September 16, 2019 | Investment Themes

Keeping Code up to Code. Why We’re Thrilled to Invest in FOSSA.

John Cowgill

Written by

John Cowgill

FOSSA compliance dashboard.
FOSSA compliance dashboard.

Companies that start in so-called unsexy markets are my thing.

The type of “under the hood” startups I find fascinating are all substance. They often operate behind the scenes, helping to either accelerate a company’s progress — or prevent everything from grinding to a halt. These companies frequently spring up in semi-obscure spaces because a savvy founding team has correctly pinpointed a customer pain point they can solve.

Great teams then capitalize on this “wedge,” building out their product roadmaps to fill adjacent market needs. Ironically, as they expand their roadmap, these businesses often become much bigger — and sexier — than they appeared at first blush.

Recently, I’ve had the good fortune to consider some pretty pivotal trends in modern software development by way of FOSSA. FOSSA is astutely solving a huge pain point in compliance (see:“unsexy” but actually fascinating market with tons of adjacencies ) as a result of their read on these trends. We’re excited and proud to invest in their Series A because we also see the potential of the niche they’re so cleverly filling for customers like Uber, Zendesk, Twitter, Docker and others.

Take a closer look.

Modern software development means companies can’t keep up with code compliance, quality, and security.

It’s not a secret that modern software development looks very different than it did even a few years ago. Developers are no longer creating code from whole cloth, iterating slowly, and pushing code out a few times a quarter in the waterfall model that was once industry standard. Now developers push code dozens of times a day, even dozens of times an hour. They can do that, of course, through relying on open source and third-party code, which now represents as much as 90 percent of most modern enterprises’ codebase.

As with anything, with the good comes the bad. Pushing good code faster is better for a business on the balance. Yet on a practical level, the speed makes it very difficult for most companies — which still rely on manual processes for tracking and managing open source code — to keep up. This is a big concern, because open source and third-party code frequently plays a starring (and expensive) role in modern business problems: from IP litigation to security vulnerabilities to showstopper quality issues.

Real-time, scalable compliance is the path forward.

Enter FOSSA, which integrates into a developer’s CI/CD workflow environment to flag open source compliance, security, and even code quality issues in real-time. This real-time, “as it happens” component is what makes FOSSA special. Previously, companies have had to rely on a more cumbersome process where a snapshot, a point-in-time image of code, is taken and compared to open source and third-party databases. This simply no longer works in a world where code is pushed practically nonstop, licenses are often refreshed with new restrictions, and new security and quality issues emerge at an astonishing tempo.

FOSSA’s novel distribution system is also resonating. The company open-sourced its FOSSA CLI, which companies can deploy against their codebase to get a real-time dependency report and identify their license exposure. This embrace of open source has led to significant developer love, with over 6K major open source projects (e.g., Kubernetes, Webpack, ESLint) using FOSSA. A directive from the Cloud Native Computing Foundation (CNCF) now mandates FOSSA’s use for all projects.

Enterprises often learn of FOSSA through their open source dependency analysis tool, and come back and pay for the additional value: workflow that enables real-time triaging, connecting teams like legal, security and engineering, and defining the open source and third-party code parameters for your company’s codebase.


FOSSA was founded by Kevin Wang, a Thiel Fellow and thoughtful rising star, who caught our attention by:

  • Clearly — and correctly — seeing the compliance market not as small but as a backwater filled with untapped opportunity, and an ideal wedge for building open source developer tooling.
  • Catching the open source tailwind of 2018, a year marked by big news: IBM buying RedHat, Elastic going public, etc.
  • Being able to attract a top-notch, hyper-experienced senior leadership team, including Paul Murphy, VP of Sales, and Heather Meeker, OSS Advisor.
  • Creating an exceptionally clean, easy to use tool — it’s quickly integrated into company code environments and connected with Github and other sources.

As the pace of development continues to quicken, enterprise companies must eliminate the risk associated with open source and third-party code dependency so they can continue to reap the rewards of using it.

We’re excited to see these businesses discover FOSSA — and to see FOSSA grow in new directions with these customers.