The FOSSA Developer Hub

Welcome to the FOSSA developer hub. You'll find comprehensive guides and documentation to help you start working with FOSSA as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Repository Scanning

By default, all projects imported into FOSSA through a service or VCS are enrolled in "Repository Scanning".

In this model, when your code is updated in GitHub, Bitbucket or any known service, FOSSA will automatically pull the latest updates into a build container and analyze it for dependencies.

Since FOSSA is operating with raw code, in this approach FOSSA must "guess" the dependencies you would bring in during a build. This is done with a combination of techniques involving static code analysis, incremental builds, and configuration inference.

Repository Scanning is best for when...

  • You want a quick & dirty start to test all integrations
  • You want to bulk-audit 100s of repositories
  • You have numerous but relatively simple / small codebases

Refer to the language documentation for more technical detail on how FOSSA analyzes dependencies in Repository Scanning.

Updated about a year ago

Repository Scanning

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.