Get Started
New to FOSSA? Import your first project, run a scan, and see results in minutes.
Overview
Over 80% of the code in a modern application comes from open source. Every one of those components carries license, security, and quality implications you're responsible for. FOSSA plugs into your existing workflow to automatically track, manage, and remediate them, so your team ships faster with less risk.
Note
Create an account on our website, or request a demo. This guide takes you from zero to your first results.
What you can do with FOSSA
- Stay license-compliant: detect every license obligation and generate the attribution documents you're required to ship.
- Monitor security: surface and prioritize vulnerabilities in your dependencies, with real-world exploit signals.
- Catch quality issues: flag outdated, abandoned, or risky components before they bite.
- Enforce policy: codify what's allowed and fail CI/CD automatically when something isn't.
The fastest path to results
You're four steps from a fully monitored project:
- 1
Import your project
Get your code into FOSSA. Quick Import connects your source host and scans hundreds of repos in a click; CLI runs in your build for the most accurate results. See all import methods.
- 2
Run a scan
FOSSA analyzes your dependencies, automatically on import or each time you run
fossa analyze. No extra setup required. - 3
Review your results
Explore what FOSSA found: Licenses, Vulnerabilities, and Quality signals across your project.
- 4
Automate it
Set Policies and add a check to your CI/CD pipeline so new risk is caught on every build, not after release.
Start here
- Your First Scan: the hands-on five-minute walkthrough, from account to first results.
- CLI vs Quick Import: not sure which import method to use? Start here.
- Project Setup: every way to get code and artifacts into FOSSA.
Need a hand?
Reach the team at support@fossa.com or through our support site. Building on top of FOSSA? See the API Reference and Integrations.