The FOSSA Developer Hub

Welcome to the FOSSA developer hub. You'll find comprehensive guides and documentation to help you start working with FOSSA as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

FOSSA supports Ruby through RubyGems.


Repository Scanning

CI/CD Scanning


Gemfile, Gemfile.lock or *.gemspec

Gemfile, Gemfile.lock or *.gemspec



Gemfile, Gemfile.lock

Repository Scanning

When Ruby code is imported, FOSSA will find and run any Gemfile or *.gemspec files and monitor dependency activity.

If a Gemfile.lock is present, FOSSA will prefer that for dependency information.

CI/CD Scanning

Provided Builds relies on fossa-cli. To get started, install the latest release of fossa-cli from our GitHub releases page:

curl -H 'Cache-Control: no-cache' | bash

Then, running fossa init in your code directory should bootstrap configuration for your Ruby project.

In CI/CD Scanning for Ruby, fossa will rely on the output of bundle list to determine what was installed in your build environment.

View extended documentation here.


FOSSA supports fetching private Gems from custom or authenticated sources.

You can configure FOSSA's access to private Gem sources in your Ruby Language Settings found at Account Settings > Languages > Ruby:

Configuring Private RubyGem SourcesConfiguring Private RubyGem Sources

Configuring Private RubyGem Sources

Once configured, FOSSA will be able to resolve any previously unreachable Gems.

Package Data

For basic metadata, FOSSA will parse or evaluate all available metadata files for license and authorship information. This includes Gemfile, Gemfile.lock and *.gemspec formats.

Since source is generally accessible, FOSSA supports full code auditing on RubyGems and will run license scans / code analysis across all files in a given Gem.

Updated about a year ago


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.