FOSSA CLI

Analyze dependencies, test policies, and generate reports from the command line.

1 min readUpdated Jul 9, 2026

Overview

The FOSSA CLI analyzes your project's dependencies from the command line, on your machine or in CI, and uploads the results to FOSSA for license, security, and quality analysis. For most projects it works with zero configuration: install the CLI, set your API key, and run fossa analyze.

Because it reads dependencies straight from your build, the CLI is the most accurate way to get a project into FOSSA. See Project Setup for how it compares to Quick Import and the other import methods, and CI/CD scanning to run it automatically on every build.

These docs are organized into Concepts (how analysis works), Walkthroughs (step-by-step integration guides), Features (specific capabilities like container and vendored-dependency scanning), and References (every command, configuration file, and troubleshooting guide). Browse them below or from the sidebar. Not sure what the CLI sends to FOSSA? See what data gets uploaded.

Walkthroughs

Analyze only a set of targets

Control which build targets the CLI discovers and how paths map to analyzers.

Read more

Analyzing the Android Open Source Project

Integrate FOSSA with Android Open Source Project builds and custom Android distributions.

Read more

Scanning Buildroot Projects

Scan Buildroot-based embedded Linux projects for license and security compliance with FOSSA.

Read more

Custom Integration with Conan Package Manager

Set up FOSSA CLI analysis for C and C++ projects that use the Conan package manager.

Read more

Integrating Container Scanning in CI

Run container image analysis and policy tests in a generic CI pipeline.

Read more

Custom Integration using fossa-deps

Example of declaring custom or non-standard dependencies with fossa-deps for Bower.

Read more

Installing Fossa CLI

Download and install the FOSSA CLI on macOS, Linux, and Windows.

Read more

Quick Start

Configure your API key and run your first analyze and test cycle with minimal setup.

Read more

Using FOSSA CLI with HTTP Proxies

Route CLI traffic through corporate HTTP proxies using standard environment variables.

Read more

Custom SSL Certificate with fossa-cli

Point the CLI at custom root certificate stores for TLS in locked-down networks.

Read more

What Data Gets Uploaded to FOSSA's Servers

Types of data the CLI sends to FOSSA during analyze, including dependencies, vendored code, and telemetry.

Read more

Scanning Yocto Projects

Analyze and report the runtime packages of a Yocto image build to FOSSA using the meta-fossa layer.

Read more
© 2026 FOSSA, Inc.support@fossa.com