Everything you need
to manage open source at scale
Guides, API references, and tutorials for developers, security teams, and legal counsel using FOSSA to manage open source risk.
User guides
FOSSA serves developers, security teams, and legal counsel — find your path below.
For Developers
Install the CLI, integrate with your CI/CD pipeline, and automate dependency analysis across all your projects.
For Security Teams
Scan dependencies for vulnerabilities, manage CVEs, generate SBOMs, and monitor supply chain risk across your org.
For Legal & Compliance
Understand license obligations, generate attribution notices, set compliance policies, and produce reports for legal review.
FOSSA product guides
Everything FOSSA offers — pick what you need.
Browse by section
Jump straight to a docs area.
Get Started
New to FOSSA? Import your first project, run a scan, and see results in minutes.
Project Setup
Get your code into FOSSA — import projects from source hosts, the CLI, or CI, then configure how they're scanned and organized.
Release Groups
Bundle related projects into a single unit for shared reporting, policy enforcement, and release tracking.
Issues
Track, triage, and manage licensing, security, and quality issues across your projects.
Licenses
Detect open source licenses, understand obligations, generate attribution, and track your compliance posture.
Vulnerabilities
Find known vulnerabilities (CVEs), prioritize them, and drive remediation workflows.
Quality
Assess dependency health, quality scoring, and maintenance signals for the packages you depend on.
SBOM
Generate, import, export, and manage software bills of materials.
Policies
Define rules once and enforce them automatically across licenses, vulnerabilities, and quality.
Reports
Generate, schedule, and export compliance and security reports from your FOSSA data.
FOSSA CLI
Analyze dependencies, test policies, and generate reports from the command line.
API Reference
Build integrations and automate workflows with the FOSSA REST API.
Integrations
Connect FOSSA to CI/CD, source hosts, Jira, Slack, and fossabot.
fossabot
Automated PR comments and status checks that surface license, security, and quality findings in pull requests.
Organization Management
Manage users, teams, roles, SSO, and organization-wide settings for your FOSSA instance.
On-Premises Deployment
Deploy and operate FOSSA in your own infrastructure with Kubernetes and Helm.
Help & Support
Troubleshooting, FAQs, and how to get support from FOSSA.
Legal
Terms of service, privacy policy, and other legal documentation.