Fast and reliable dependency analysis for any codebase
fossa-cli
Fast, portable and reliable dependency analysis for any codebase. Supports license & vulnerability scanning for large monoliths. Language-agnostic; integrates with 20+ build systems.
Background
fossa analyzes complex codebases to generate dependency reports and license notices. It can generate fast and highly-accurate results, by leveraging existing build environments. Refer to the FOSSA CLI User Manual for in depth information about using this tool.
Features:
- Supports over 20+ languages & environments (JavaScript, Java, Ruby, Python, Golang, PHP, .NET, etc...)
- Auto-configures for monoliths; instantly handles multiple builds in large codebases.
- Fast & portable; a cross-platform binary you can drop into CI or dev machines.
- Generates offline documentation for license notices & third-party attributions.
- Tests dependencies against license violations, audits and vulnerabilities (coming soon!) by integrating with https://fossa.com.
Installation
The following commands will execute scripts to fetch and install the latest GitHub Releases on the corresponding operating system.
Install with Homebrew (MacOS or Linux):
brew install fossas/tap/fossa
MacOS (Darwin) or Linux amd64:
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install.sh | bash
Windows with Powershell:
Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/fossas/fossa-cli/master/install.ps1'))
Add C:\ProgramData\fossa-cli to your path by modifying your profile.ps1 file or temporarily with the following command:
$env:Path += ";C:\ProgramData\fossa-cli"