Get Started

New to FOSSA? Import your first project, run a scan, and see results in minutes.

2 min readUpdated Jul 9, 2026

Overview

Over 80% of the code in a modern application comes from open source. Every one of those components carries license, security, and quality implications you're responsible for. FOSSA plugs into your existing workflow to automatically track, manage, and remediate them, so your team ships faster with less risk.

Note

Create an account on our website, or request a demo. This guide takes you from zero to your first results.

What you can do with FOSSA

  • Stay license-compliant: detect every license obligation and generate the attribution documents you're required to ship.
  • Monitor security: surface and prioritize vulnerabilities in your dependencies, with real-world exploit signals.
  • Catch quality issues: flag outdated, abandoned, or risky components before they bite.
  • Enforce policy: codify what's allowed and fail CI/CD automatically when something isn't.

The fastest path to results

You're four steps from a fully monitored project:

  1. 1

    Import your project

    Get your code into FOSSA. Quick Import connects your source host and scans hundreds of repos in a click; CLI runs in your build for the most accurate results. See all import methods.

  2. 2

    Run a scan

    FOSSA analyzes your dependencies, automatically on import or each time you run fossa analyze. No extra setup required.

  3. 3

    Review your results

    Explore what FOSSA found: Licenses, Vulnerabilities, and Quality signals across your project.

  4. 4

    Automate it

    Set Policies and add a check to your CI/CD pipeline so new risk is caught on every build, not after release.

Start here

Need a hand?

Reach the team at support@fossa.com or through our support site. Building on top of FOSSA? See the API Reference and Integrations.

© 2026 FOSSA, Inc.support@fossa.com