/ Code Analysis

Fast and reliable dependency analysis for any codebase

Fast and reliable dependency analysis for any codebase


Fast, portable and reliable dependency analysis for any codebase. Supports license & vulnerability scanning for large monoliths. Language-agnostic; integrates with 20+ build systems.


fossa analyzes complex codebases to generate dependency reports and license notices. It can generate fast and highly-accurate results, by leveraging existing build environments. Refer to the FOSSA CLI User Manual for in depth information about using this tool.


  • Supports over 20+ languages & environments (JavaScript, Java, Ruby, Python, Golang, PHP, .NET, etc...)
  • Auto-configures for monoliths; instantly handles multiple builds in large codebases.
  • Fast & portable; a cross-platform binary you can drop into CI or dev machines.
  • Generates offline documentation for license notices & third-party attributions.
  • Tests dependencies against license violations, audits and vulnerabilities (coming soon!) by integrating with https://fossa.com.


The following commands will execute scripts to fetch and install the latest GitHub Releases on the corresponding operating system.

Install with Homebrew (MacOS or Linux):

brew install fossas/tap/fossa

MacOS (Darwin) or Linux amd64:

curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install.sh | bash

Windows with Powershell:

Set-ExecutionPolicy Bypass -Scope Process -Force; iex  ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/fossas/fossa-cli/master/install.ps1'))

Add C:\ProgramData\fossa-cli to your path by modifying your profile.ps1 file or temporarily with the following command:

$env:Path += ";C:\ProgramData\fossa-cli"