Fast, portable and reliable dependency analysis for any codebase. Supports license & vulnerability scanning for large monoliths. Language-agnostic; integrates with 20+ build systems.


fossa analyzes complex codebases to generate dependency reports and license notices. It can generate fast and highly-accurate results, by leveraging existing build environments. Refer to the FOSSA CLI User Manual for in depth information about using this tool.


  • Supports over 20+ languages & environments (JavaScript, Java, Ruby, Python, Golang, PHP, .NET, etc...)
  • Auto-configures for monoliths; instantly handles multiple builds in large codebases.
  • Fast & portable; a cross-platform binary you can drop into CI or dev machines.
  • Generates offline documentation for license notices & third-party attributions.
  • Tests dependencies against license violations, audits and vulnerabilities (coming soon!) by integrating with


The following commands will execute scripts to fetch and install the latest GitHub Releases on the corresponding operating system.

Install with Homebrew (MacOS or Linux):

brew install fossas/tap/fossa

MacOS (Darwin) or Linux amd64:

curl -H 'Cache-Control: no-cache' | bash

Windows with Powershell:

Set-ExecutionPolicy Bypass -Scope Process -Force; iex  ((New-Object System.Net.WebClient).DownloadString(''))

Add C:\ProgramData\fossa-cli to your path by modifying your profile.ps1 file or temporarily with the following command:

$env:Path += ";C:\ProgramData\fossa-cli"