Binaries, Archives or Custom (C, C++, etc...)
FOSSA supports archives, vendorized dependencies and binaries through a variety of methods.
Tool | Repository Scanning | CI/CD Scanning |
---|---|---|
Tar | Y | Y |
Gzip | Y | Y |
Zip | N/A | N/A |
Egg/Wheel | Through Python support. | N/A |
About Archive Formats
Archive formats are a special kind of dependency in FOSSA. They are not included through a standard build tool or process, but instead represent instances where developers have packaged up pieces of (potentially-modified) 3rd-party code and checked them into your source tree.
When archives are encountered, FOSSA makes a "best-effort" attempt at resolving it to known 3rd-party code.
Resolution Strategies
Below is a table of available resolution strategies in Provided / Automated integration methods:
Type | Resolution Keys | Supported | Provided |
---|---|---|---|
CommonJS Package | Resolved from package.json | Y | Y |
Python Package | Resolved from setup.py | Y | |
Maven | Resolved from pom.xml | Y | |
Generic | Hash of archive / source tree | Contact Us |
Scanning Custom Directories
You can also scan custom directories that contain 3rd-party code by annotating them in your .fossa.yml
file.
See the fossa-cli docs fore more details.
Updated over 4 years ago