Binaries, Archives or Custom (C, C++, etc...)

FOSSA supports archives, vendorized dependencies and binaries through a variety of methods.

Tool

Repository Scanning

CI/CD Scanning

Tar

Y

Y

Gzip

Y

Y

Zip

N/A

N/A

Egg/Wheel

Through Python support.

N/A

👍

About Archive Formats

Archive formats are a special kind of dependency in FOSSA. They are not included through a standard build tool or process, but instead represent instances where developers have packaged up pieces of (potentially-modified) 3rd-party code and checked them into your source tree.

When archives are encountered, FOSSA makes a "best-effort" attempt at resolving it to known 3rd-party code.

Resolution Strategies

Below is a table of available resolution strategies in Provided / Automated integration methods:

Type

Resolution Keys

Supported

Provided

CommonJS Package

Resolved from package.json

Y

Y

Python Package

Resolved from setup.py

Y

Maven

Resolved from pom.xml

Y

Generic

Hash of archive / source tree

Contact Us

Scanning Custom Directories

You can also scan custom directories that contain 3rd-party code by annotating them in your fossa-deps.yml file.

Click here to see the extensive docs on fossa-deps.yml