Generic CI

Integrating FOSSA with a generic CI

This guide is for you to set up a FOSSA project with a generic CI workflow.

Getting started

Integrating FOSSA with your generic CI pipeline requires fossa-cli our open source dependency analysis client, to be installed on your CI machine. The client supports all 3 major operating systems (Unix, Darwin/OSX and Windows).

To test the CLI, you can install it in your local environment using the command below or download it directly from our Github Releases page.

curl -H 'Cache-Control: no-cache' | bash

# view `fossa` help text
fossa --help

Set up your generic CI environment

First, grab a FOSSA API Key from your FOSSA account under your Integration Settings.


Then, add the FOSSA API key as an environment variable to your CI machine:

Add FOSSA steps to your CI configuration file

Once the environment variable is ready, it's time to edit your CI configuration file.

First, add a step to install fossa-cli when your build starts. Usually the best place to include this is before your tests when you're still installing the environment pre-reqs:


# your typical install commands
# i.e. `bundle install` for ruby or `npm install` for javascript


# install fossa-cli
"curl -H 'Cache-Control: no-cache' | sudo bash"


# building your code and running tests

Next, add a step to run the fossa analyze command you just installed in order to upload dependency data from your build.

We recommend inserting the following in your configuration file after building your code so that fossa will still have access to a freshly-built environment before any tests run:

# your build scripts before running `fossa`
# NOTE: before running `fossa` make sure to save your FOSSA_API_KEY as a CI
# environment variable.
fossa analyze

Now with every CI build, you will be uploading a dependency report back to your hosted FOSSA instance.


Customizing with .fossa.yml

To customize your fossa analyze task behavior, add a .fossa.yml file to the root of your VCS.

View the .fossa.yml reference on GitHub.