Software supply chain solutions company FossID AB today announced the launch of Agentic SCA, a new technology layer for software composition analysts that allows for real-time compliance and intelligent, high-speed software audits.

As generative AI tools increasingly write and modify code, software is being assembled faster than ever and often from fragmented sources with unclear provenance. FossID argues that traditional SCA tools, which are built for dependency-based managed code development, struggle to keep pace. As a result, they leave gaps in license compliance, vulnerability detection and accuracy in software bills of materials.

Agentic SCA addresses the issue by shifting analysis from reactive to continuous by being embedded in the software supply chain. The idea is that rather than treating scanning and compliance as downstream activities, Agentic SCA makes FossID’s technology and intelligence directly available to AI agents for real-time identification and guidance as developers write or generate code.

AI agents that use Agentic SCA can detect open-source, third-party and proprietary code in whole or snippet form. They can also identify license obligations, including complex and mixed-license scenarios, and surface copyright considerations early. In addition, they can flag known vulnerabilities in real time and provide immediate, actionable remediation guidance.

With Agentic SCA, developers can make compliant decisions before code is committed, while legal and security policies are enforced automatically without interrupting development workflows. The result, according to FossID, is a shift from delayed compliance reviews to continuous, real-time third-party license and security compliance that improves developer velocity and SBOM accuracy.

Agentic SCA also helps agents deliver intelligent, high-speed source code audits.

With the new offering, agents can perform multi-level analysis across entire codebases, including signature scanning, snippet detection, dependency analysis and deep license and copyright analysis. The agents can also identify components, licenses and vulnerabilities, prioritize findings based on real risk and impact and generate consistently structured, sharable audit reports. The platform additionally allows agents to continuously update audit reports as code evolves.

Agentic SCA is delivered through agent-compatible architecture that makes FossID’s technology directly accessible to AI systems, including the FossID MCP Server, which exposes FossID’s knowledge base as a dataset and its core analysis tools. Features include signature scanning, snippet detection, license analysis and dependency analysis, all available to AI agents through the Model Context Protocol.

FossID Agentic SCA is currently in pilot with select enterprise customers across key industries like automotive, semiconductor, telecommunications and software, with the full release expected in the second half of this year.

Image: FossID