependencies.

Cloud Native Computing Foundation

Chris Aniszczyk

CTO and Co-Founder