Subcommands
Stable reference for every fossa subcommand and its flags.
Overview
Entry point for stable fossa subcommands: analyze, test, report, container, project, and release group.
fossa analyze
EnterpriseDiscover build targets, resolve dependency graphs, and upload analysis results to FOSSA.
fossa container
Analyze and test container images for license and vulnerability policy violations.
fossa init
Generate starter fossa-deps and .
fossa list targets
List analysis targets the CLI would run in a directory without uploading results.
fossa project
EnterpriseCreate, view, and manage FOSSA projects from the command line.
fossa release-group
Manage FOSSA release groups and their member projects from the command line.
fossa report
Download compliance or attribution reports for the latest project revision.
fossa sbom
EnterpriseUpload SPDX or CycloneDX SBOMs to FOSSA and run policy tests against them.
fossa test
Fail CI when the latest scan has license or security policy violations.
Analyze
Fossa Analyze Additional Flag Options
Optional flags that modify how fossa analyze discovers and uploads projects.
Dynamic Linked Dependency Detection
Detect dynamically linked system libraries in C and C++ binaries during analyze.
Vendored Source Identification
Find vendored open source libraries copied beside first-party code during analyze.
Container
Release Group
fossa release-group add-projects
Add existing FOSSA projects to a release group.
fossa release-group create-release
Create a release snapshot inside a FOSSA release group.
fossa release-group create
Create a new FOSSA release group.
fossa release-group delete-release
Delete a release snapshot from a FOSSA release group.
fossa release-group delete
Delete a FOSSA release group.