Quality
Assess dependency health, quality scoring, and maintenance signals for the packages you depend on.
1 min readUpdated Jul 9, 2026
Overview
Beyond licenses and CVEs, the long-term risk of a dependency comes from how well it's maintained. FOSSA's quality scanner evaluates every direct and transitive dependency and raises a quality issue (in the project's Issues tab) when a package is outdated, blocked, or shows a supply-chain risk signal.
What this covers
- Understanding Quality Issues: what each issue type means: outdated versions, blocked packages, and the risk-intelligence signals (abandonware, empty packages, native code).
- Reviewing Quality Issues: triage and resolve quality issues across your projects.
- Quality Scanning: how quality issues are generated and gated in CI/CD.
Put it to work
- Use Quality Policies to gate on quality thresholds across your projects, so unhealthy dependencies raise issues automatically.
- Review what FOSSA finds alongside your licensing and security issues; the same triage workflow surfaces all three.