The FOSSA Developer Hub

Welcome to the FOSSA developer hub. You'll find comprehensive guides and documentation to help you start working with FOSSA as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Architecture Overview

When FOSSA is installed behind your firewall, it will run an environment that's fully sealed within your organization.

Key Factors

  1. No proprietary code will ever leave your premises
  2. No scan data, signatures or hints are ever sent to FOSSA's servers — custom OSS database is fully built and maintained on premise
  3. Installing FOSSA creates no additional InfoSec footprint
    • (a) With internet access, FOSSA will download and analyze 3rd-party code anonymously from the web, equivalent to current behavior on developer machines or CI environments
    • (b) In fully air-gapped environments (no internet), all network activity can be routed through internal code and artifact hosts

For security info about our hosted version or development process, please visit https://fossa.io/security

Importing from Custom URLs or Code Hosts

By default, FOSSA works best with rich service brokers (like Github, Bitbucket, Gitlab). However if you have code living in a custom code or artifact host, FOSSA's on-prem version can import from a raw URL:

FOSSA supports any URL from supported VCS, artifact hosts/registries and tools that live inside your intranet. After importing custom code, FOSSA will scan it for all branches/tags and set up automatic updates/tracking for the default branch:

By default, FOSSA will enable daily or hourly scans on your default branch. If FOSSA finds any issues, it will notifying you with email reports that will link back to your dashboard where you can analyze and fix the issue:

Congrats! Now you have compliance running internally at your company in the background of your workflow.

Hooking Into Development

If you'd like to surface/enforce its checks deeper within your organization, you can easily configure it to add more feedback to your internal tools.

Importing through Github, Gitlab or Bitbucket will immediately prepare deeper integrations that you can toggle including:

  • Continual per-commit scanning via Webhooks
  • Automated code review (pull request) feedback / blocking
  • Issue tracker syncing
  • Continuous integration and test plugins
  • Commit status integration

FOSSA also comes with a full suite of plugins and integrations into other tools that will work all on-premises:

See our full integration directly at https://fossa.io#integrations or docs on how to set these up.

Architecture Overview


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.