Fossa Analyze Additional Flag Options

Optional flags that modify how fossa analyze discovers and uploads projects.

3 min readUpdated Jul 10, 2026

Overview

This page is going to outline the optional flags that you can pass in when you are running fossa analyze:

FlagDescription
--debugEnable debug logging, and write detailed debug information to fossa.debug.json
-e,--endpoint URLThe FOSSA API server base URL (default https://app.fossa.com)
-p,--project ARGthis repository's URL or VCS endpoint (default: VCS remote 'origin')
-r,--revision ARGthis repository's current revision hash (default: VCS hash HEAD)
--fossa-api-key ARGthe FOSSA API server authentication key (default:FOSSA_API_KEY from env)
-c,--config ARGPath to configuration file including filename (default: .fossa.yml)
--with-telemetry-scope ARGScope of telemetry to use, the options are 'full' or 'off'. (default: 'full')
-o,--outputOutput results to stdout instead of uploading to fossa
--unpack-archivesRecursively unpack and analyze discovered archives
--jsonOutput project metadata as json to the console. Useful for communicating with the FOSSA API
--include-unused-depsInclude all deps found, instead of filtering non-production deps. Ignored by VSI.
--debug-no-discovery-exclusionIgnore filters during discovery phase. This is for debugging only and may be removed without warning.
--force-vendored-dependency-scan-method METHODForce the vendored dependency scan method. The options are 'CLILicenseScan' or 'ArchiveUpload'. 'CLILicenseScan' is usually the default unless your organization has overridden this.
--force-vendored-dependency-rescansForce vendored dependencies to be rescanned even if the revision has been previously analyzed by FOSSA. This currently only works for CLI-side license scans.
-b,--branch ARGthis repository's current branch (default: current VCS branch)
-t,--title ARGthe title of the FOSSA project. (default: the project name)
-P,--project-url ARGthis repository's home page
-j,--jira-project-key ARGthis repository's JIRA project key
-L,--link ARGa link to attach to the current build
-T,--team ARGthis repository's team inside your organization
--policy ARGthe policy to assign to this project in FOSSA
--release-group-name ARGthe name of the release group to add this project to
--release-group-release ARGthe release of the release group to add this project to
--only-target PATHOnly scan these targets. See targets.only in the fossa.yml spec.
--exclude-target PATHExclude these targets from scanning. See targets.exclude in the fossa.yml spec.
--only-path PATHOnly scan these paths. See paths.only in the fossa.yml spec.
--exclude-path PATHExclude these paths from scanning. See paths.exclude in the fossa.yml spec.
--x-vendettaAnalyzes project files on disk to detect vendored open source libraries
--experimental-enable-binary-discoveryReports binary files as unlicensed dependencies
--experimental-link-project-binary DIRLinks output binary files to this project in FOSSA
--detect-dynamic BINARYAnalyzes dynamically linked libraries in the target binary and reports them as dependencies
--experimental-skip-vsi-graph LOCATORSkip resolving the dependencies of the given project in FOSSA
DIRSet the base directory for scanning (default: current directory)
-h,--helpShow this help text
-V,--versionshow version information and exit (global option)
© 2026 FOSSA, Inc.support@fossa.com