Modern open source management

Realtime license and vulnerability management for open source dependencies



Sign up with Github
Request a Demo


View a customer story

Integrate realtime license audits, vulnerability scans and reporting
at the speed of development and delivery




Compliance  

License scanning, compliance audits and attribution notices on autopilot

Features »

  Security BETA

Realtime alerts and automated remediation for 3rd-party vulnerabilities

Features »




See how releases dozens of times a day with automated compliance »

Powerful toolkit




Deep code scanning Premium

Surface raw licenses hidden inside deep dependencies; correctly-identified even if edited and placed within code.

  • Detects embedded GPL, even when not reported by developers
  • Additional parsing for metadata, notice files and webpages
    referenced in code
  • Differentiates between declared, nested & included licenses
    (from i.e. copy-pasted modules/files)
  • Fully configurable detail & depth
  • Intelligently handles dual/multi-licensed code
Why do I need full license scanning?

Realtime compliance

FOSSA runs your code through a battery of license tests on each commit and can block violations through CI and code review.

  • Ensures all dependencies are properly licensed
  • Flags libraries with problematic licensing terms based off your app type, or conflict with company policies
  • Default, customizable policy templates drafted by top lawyers are shipped with FOSSA for all common types of apps.
  • Provides license request templates & standard propritary license grants

Automated attribution & reports Premium

Attribution notices, component reports and compliance documentation are handled automatically at release - no manual work.

  • Includes raw license files/headers pulled directly from code, even if edited by developer
  • Customizable detail and depth of reports
  • Exports to PDF, Markdown, HTML, JSON and more...
  • Downloadable or hosted option to link to

Smart review workflow

Intelligent tools to review and fix issues, integrated into your favorite tools like JIRA and Slack.

  • Module relationship, issue metadata and code browsing embedded inline for easy review
  • Smart remediation suggestions and update strategies to fix multiple issues
  • Automatically export & sync with JIRA/issue trackers
  • Full audit logs as issues progress and are resolved
  • Track notes, add licenses and persist/rollback fixes within issue UI

Integrations & realtime alerts

Proactively address license issues with alerts routed to the stakeholders or embedded in your workflow.

  • Route realtime alerts through Email, Slack, JIRA and more...
  • Code review & pull request integrations to prevent bad code from landing into master
  • Native support for multiple branches, tags and release channels
  • Fully customizable notification policies

Release management/flexibility Premium

Effortlessly manage your licenses and dependencies across releases

  • Fully searchable and filterable list of all dependencies/licenses
  • Plain-english checklists of license obligations across hundreds of license files included in your app
  • Explore relationships between modules and if/how dependencies are included in your build
  • Compare changes in your dependency tree across releases

Integrate with one click


Dozens of language and tooling integrations ready out of the box.


View Integration Docs

Gain flexibility and cost savings in large teams





Legal

Disclosures, attribution & compliance status always available within one click.



DevOps

Ship anytime with a clean bill of health. Easily track changes across releases.



Developer

Freely use libraries, letting your tools catch issues before integration.



Explore our benefits

Ready to get started?

Get an integrated and trusted process
running in the next 2 minutes.

Sign up with Github Schedule a demo

Legal

“FOSSA handles a tremendous amount of compliance work that would normally take us months to do.”

- Faryar Ghazanfari
IP Counsel @ Solarcity
Dev

A seamless integration

We release code dozens of times a day. As a shop, one of our first things we did was bring in CI/CD.

FOSSA was a huge relief, the real surprise was how easy it was!


About us

We're starting by turning open source license compliance into what it should be — simple, accessible.
Learn more

Company

About us

Contact us

Security

Careers

Press

Solutions

Features

Solutions

Pricing

Documentation

Office

950 Howard St
San Francisco, CA 94103