New capabilities embed software supply chain integrity directly into development workflows, enabling real-time compliance and intelligent, high-speed software audits
STOCKHOLM, SE / ACCESS Newswire / April 14, 2026 / FossID, a leader in software supply chain integrity solutions, today announced Agentic SCA, a new technology layer for Software Composition Analysis (SCA) designed for the realities of modern, AI-driven software development. It enables continuous, real-time identification of open source, third-party, and proprietary code, delivering built-in license and security policy compliance and dramatically faster, more intelligent audits.
As generative AI tools increasingly write and modify code, software is being assembled faster than ever, often from fragmented sources with unclear provenance. Traditional SCA tools, built for dependency-based managed code development, struggle to keep pace, leaving gaps in license compliance, vulnerability detection, and software bill of materials (SBOM) accuracy.
Agentic SCA represents the shift from reactive analysis to continuous, embedded software supply chain integrity.
Rather than treating scanning and compliance as downstream activities, Agentic SCA makes FossID's technology and intelligence directly available to AI agents, enabling two foundational outcomes:
Built-In Compliance at Code Creation
FossID Agentic SCA enables real-time identification and guidance as developers write or generate code.
AI agents powered by FossID can:
Detect open source, third-party and proprietary code in whole or snippet form
Identify license obligations, including complex and mixed-license scenarios
Surface copyright considerations early
Flag known vulnerabilities in real time
Provide immediate, actionable remediation guidance
This enables developers to make compliant decisions before code is committed, while legal and security policies are enforced automatically without interrupting development workflows.
The result is a shift from delayed compliance reviews to continuous, real-time third-party license and security compliance, improving both developer velocity and SBOM accuracy.
Intelligent, High-Speed Source Code Audits
FossID Agentic SCA transforms audits from manual, time-intensive processes into intelligent, AI-assisted analysis.
AI agents can tap into FossID to:
Perform multi-level analysis across entire codebases, including signature scanning, snippet detection, dependency analysis, and deep license and copyright analysis
Identify components, licenses, and vulnerabilities with high precision using FossID's knowledge base and audit logic
Prioritize findings based on real risk and impact
Generate consistently structured sharable audit reports
Continuously update audit reports as code evolves
"Agentic SCA represents the next evolution of software composition analysis," said Stuart Dross, CEO of FossID. "In this AI-driven world, software supply chain integrity has to be continuous, real-time, and built into how code gets created. That's exactly what we're enabling."
Architecture Built for AI-Driven Development
Agentic SCA is delivered through a flexible, agent-compatible architecture that makes FossID's technology directly accessible to AI systems.
This includes:
FossID MCP Server, which exposes FossID's industry-leading knowledge base as a dataset and its core analysis tools, including signature scanning, snippet detection, license analysis, and dependency analysis, to AI agents through the Model Context Protocol (MCP)
It also delivers FossID's expert audit logic through Skills and Hooks, enabling agents to identify code, understand risk, and act with audit-level accuracy.
Skills, provide auditor-derived logic for code identification, risk assessment, and compliance checks
Hooks, act as event-driven guardrails that trigger analysis in real time within developer workflows
Together, these components enable AI agents to perform software composition analysis and apply contextual reasoning and guidance in real time.
Pilot Program and Early Access
FossID Agentic SCA is currently in pilot with select enterprise customers across key industries like automotive, semiconductor, telecom, and software, who are embedding software supply chain integrity into AI-driven development workflows and helping shape the future of FossID products. FossID expects this new capability to be made generally available in the second half of 2026.
Receive updates on product availability
Influence product direction through direct feedback
Unlock AI-driven software development without introducing risk
About FossID
FossID provides software supply chain integrity solutions that enable enterprises to leverage open source, third-party, and AI-generated code with confidence. Powered by FossID Workbench, a Software Composition Analysis (SCA) toolset, FossID also provides open source audit, technical due diligence, and code review services to help clients manage legal, security, and operational software supply chain risk.
For more information, visit www.fossid.com.
Media Contact
Aaron Branson
FossID Media Relations
media@fossid.com
SOURCE: FossID
View the original press release on ACCESS Newswire