Jenkins
Install the FOSSA CLI on your Jenkins agent and add build steps to run fossa analyze and fossa test.
Overview
Add FOSSA to your Jenkins pipeline to upload dependency data on every build and optionally gate builds on your FOSSA policy status.
Prerequisites
A FOSSA API key from Settings → Integrations → API Tokens.
Note
If you maintain a public repository, use a Push Only token so the key cannot be used to read sensitive data from your FOSSA account.
Store the key as a Jenkins credential. In Jenkins, go to Manage Jenkins → Credentials and add a Secret text credential with the ID
FOSSA_API_KEY. Then expose it to your pipeline using thewithCredentialsorenvironmentblock (see the examples below).
Adding FOSSA to your Jenkinsfile
Running fossa analyze
Add a Fossa Analyze stage immediately after your build stage, before tests run, so FOSSA has access to a freshly-built dependency graph:
pipeline { agent any environment { FOSSA_API_KEY = credentials('FOSSA_API_KEY') } stages { stage('Checkout') { steps { git 'https://github.com/your-org/your-repo.git' } } stage('Build') { steps { sh 'npm install' } } stage('Fossa Analyze') { steps { sh 'curl -H \'Cache-Control: no-cache\' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash' sh 'fossa analyze' } } }}The environment block injects the credential as $FOSSA_API_KEY, which the CLI picks up automatically. Every build will upload a dependency report to FOSSA.
Note
To control which targets FOSSA analyses, add a .fossa.yml file to the root of your repository. See the .fossa.yml reference on GitHub.
Blocking builds on FOSSA policy status
Add a Fossa Test stage to fail the build when FOSSA detects policy violations:
stage('Fossa Test') { steps { sh 'fossa test' } }fossa test polls FOSSA until the scan result is ready, then exits non-zero if any issues violate your policy, blocking the build. The default timeout is 600 seconds (10 minutes). Override it with:
sh 'fossa test --timeout 300'See the fossa test reference for details.
Full Jenkinsfile example
pipeline { agent any environment { FOSSA_API_KEY = credentials('FOSSA_API_KEY') } stages { stage('Checkout') { steps { git 'https://github.com/your-org/your-repo.git' } } stage('Build') { steps { sh 'npm install' } } stage('Fossa Analyze') { steps { sh 'curl -H \'Cache-Control: no-cache\' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash' sh 'fossa analyze' } } stage('Test') { steps { sh 'npm test' } } stage('Fossa Test') { steps { sh 'fossa test' } } }}