These docs are for v1.0. Click to read the latest docs for v3.2.

Binaries, Archives or Custom (C, C++, etc...)

FOSSA supports archives, vendorized dependencies and binaries through a variety of methods.

ToolRepository ScanningCI/CD Scanning
TarYY
GzipYY
ZipN/AN/A
Egg/WheelThrough Python support.N/A

👍

About Archive Formats

Archive formats are a special kind of dependency in FOSSA. They are not included through a standard build tool or process, but instead represent instances where developers have packaged up pieces of (potentially-modified) 3rd-party code and checked them into your source tree.

When archives are encountered, FOSSA makes a "best-effort" attempt at resolving it to known 3rd-party code.

Resolution Strategies

Below is a table of available resolution strategies in Provided / Automated integration methods:

TypeResolution KeysSupportedProvided
CommonJS PackageResolved from package.jsonYY
Python PackageResolved from setup.pyY
MavenResolved from pom.xmlY
GenericHash of archive / source treeContact Us

Scanning Custom Directories

You can also scan custom directories that contain 3rd-party code by annotating them in your .fossa.yml file.

See the fossa-cli docs fore more details.