Open Source License Compliance Management

Get continuous compliance with code SCA featuring audit-grade reporting and comprehensive dependency inventory.

Complete Open Source Inventory

Get the most accurate and precise open source scan of all code dependencies

Audit-grade inventory of open source license types, both direct and transitive dependencies

Visibility into a variety of embedded, hidden, and declared OSS licenses in the source code

Detailed metadata information including license text, copyright info, and licensing obligations

Faster triage with dependency paths exposing the root cause of open source license issues

Sophisticated Policy Governance

Apply built-in, customizable OSS policies across company, product, and team

Configurable policies flag or block violations in the pull request or via CLI in the CI/CD pipeline

Conditional rules that cut false positives 85%, including detecting and filtering by linkage

Default policy templates from open source licensing experts eliminate most of the work

Developer-friendly UI easily integrates license compliance into existing engineering workflows

Report and Monitor Every Event

Generate audit-ready attribution and risk reports and BoMs at the click of a button

Compliance across the SDLC with the only true OSS supply chain management solution

Compliance documentation, SPDX attribution, and component reports with every commit

Speedy issue remediation with actionable, legal instructions and smart resolution advice

Release comparisons show what changed and preview patches to avoid noisy false-positives

Developer-Friendly

Most comprehensive ecosystem coverage of 20+ languages, with 100% native SPDX support

Native integration into all CI/CD pipelines with an easy-to-use CLI ensures continuous compliance

Code review and pull request integrations prevent bad code from landing into master

Local OSS scan or repo scan, plus compliance violation alerts delivered via Slack, JIRA, or email

Integrations

We support multiple languages and tools, such as JavaScript, Ruby, Clojure, Debian, Golang, Haskell, Java, RPM, Scala, PHP, iOS, Python, .NET, Rust, Perl, C, C++, and many more.

Javascript
Slack
Python
GitHub
NPM
Gitlab
Ruby
Explore Docs

Use Cases

Shift-Left
Risk Mitigation

FOSSA users benchmark 47% fewer false-positives by finding dependencies they actually rely on earlier in the SDLC.

Learn More

Continuous Compliance

Get 90% faster insight in your CI/CD workflows — an average of four weeks shorter compliance implementation time.

Learn More

Due Diligence

Only FOSSA delivers the most complete open source audit for IPO or M&A plus 5% annualized engineering savings in the first week alone.

Learn More

Try FOSSA Today

Get StartedRequest Demo
Be Continuous.
Automate the Risk out of your Open Source.
Product
License Compliance
Security Management
Solutions
Shift-Left Risk Mitigation
Due Diligence
Continuous Compliance
Resources
Documentation
Pricing
Blog
Brand Kit
tl;drLegal
Company
About FOSSA
Customers
Partners
Careers
Contact Us
For the Love of Open Source © 2020 FOSSA, Inc.
Terms & Conditions
Privacy Policy