STOCKHOLM, SE / ACCESS Newswire / July 8, 2025 / FossID, a global leader in Software Composition Analysis (SCA), today announced a significant enhancement to its vulnerability code snippet detection technology: Previously available as a standalone scanning utility Vulnerable Snippet Finder (VSF) is now integrated into FossID Toolbox for software CI/CD workflows, enabling software developers to detect and act on vulnerabilities earlier and more precisely than ever before.

Built into FossID's SCA tooling, VSF scans codebases for the exact lines of code - or snippets - that introduce known vulnerabilities. Unlike traditional tools that infer risk based on package metadata or component versions, VSF verifies the presence of known vulnerable code at the source level, enabling teams to remediate real threats with confidence.

'Vulnerable Snippet Finder sets a new standard for what SCA should deliver,' said Stuart Dross, CEO of FossID. 'Our customers no longer have to rely on assumptions about what applications might contain vulnerable code. Now they can know exactly what vulnerable code is present and precisely where to find it.'

A New Level of Assurance for Embedded Systems

The capability is already deployed by several of FossID's largest clients, including Fortune 500 enterprises and leading global manufacturers in industries such as automotive, semiconductors, and telecommunications. These organizations are using VSF to ensure that the software powering their embedded systems is free from known vulnerabilities-no matter how components have been modified or reused.

'In regulated, high-risk environments, shipping software with confidence is non-negotiable,' said Dross. 'VSF empowers engineering and compliance teams to proactively surface vulnerabilities, even in legacy code or heavily customized open-source forks, before products leave the factory floor.'

Precise Vulnerability Detection, Fewer False Positives

While traditional scanners rely on manifest files and inferred component versions to approximate risk, FossID's VSF pinpoints theactual vulnerable snippets-eliminating guesswork, false positives, and missed issues due to modified or forked code.

Coming Soon: Workbench Integration for Scan and Audit Workflows

In FossID's upcoming platform release, Vulnerable Snippet Finder will also be available in the Workbench web application, extending its capabilities to scan management, audit workflows, and deep compliance reviews. This will provide security and legal teams with direct visibility into vulnerable code instances across the entire software supply chain-from development to due diligence.

A Market-First Innovation

FossID is the first SCA vendor to offer this level of snippet-level vulnerability detection. The technology is powered by the same granular matching engine that underpins FossID's industry-leading code snippet detection-renowned for its accuracy, resilience to code formatting changes, and ability to cut through compliance and security noise.

Availability

The CI/CD-integrated version of Vulnerable Snippet Finder is available today for all FossID SCA users. The upcoming Workbench interface integration is expected in Q4 2025.

To learn more or schedule a live demo, visit www.fossid.com or contact [email protected].

About FossID

FossID helps global enterprises gain complete visibility into their software supply chain, secure their code, safely leverage AI-generated code, and ensure open source license compliance - without slowing development velocity. With unmatched accuracy in code snippet detection, component identification, and SBOM generation, FossID is trusted by software-driven organizations where precision and performance are critical.

Learn more: https://www.fossid.com
Follow us: Blog | LinkedIn | X | GitHub

Media Contact
Aaron Branson
FossID Media Relations
[email protected]

Related Video

https://www.youtube.com/watch?v=ci5VRVOC_xo

SOURCE: FossID