Overview

FOSSA can import code from cloud-based Version Control System (VCS) providers such as GitHub.com. By choosing this import method, FOSSA looks at your code to analyze the dependencies brought in. This method gets immediate results with minimal configuration and automatically configures webhooks, scheduled updates, and publish code/review pull request statuses.

Pick this method if:

• You want a quick setup to test integrations
• You want to bulk-audit hundreds of repositories
• You have numerous codebases that are small and relatively simple

Get Started

Click Quick Import to start the process of importing your project from your VCS of choice.

Connecting to GitHub, Bitbucket, GitLab, or Azure Repos.

To import from one of our supported cloud VCS providers, connect your service account (i.e. your GitHub, Bitbucket, or GitLab account) to your FOSSA account from the Project Imports Page. If you signed in to FOSSA using a cloud VCS provider account, it will already be connected.

📘

NOTE

For the remainder of this document, we use GitHub as the VCS example.

❗️

GitHub Permissions

You might notice that our GitHub integration asks for write permissions on private repositories. This is due to a limitation with GitHub, which does not provide a read-only permission scope for private repositories (see dear-github/dear-github#113). FOSSA will never write to your repositories for any reason.
If you cannot give code access, Local Integration method will be a better fit, as it doesn't require any code access from FOSSA.

After connecting your VCS provider account, you should see a list of your repositories.

To import, simply select Import All for all the repositories or select specific ones and click Import.

🚧

TIP

It is recommended that you import the branch that is to be deployed in your production environment.

📘

NOTE

If you still can’t find your repository, then it could be that you have not granted FOSSA access to your team or sub-group in your VCS provider. Refer to your VCS provider’s documentation.

Before the repositories are imported, there are additional settings that you can select to ensure you are importing the specific repositories and you are configuring certain settings.

You can filter the repositories to be imported based on whether they are set to Public, Private, or All. You can also filter by when the repository was last updated and whether to include forks.

Click Next Step to configure the import based on Notification, Updates, and Access permission.

The following settings are recommended when configuring the import(s).

Notifications are specific to issue notifications. You will receive an email when an issue is encountered.

In the Misc box, you can choose to submit badge PRs after the import in public READMEs only. This badge shows that the repository was scanned by FOSSA. For more information, refer to the Getting a Badge Pull Request (Github.com only) section below.

❗️

IMPORTANT

This option is only available for GitHub repositories.

Click Confirm Import to initiate the import process.

📘

NOTE

Depending on the number of repositories and their respective sizes, the import process may take some time to complete.

You can click Back to projects to see the list of repositories being imported.

Searching and Selecting Repositories

If you can’t find your repository, try clicking on the team selector and switching teams.

You can also use the search bar to find projects.

Getting a Badge Pull Request (Github.com only)

If you enable the option Submit badge PRs after import (public Github READMEs only) then FOSSA automatically sends you a Pull Request to track your license scan status in your README, as soon as FOSSA imports the project. See an example on Webpack’s README.

As well as adding a badge in the top of the README beneath the title (where badges on GitHub READMEs are normally placed), we also attach a badge at the bottom of the README to provide more information about the details of FOSSA’s analysis. You don't need to update this badge when your project adds dependencies, and you won't get a new pull request with an updated badge; FOSSA automatically updates it when users load the README, and it stays up-to-date with your default branch.