FossID is a Software Composition Analysis tool that scans software to identify open source components, AI-generated code snippets, and commercial packages within applications. The tool performs language-agnostic scanning to detect open source software at the snippet level, including copy-pasted and AI-generated code fragments. The platform generates NTIA-compliant Software Bill of Materials (SBOM) reports and supports both SPDX and CycloneDX formats. SBOMs can include license text, copyright statements, vulnerability information, and snippet-level details. The tool enables ingestion and consolidation of supplier SBOMs. FossID provides automated license identification and compliance checking to manage legal risks associated with third-party components. The tool includes vulnerability management capabilities for identifying security risks in software dependencies. The platform offers blind scan technology for technical due diligence scenarios, allowing code analysis without requiring direct access to source code. This feature is designed for merger and acquisition audits. FossID integrates into various stages of the software development lifecycle, including developer workstations, Git-based source control management systems, CI/CD pipelines, and issue tracking systems. The tool maintains a database covering over 3 petabytes of software components from public sources. The platform includes features for preventing intellectual property leakage by identifying proprietary code fragments before they are contributed to open source projects.