Now that you are logged in, you are ready to import your project.
From the Add Projects page, you have the option to Integrate Locally (CLI) or to use the Quick Import option.
Choosing a specific option depends on how much effort you would like to expend during the initial setup and the level of accuracy you are comfortable with attaining.
Recommended for Non-Technical Users Only
This path is recommended for non-technical users or people simply testing the tool.
If you are a developer and are willing to do upfront configuration, we recommend taking a look at our Local Plugin, which is more accurate, secure, and performant for continual analysis.
FOSSA can import code from cloud-based Version Control System (VCS) providers such as GitHub.com. By choosing this import method, FOSSA looks at your code to "guess" the dependencies brought in. While less accurate, this method gets results with minimal configuration and automatically sets up deep integrations such as webhooks, scheduled updates, and publish code/review pull request statuses.
Pick this method if:
- You want a quick setup to test integrations
- You want to bulk-audit hundreds of repositories
- You have numerous codebases that are small and relatively simple
- You are not a programmer and cannot access development or CI environments
Click Quick Import to start the process of importing your project from your VCS of choice.
Connecting to GitHub, Bitbucket, GitLab, or Azure Repos.
To import from one of our supported cloud VCS providers, connect your service account (i.e. your GitHub, Bitbucket, or GitLab account) to your FOSSA account from the Project Imports Page. If you signed in to FOSSA using a cloud VCS provider account, it will already be connected.
For the remainder of this document, we use GitHub as the VCS example.
You might notice that our GitHub integration asks for write permissions on private repositories. This is due to a limitation with GitHub, which does not provide a read-only permission scope for private repositories (see dear-github/dear-github#113). FOSSA will never write to your repositories for any reason.
If you cannot give code access, Local Integration method will be a better fit, as it doesn't require any code access from FOSSA.
After connecting your VCS provider account, you should see a list of your repositories. To import, simply select Import All for all the repositories or select specific ones and click Import.
It is recommended that you import the branch that is to be deployed in your production environment.
If you still can’t find your repository, then it could be that you have not granted FOSSA access to your team or sub-group in your VCS provider. Refer to your VCS provider’s documentation.
Before the repositories are imported, there are additional settings that you can select to ensure you are importing the specific repositories and you are configuring certain settings.
You can filter the repositories to be imported based on whether they are set to Public, Private, or All. You can also filter by when the repository was last updated and whether to include forks.
Click Next Step to configure the import based on Notification, Updates, and Access permission.
The following settings are recommended when configuring the import(s).
Notifications are specific to issue notifications. You will receive an email when an issue is encountered.
In the Misc box, you can choose to submit badge PRs after the import in public READMEs only. This badge shows that the repository was scanned by FOSSA. For more information, refer to the Getting a Badge Pull Request (Github.com only) section below.
This option is only available for GitHub repositories.
Click Confirm Import to initiate the import process.
Depending on the number of repositories and their respective sizes, the import process may take some time to complete.
You can click Back to projects to see the list of repositories being imported.
If you can’t find your repository, try clicking on the team selector and switching teams.
You can also use the search bar to find projects.
If you enable the option Submit badge PRs after import (public Github READMEs only) then FOSSA automatically sends you a Pull Request to track your license scan status in your README, as soon as FOSSA imports the project. See an example on Webpack’s README.
As well as adding a badge in the top of the README beneath the title (where badges on GitHub READMEs are normally placed), we also attach a badge at the bottom of the README to provide more information about the details of FOSSA’s analysis. You don't need to update this badge when your project adds dependencies, and you won't get a new pull request with an updated badge; FOSSA automatically updates it when users load the README, and it stays up-to-date with your default branch.
Updated 7 days ago