Fail CI/CD Checks

Block merges and deploys when FOSSA detects license, vulnerability, or quality violations.

2 min readUpdated Jul 9, 2026

Overview

FOSSA can fail CI/CD checks when issues are detected during a scan. Those issues may relate to licensing, security (vulnerabilities), or quality. You configure this behavior per category in a project's Policies settings.

Project Policies settings

Configuring a failure condition

Note

Before you can fail CI/CD checks for a category, you must enable the relevant scan type (Licensing, Security, or Quality) for the project.

  1. 1

    Open the project's Policies settings

    In your project's settings, select the Policies tab, then choose the category you want to configure: Licensing, Security, or Quality.

  2. 2

    Enable the failure condition

    Turn on "Fail CI/CD checks if {category} issues matching this filter exist." The {category} placeholder reflects the category you selected, for example, "Fail CI/CD checks if Licensing issues matching this filter exist."

  3. 3

    Choose an issue filter

    Select an issue filter from the dropdown. The default is "All issues (not filtered)", which fails the check on any issue in that category. Use a filter to target specific issues.

Below are some example licensing issue filters:

Example licensing issue filters

How the check fails

When a check is configured and matching issues exist, FOSSA reports a failing status to your CI/CD pipeline. If you run scans with the FOSSA CLI, fossa test returns a non-zero exit code when matching issues are found, which fails the build step. See the CLI documentation for details.

What's next

  • Issue Scanners: Control which issue categories (licensing, security, quality) contribute to CI/CD failures.
  • Licensing Policies: Define which licenses trigger check failures.
  • Security Policy: Define which vulnerability severities trigger check failures.
© 2026 FOSSA, Inc.support@fossa.com