Introducing FOSSA's new business tier — easy-to-use open source and SBOM management with added pricing flexibility. Learn More

Pricing & Plans

From SCA to SBOMs, for small teams to complex organizations: we’ve got you covered.

Free

For small teams looking to get started with open source security and compliance
$0/month
One size fits all
Start for Free
Limits
5 projects
10 contributing developers
1 release group
5 dependency levels for scans
1 quality check (outdated packages)
5 imported SBOMs
Features
Container scanning
Identify dependencies at any depth
Basic email support
API access
SaaS (multi-tenant cloud)
Limited Filters
Export SBOMs
10% discount

Business

For growing teams that need more customization and workflow integrations
$73/month
XS
S
M
L
XL
No matter what you choose, you’ll always experience a 14-day Business XL trial, no credit card required
Start 14-day Business XL Trial Today
Limits
5 projects
10 contributing developers
1 release group(s)
Unlimited dependency depth for scans
Fully unlocked quality checks
10 imported SBOMs
Everything in Free, plus:
Create custom policies
Priority email support
Package Index
Ignore Rules
Saved Filters

Enterprise

For organizations that need advanced security and compliance automation at scale
Custom Pricing
One size fits all
Contact Us
No limits
Unlimited projects
Unlimited contributing developers
Unlimited release groups
Unlimited dependency depth for scans
Fully unlocked quality checks
Unlimited imported SBOMs
Everything in Business, plus:
Assigned success manager & engineer
Service Level Agreements (SLAs)
Teams
RBAC controls
All dependency depth levels
Limited Filters
Dedicated Slack channel
Managed SaaS (single-tenant cloud)
On-premises deployment

Compare Plans

Main Features

Projects
A repository or container that is running FOSSA
5
10
Unlimited
Code Contributors
Unique committers to private repos that are running FOSSA
Up to 10
Up to 10
Unlimited
Release Groups
Bundle multiple projects to track as a group
1
0
Unlimited
Continuous Monitoring
Automatic alerting for new licensing and security issues
API Support
Build custom integrations and workflows with our API
Package Index
Organization-wide package dashboard for all package versions from scanned projects
Issue History Dashboard
Historical overview of new and remediated issues
Ignore Rules
Define rules to automatically ignore specific issues, reducing noise and focusing on critical items
Issues Filters
Apply filters to quickly sort and find issues based on severity, status, or other criteria
Limited
Saved Filters
Save a group of filters for simple resuse

Code Scanning

Source Code Scanning
Scan your source code for vulnerabilities, license issues, and compliance risks
Transitive Dependency Discovery
Discover indirect dependencies in your project to ensure full license and security compliance
Quick import (GitHub)
Integrate at source with your hosted code repository
CI/CD Integration (CLI)
Integrate within CI/CD w/ CLI
Branch/Tag Scanning
Scan a specific branch or tag within a project repo
Container Scanning
Scan your container images for vulnerabilities, compliance issues, and security risks
Archive Scanning
Scan the contents of archived files for vulnerabilities, license issues, and compliance risks

Security

Vulnerability Identification
Identify security issues in your open source dependencies
5 depth limit
Vulnerability Management
Track, and resolve security vulnerabilities in your codebase
Limited
Default Security Policies
Preset rules to identify all severity vulnerabilities in your code
Custom Security Policies
Customizable rules to identify vulnerabilities in your code based on your organizational needs
Basic Issue Filters/Sorts
Depth , Severity, CWE, Reachability
Advanced Issue Filters/Sorts
EPSS, Upgrade Distance, Ticket status, Exploit Maturity (KEV)

License Compliance

License Compliance Idenfitification
View license compliance requirements
License Compliance Management
Streamline tracking and management of open source licesnes for legal comlpiance
Discovered Licenses
Automatically discover open source licenses within your codebase for compliance
Default License Policies
Preset rules to identify common license issues in your code
Custom License Policies
Customizable rules to identify issues in your code based on your organizational needs

Quality

Package Health Signals
Package reliability with health indicators like maintenance and security
Outdated Packages Only
Default Quality Policy
Enforce consistent quality standards across projects with predefined rules for packages
Custom Quality Policies
Customizable rules to identify issues in your code based on your organizational needs

SBOM Management

SBOM Generation (SPDX, CycloneDX)
Generate a NTIA-compliant SBOM in either SPDX or CycloneDX
SBOM Import
Import SBOMs from your third party suppliers or from other scanning tools
Automated VEX Annotations
Automatically enrich your SBOMs with the latest vulnerability information
Application SBOM
Generate an application-level SBOM, covering multiple repositories and imported SBOMs
Public SBOM Distribution Portal
Host your SBOMs on a custom public FOSSA subdomain
Private SBOM Distribution Portal w/ time-based access tokens
Host your SBOMs on a private custom FOSSA subdomain

Reporting

3rd-Party Attribution Report
Generate a report to attribute third-party component usage for compliance
Audit/Due-Diligence Report
An organization-wide report on Issues and project changes
Global Component Bundle
An organization-wide report on licenses and packages
Issue Overview
Issue health report for tracking issue history over-time

Administrative

Audit Logs
Monitor account activity and track changes for security and compliance
Jira Integration
Export and link FOSSA issues to JIRA tickets
Slack Integration
Publish issue notifications to Slack Channels
Single-Sign On (SSO)
Single Sign On support for G-Suite, Okta, Auth0, AD and LDAP
Role-Based Access Control (RBAC)
Granular role based permissions for FOSSA features
Teams
Group projects together under a team umbrella
0
0
Unlimited

Customer Success & Technical Support

Priority Email Support
Email support from our Customer Success team
Customer Success Manager & Engineer
Support for your team from a Customer Success Manager
Service Level Agreements (SLAs)
Contracted service expectations, standards and remediation

Deployments

SaaS (multi-tenant cloud)
Access to a shared FOSSA cloud instance
Managed SaaS (single-tenant cloud)
Managed dedicated FOSSA cloud instance
On-Prem
Deploy FOSSA to on-premises hardware

Frequently Asked Questions

How does code contributor pricing work?

We track unique committers to private repos that are actively running in FOSSA. You can start off with fewer active contributors and easily scale across your org.

Why code contributor pricing?

Our pricing scales directly with the number of developers on your team who contribute code to private repos that are actively running in FOSSA. Contact us about cases of contributors outside your staff.

Do you discount non-commercial projects?

We offer special plans for non-profit, educational institution, and open source project budgets.

Do you offer annual plans?

Yes, we do! Contact us for details. On-prem deployments are priced annually by default.