For most users, the fossa-cli will work out-of-the-box without any configuration. Get an API key, run fossa analyze, and view your results in the FOSSA web application.
If you haven't read the Getting Started section in the README yet, we highly recommend starting there first.
This manual is organized into three sections:
-
Walkthroughs explain how to accomplish common use cases, including common troubleshooting steps and follow-ups.
-
Features explain specific CLI features and how to use them.
-
References provide an exhaustive listing and explanation of all CLI functionality.
Every piece of documentation is accessible via hyperlink from this user manual. You should never need to manually explore docs/ to find the page you need.
- FOSSA CLI Concepts
- Analysis Targets
- Discovery and Analysis
- Strategy Tactics
- Static and Dynamic Strategies
- Integrating a project
- Debugging an Integration
- Analysis target configuration
- Custom integration
- Integrating a Conan Project
- Configuring SSL/TLS Support Manually
- Integrating Container Scanning in CI
- Language and Tool (Strategy) Support
- Configuring Which Targets Are Analyzed
- Dynamic Strategy Command Selection
fossa analyzeReference- Vulnerable Reachability
- Overview
- Deps from a Known Package Manager (Referenced Dependencies)
- Fully Specifying a Dep and License Manually (Custom Dependencies)
- Specifying a Source URL for Analysis (Remote Dependencies)
- Performance Characteristics of Manual Dependencies
- Overview
- Vendored Dependency Names and Scope
- How Vendored Dependencies are Scanned
- Filtering Paths for License Scanning in Vendored Dependencies
- Path Filtering on Windows
- How to Debug Path Filters
- Vendored Dependency Performance
- Detecting Vendored Source Code with Vendored Source Identification (VSI)
- Overview
- Keyword Searches
- License Text Searches
- Text Search Term Format
- Configuring Custom-License Searches Organization-Wide
- Overview
- How FOSSA's Container Scanner Works
- Container Image Sources
- Supported Container Package Managers
- Container Jar File Analysis
- Distroless Containers
- Viewing Detected Projects
- Configuring Container Analysis Targets
- Integrating Container Scanning in CI
- Frequently Asked Questions
- Debugging
- Limitations & Workarounds
- Scanning Images using Podman (Experimental)
fossa analyze: Analyze a project.fossa container: Scan a container for vulnerabilities and compliance issues.fossa init: Generate sample config files.fossa list-targets: Retrieve a list of filterable targets in a project.fossa report: Download a report of the most recent scan of a project.fossa snippets: Analyze snippets of a project and check if they exist in other open source projects FOSSA knows about.fossa test: View the results of the most recent scan of a project.fossa release-group: Interact with FOSSA release groups.fossa project: Interact with FOSSA projects.
- Specifying Dependencies Manually with
fossa-deps.yml - Specifying Project Settings with
.fossa.yml - Upgrading from FOSSA CLI v1 to a Supported FOSSA CLI
- Debugging FOSSA CLI
- How to Debug Path Filters
- Debugging Container Analysis
- Understanding SSL/TLS Certificates and FOSSA
If we don't support your choice of language/buildtool, please create a support ticket to express interest!
Please see our 'What data gets uploaded?' doc for more information.
Please see our contributing documentation.