FOSSA supports archives, vendorized dependencies and binaries through a variety of methods.
|Tool||Quick Import (app.fossa.com)||CLI (fossa-cli)|
About Archive Formats
Archive formats are a special kind of dependency in FOSSA. They are not included through a standard build tool or process, but instead represent instances where developers have packaged up pieces of (potentially-modified) 3rd-party code and checked them into your source tree.
When archives are encountered, FOSSA makes a "best-effort" attempt at resolving it to known 3rd-party code.
Below is a table of available resolution strategies in Provided / Automated integration methods:
|CommonJS Package||Resolved from ||Y||Y|
|Python Package||Resolved from ||Y|
|Maven||Resolved from ||Y|
|Generic||Hash of archive / source tree||Contact Us|
You can also scan custom directories that contain 3rd-party code by annotating them in your
Click here to see the extensive docs on
Path dependencies are dependencies, deliberately sourced from filesystem, as opposed to package registry. For some languages, FOSSA supports analysis of path dependencies, via license scanning target directory.
Click here to learn more about path dependencies.
Updated 14 days ago