OPEN FOSSA APP
These docs are for v1.0. Click to read the latest docs for v3.2.

Architectural Overview

Suggest Edits

When FOSSA is installed behind your firewall, it will run an environment that's fully sealed within your organization.

Key Factors

  1. No proprietary code will ever leave your premises
  2. No scan data, signatures or hints are ever sent to FOSSA's servers — custom OSS database is fully built and maintained on premise
  3. Installing FOSSA creates no additional InfoSec footprint
    • (a) With internet access, FOSSA will download and analyze 3rd-party code anonymously from the web, equivalent to current behavior on developer machines or CI environments
    • (b) In fully air-gapped environments (no internet), all network activity can be routed through internal code and artifact hosts

For security info about our hosted version or development process, please visit https://docs.fossa.com/docs/security

Importing from Custom URLs or Code Hosts

By default, FOSSA works best with rich service brokers (like Github, Bitbucket, Gitlab). However if you have code living in a custom code or artifact host, FOSSA's on-prem version can import from a raw URL:

FOSSA supports any URL from supported VCS, artifact hosts/registries and tools that live inside your intranet. After importing custom code, FOSSA will scan it for all branches/tags and set up automatic updates/tracking for the default branch:

By default, FOSSA will enable daily or hourly scans on your default branch. If FOSSA finds any issues, it will notifying you with email reports that will link back to your dashboard where you can analyze and fix the issue:

Congrats! Now you have compliance running internally at your company in the background of your workflow.

Hooking Into Development

If you'd like to surface/enforce its checks deeper within your organization, you can easily configure it to add more feedback to your internal tools.

Importing through Github, Gitlab or Bitbucket will immediately prepare deeper integrations that you can toggle including:

  • Continual per-commit scanning via Webhooks
  • Automated code review (pull request) feedback / blocking
  • Issue tracker syncing
  • Continuous integration and test plugins
  • Commit status integration

FOSSA also comes with a full suite of plugins and integrations into other tools that will work all on-premises:

See our full integration directly at https://fossa.io#integrations or docs on how to set these up.

Updated over 3 years ago