Binaries, Archives or Custom (vendored code, etc...)
FOSSA supports archives, vendorized dependencies and binaries through a variety of methods.
| Tool | Quick Import (app.fossa.com) | CLI (fossa-cli) |
|---|---|---|
| Tar | Y | Y |
| Gzip | Y | Y |
| Zip | N/A | N/A |
| Egg/Wheel | Through Python support. | N/A |
About Archive Formats
Archive formats are a special kind of dependency in FOSSA. They are not included through a standard build tool or process, but instead represent instances where developers have packaged up pieces of (potentially-modified) 3rd-party code and checked them into your source tree.
When archives are encountered, FOSSA makes a "best-effort" attempt at resolving it to known 3rd-party code.
Resolution Strategies
Below is a table of available resolution strategies in Provided / Automated integration methods:
| Type | Resolution Keys | Supported | Provided |
|---|---|---|---|
| CommonJS Package | Resolved from package.json | Y | Y |
| Python Package | Resolved from setup.py | Y | |
| Maven | Resolved from pom.xml | Y | |
| Generic | Hash of archive / source tree | Contact Us |
Scanning Custom Directories
You can also scan custom directories that contain 3rd-party code by annotating them in your fossa-deps.yml file.
Click here to see the extensive docs on fossa-deps.yml
Path Dependencies
Path dependencies are dependencies, deliberately sourced from filesystem, as opposed to package registry. For some languages, FOSSA supports analysis of path dependencies, via license scanning target directory.
Click here to learn more about path dependencies.
Updated 5 months ago