Quick Import

Now that you are logged in, you are ready to import your project.
From the Add Projects page, you have the option to Integrate Locally (CLI) or to use the Quick Import option.

🚧

TIP

Choosing a specific option depends on how much effort you would like to expend during the initial setup and the level of accuracy you are comfortable with attaining.

❗️

Recommended for Non-Technical Users Only

This path is recommended for non-technical users or people simply testing the tool.
If you are a developer and are willing to do upfront configuration, we recommend taking a look at our Local Plugin, which is more accurate, secure, and performant for continual analysis.

FOSSA can import code from cloud-based Version Control System (VCS) providers such as GitHub.com. By choosing this import method, FOSSA looks at your code to "guess" the dependencies brought in. While less accurate, this method gets results with minimal configuration and automatically sets up deep integrations such as webhooks, scheduled updates, and publish code/review pull request statuses.

Pick this method if:

  • You want a quick setup to test integrations
  • You want to bulk-audit hundreds of repositories
  • You have numerous codebases that are small and relatively simple
  • You are not a programmer and cannot access development or CI environments
    Click Quick Import to start the process of importing your project from your VCS of choice.
751

Connecting to GitHub, Bitbucket, GitLab, or Azure Repos.

674

To import from one of our supported cloud VCS providers, connect your service account (i.e. your GitHub, Bitbucket, or GitLab account) to your FOSSA account from the Project Imports Page. If you signed in to FOSSA using a cloud VCS provider account, it will already be connected.

📘

NOTE

For the remainder of this document, we use GitHub as the VCS example.

❗️

GitHub Permissions

You might notice that our GitHub integration asks for write permissions on private repositories. This is due to a limitation with GitHub, which does not provide a read-only permission scope for private repositories (see dear-github/dear-github#113). FOSSA will never write to your repositories for any reason.
If you cannot give code access, Local Integration method will be a better fit, as it doesn't require any code access from FOSSA.

After connecting your VCS provider account, you should see a list of your repositories. To import, simply select Import All for all the repositories or select specific ones and click Import.

1600

🚧

TIP

It is recommended that you import the branch that is to be deployed in your production environment.

📘

NOTE

If you still can’t find your repository, then it could be that you have not granted FOSSA access to your team or sub-group in your VCS provider. Refer to your VCS provider’s documentation.

Before the repositories are imported, there are additional settings that you can select to ensure you are importing the specific repositories and you are configuring certain settings.

593

You can filter the repositories to be imported based on whether they are set to Public, Private, or All. You can also filter by when the repository was last updated and whether to include forks.
Click Next Step to configure the import based on Notification, Updates, and Access permission.

The following settings are recommended when configuring the import(s).

435

Notifications are specific to issue notifications. You will receive an email when an issue is encountered.

405 407

In the Misc box, you can choose to submit badge PRs after the import in public READMEs only. This badge shows that the repository was scanned by FOSSA. For more information, refer to the Getting a Badge Pull Request (Github.com only) section below.

❗️

IMPORTANT

This option is only available for GitHub repositories.

407

Click Confirm Import to initiate the import process.

📘

NOTE

Depending on the number of repositories and their respective sizes, the import process may take some time to complete.

You can click Back to projects to see the list of repositories being imported.

831 1600

Searching and Selecting Repositories

If you can’t find your repository, try clicking on the team selector and switching teams.

1600

You can also use the search bar to find projects.

1600

Getting a Badge Pull Request (Github.com only)

If you enable the option Submit badge PRs after import (public Github READMEs only) then FOSSA automatically sends you a Pull Request to track your license scan status in your README, as soon as FOSSA imports the project. See an example on Webpack’s README.

1440

As well as adding a badge in the top of the README beneath the title (where badges on GitHub READMEs are normally placed), we also attach a badge at the bottom of the README to provide more information about the details of FOSSA’s analysis. You don't need to update this badge when your project adds dependencies, and you won't get a new pull request with an updated badge; FOSSA automatically updates it when users load the README, and it stays up-to-date with your default branch.

558