FOSSA supports archives, vendorized dependencies and binaries through a variety of methods.
|Tool||Repository Scanning||CI/CD Scanning|
About Archive Formats
Archive formats are a special kind of dependency in FOSSA. They are not included through a standard build tool or process, but instead represent instances where developers have packaged up pieces of (potentially-modified) 3rd-party code and checked them into your source tree.
When archives are encountered, FOSSA makes a "best-effort" attempt at resolving it to known 3rd-party code.
Below is a table of available resolution strategies in Provided / Automated integration methods:
|CommonJS Package||Resolved from ||Y||Y|
|Python Package||Resolved from ||Y|
|Maven||Resolved from ||Y|
|Generic||Hash of archive / source tree||Contact Us|
You can also scan custom directories that contain 3rd-party code by annotating them in your
See the fossa-cli docs fore more details.
Updated 8 months ago