A policy in FOSSA is a collection of rules that enables control over which issues are created in your project for licenses and dependencies (projects). You can think of policies like license firewalls for your project.


A rule is a restriction built around licenses and/or projects. You may deny, flag, or approve any license or dependency that can be used with your project.

When you deny a dependency or license from being included in your project this will tell the issue scanners to create an issue that requires the license or dependency to be removed somehow. Example:

Deny rules exampleDeny rules example

Deny rules example

When you flag a dependency or license if it is included with your project this will tell the issue scanners to create an issue that requires manual approval. Example:

Flag rules exampleFlag rules example

Flag rules example

When you allow a dependency or license to be included with your project this tells the issue scanners to never create issues for the chosen dependency or license. Example:

Approve rules exampleApprove rules example

Approve rules example

Pre-installed Policies

FOSSA comes equipped with 3 standard, editable policies that we've drafted with top industry lawyers. Many of our customers rely on them out of the box:

1) Standard Bundle Distribution: Recommended for software deployed on on-premises. E.G. Apache Hadoop.

2) Single-Binary Distribution: Recommended for embedded software. E.G. A mobile app.

3) Website/Hosted Service: Recommended for websites. E.G. fossa.io.

Customizing Policies

You can create or manage your own Policies through the policies page.

To create a policy, click the CREATE POLICY button in the policies section.

Fill out a title and description. You can optionally choose a template to start this policy with.

To add a rule, click the Add Rule button over Deny, Flag for Review, or Approve panels.

Choose whether the rule will apply to a license or project (dependency) and fill out which you would like to apply the rule to.