FOSSA supports archives, vendorized dependencies and binaries through a variety of methods.
About Archive Formats
Archive formats are a special kind of dependency in FOSSA. They are not included through a standard build tool or process, but instead represent instances where developers have packaged up pieces of (potentially-modified) 3rd-party code and checked them into your source tree.
When archives are encountered, FOSSA makes a "best-effort" attempt at resolving it to known 3rd-party code.
Below is a table of available resolution strategies in Provided / Automated integration methods:
Hash of archive / source tree
You can also scan custom directories that contain 3rd-party code by annotating them in your
See the fossa-cli docs fore more details.
Updated about a year ago