First of all, this is very impressive. Congratulations to the entire team on the launch! Having worked on projects in the same/similar space, I know firsthand how important solutions like these are going to be for organizations. Considering that you're going to be looking at open-source packages and libraries that an application uses, how different is it from something like either DependencyTrack(open-source) or snyk(commercial)? Also wondering if container scanning capabilities on the roadmap . Look forward to giving FOSSA a shot!

With FOSSA, organizations can now actively monitor their open source software for vulnerability and license risks as a single, automated process in the existing development and deployment workflow and enforce the appropriate risk policies across their teams at any scale. In fact, FOSSA users benchmark 47% fewer false-positives by finding vulnerabilities in the dependencies they actually rely on earlier in the SDLC for a truly enterprise-scale approach to open source security: Remediation Support. Automated pull requests and resolution support to speed up remediation and save developer time. Onboarding. The new CLI 2.0 delivers a zero-config integration making onboarding simple, fast, and error-free. Curated Database. Sourced from multiple vulnerability databases and manually curated by security experts to ensure the most accuracy and fewest false-positives. Reporting. Detailed reports that give organizations gain insights into their risk posture along with APIs to get realtime stats on security status. Workflow. Native integrations into Jira, Slack, GitHub, and most CI/CD tools, minimizing friction and ensuring adoption and productivity.