Quick Import

Connect GitHub, GitLab, Bitbucket, or Azure Repos and scan hundreds of repositories in one click.

4 min readUpdated Jul 9, 2026

Overview

Quick Import connects FOSSA to a cloud Version Control System (VCS) (such as GitHub) and analyzes the dependencies in your repositories. It gets immediate results with minimal configuration and automatically sets up webhooks, scheduled updates, and pull-request status checks.

Pick this method if:

  • You want a quick setup to test integrations.
  • You want to bulk-audit hundreds of repositories.
  • You have many codebases that are small and relatively simple.

For the most accurate results on complex builds, use CLI instead.

Connection methods

When you click Quick Import, FOSSA shows eight options for getting your projects in. Most are a one-click OAuth flow, authorize your VCS account and start selecting repositories. Two providers require an admin to complete a one-time setup before the connection is available to your team.

MethodUse when…Notes
GitHub AppImporting repos owned by a GitHub organizationInstalls at the org level and isn't tied to any individual's account. Recommended for team and org-wide imports. See GitHub App.
GitHub OAuthImporting your own personal GitHub reposConnects through your personal GitHub account. Already linked if you signed in to FOSSA with GitHub.
GitLabYour projects live on GitLab.comStandard OAuth, no prerequisites.
Bitbucket.orgYour projects live on Bitbucket CloudStandard OAuth, no prerequisites.
Azure ReposYour projects live in Azure DevOpsRequires a Project Collection Administrator to enable third-party OAuth in your Azure DevOps org before connecting. See Azure Repos.
Bitbucket ServerYour projects live on a self-hosted Bitbucket instanceOn-Prem FOSSA only. Requires an Application Link and a fossabot service account. See Bitbucket Server.
Upload ArchiveYour code isn't on a VCS at allUpload a .zip, .tar.gz, .jar, or similar archive directly and FOSSA analyzes it as a project. See Archive Upload.
Other / PublicImporting from any publicly accessible repositoryPaste a public repository URL, no authentication required.

Connect your VCS

Click Quick Import to start importing from your VCS of choice, then connect your service account from the Project Imports page. If you signed in to FOSSA with a cloud VCS account, it's already connected.

The Quick Import screen showing GitHub, Bitbucket, GitLab, Azure Repos, and other VCS options

Note

The rest of this page uses GitHub as the example VCS.

Danger

The GitHub integration requests write permissions on private repositories. This is a GitHub limitation. It provides no read-only scope for private repos (see dear-github#113). FOSSA never writes to your repositories. If you can't grant code access, CLI is a better fit. It requires no code access.

Import repositories

After connecting, you'll see your repositories. Select Import All, or pick specific repos and click Import.

The repository list with branch, status, and Import actions per repo

Note

Import the branch deployed in your production environment. If a repo is missing, you may not have granted FOSSA access to that team or sub-group in your VCS; check your provider's settings.

Before importing, you can filter repositories by visibility (Public / Private / All), last-updated date, and whether to include forks.

Click Next Step to configure the import:

  • Notifications: issue-based email alerts.
    • Enable notifications (recommended for <20 repos)
    • Configure notifications later
  • Updates
    • Per-commit
    • Use organization defaults
    • Scheduled update (recommended for >20 repos)
  • Access
    • Default (as-is, based off repo permissions)
    • Set all public
    • Set all private
  • Misc
    • Submit badge PRs after import (public GitHub READMEs only)

Click Confirm Import to start. Large or numerous repositories may take a while; click Back to projects to watch progress.

Find a repository

If a repository isn't listed, switch teams with the team selector, or use the search bar to filter projects.

What's next

  • CI/CD Scanning: For greater accuracy on complex builds, integrate FOSSA into your CI pipeline to upload dependency data directly.
  • Pull Request Checks: Block merges when new issues are detected by enabling automatic status checks on your repositories.
  • Automatic Updates: Configure how and when FOSSA re-scans your projects to catch newly disclosed vulnerabilities and license changes.
© 2026 FOSSA, Inc.support@fossa.com