fossa test
Fail CI when the latest scan has license or security policy violations.
Works with a push-only API token
Every FOSSA endpoint this command calls is on the push-only allowlist, so a push-only token is sufficient. Learn about token access levels.
fossa test
The test command checks whether the most-recent scan of your FOSSA project raised license-policy or vulnerability issues. This command is usually run immediately after fossa analyze
- If there are issues, it prints them to stderr and fails with an exit code of 1
- If there are no issues, it prints nothing and succeeds with an exit code of 0
fossa test supports the Common FOSSA Project Flags supported by all commands
Specifying a timeout
By default, fossa test waits a maximum of 3600 seconds (1 hour) for issue scan results. To override the default timeout, use, e.g.:
fossa test --timeout 60Where 60 is the maximum number of seconds to wait for issue scan results.
Print issues as JSON
By default, fossa test displays issues in a human-readable format. To instead print issues as JSON, use:
fossa test --format jsonTest for new issues compared to another revision
--diff <REVISION> configures FOSSA to only report new issues observed with the current revision that weren't already reported on the specified <REVISION>.
fossa test --diff revisionToCompareExample
fossa test --revision 34021e --diff v2.0.0This only reports issues that are present in 34021e revision, BUT are not present in revision v2.0.0.
For instance,
If the revision
v2.0.0has issue:A, and the revision34021ehas issueA,fossa-clireports no new issues discovered and exits with status code of 0.
If the revision
v2.0.0has issue:A, and the revision34021ehas 0 issues,fossa-clireports no new issues discovered and exits with status code of 0.
If the revision
v2.0.0has issue:A, and the revision34021ehas issuesA,B,fossa-clireports issueBand exits with status code of 1.