Binaries, Archives or Custom (vendored code, etc...)

FOSSA supports archives, vendorized dependencies and binaries through a variety of methods.

ToolQuick Import ( (fossa-cli)
Egg/WheelThrough Python support.N/A


About Archive Formats

Archive formats are a special kind of dependency in FOSSA. They are not included through a standard build tool or process, but instead represent instances where developers have packaged up pieces of (potentially-modified) 3rd-party code and checked them into your source tree.

When archives are encountered, FOSSA makes a "best-effort" attempt at resolving it to known 3rd-party code.

Resolution Strategies

Below is a table of available resolution strategies in Provided / Automated integration methods:

TypeResolution KeysSupportedProvided
CommonJS PackageResolved from package.jsonYY
Python PackageResolved from setup.pyY
MavenResolved from pom.xmlY
GenericHash of archive / source treeContact Us

Scanning Custom Directories

You can also scan custom directories that contain 3rd-party code by annotating them in your fossa-deps.yml file.

Click here to see the extensive docs on fossa-deps.yml