When to use CLI or Quick Import

When first integrating with FOSSA, it's recommended to use our Quick Import feature, which allows you to quickly and easily import your projects and get an idea of the dependencies and licenses found within your project. However, depending on the build environment, you may find that Quick Import isn't meeting your needs. There are two primary differences between Quick Import/Broker and our CLI integration.

Dynamic vs Static Analysis

Some of our analysis methods are statically parsing files that exist in your project to come to a conclusion on which dependencies are included and the connections between those dependencies. This is what we mean when we refer to Static Analysis.

However, Dynamic Analysis is when we use build tools (such as the Maven or Gradle CLIs) to receive information about what is included in a package. If you're more interested in the topic, you can read further in the Strategies documentation.

What's important to know here is that Broker and Quick Import only support Static Analysis, whereas the CLI supports both Static and Dynamic Analysis.

Custom License Scans/Keyword Matches

Custom License Scans and Keyword Matches allow you to specify specific strings that will be treated as a license and recognized when included in your project. However, in the current moment, this is only supported by Provided Builds (that is to say, the CLI).

Conclusion

Quick Import's primary strength is the ease and speed of roll-out, especially when dealing with a large volume of projects. However, the CLI will always provide the best results if the time can be invested to integrate it with projects because it supports the full range of our analysis strategies, as well as custom features such as Custom License Scans.

In addition to those two main points, the CLI provides a more tailored experience, where you can choose to ignore certain types of dependencies or projects or paths within the project.