This guide is for you to set up a FOSSA project with a generic CI workflow.
Integrating FOSSA with your generic CI pipeline requires
fossa-cli our open source dependency analysis client, to be installed on your CI machine. The client supports all 3 major operating systems (Unix, Darwin/OSX and Windows).
To test the CLI, you can install it in your local environment using the command below or download it directly from our Github Releases page.
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash # view `fossa` help text fossa --help
Then, add the FOSSA API key as an environment variable to your CI machine:
Once the environment variable is ready, it's time to edit your CI configuration file.
First, add a step to install
fossa-cli when your build starts. Usually the best place to include this is before your tests when you're still installing the environment pre-reqs:
Next, add a step to run the
fossa analyze command you just installed in order to upload dependency data from your build.
We recommend inserting the following in your configuration file after building your code so that
fossa will still have access to a freshly-built environment before any tests run:
# your build scripts before running `fossa` # NOTE: before running `fossa` make sure to save your FOSSA_API_KEY as a CI # environment variable. fossa analyze
Now with every CI build, you will be uploading a dependency report back to your hosted FOSSA instance.
To customize your
fossa analyzetask behavior, add a
.fossa.ymlfile to the root of your VCS.
View the .fossa.yml reference on GitHub.
Updated about 1 year ago