Understand your open source

Dependency tracking, license compliance and attribution notices on autopilot



Sign up with Github

View a customer story

Continuously scan and comply with open source licenses
without slowing down development





Instead of manually auditing, enforcing & compiling...



...let FOSSA handle compliance in the background!



See how releases dozens of times a day with automated compliance »

Powerful toolkit




Deep code scanning Premium

Surface raw licenses hidden inside deep dependencies; correctly-identified even if edited and placed within code.

  • Detects embedded GPL, even when not reported by developers
  • Additional parsing for metadata, notice files and webpages
    referenced in code
  • Differentiates between declared, nested & included licenses
    (from i.e. copy-pasted modules/files)
  • Fully configurable detail & depth
  • Intelligently handles dual/multi-licensed code
Why do I need full license scanning?

Realtime compliance

FOSSA runs your code through a battery of license tests on each commit and can block violations through CI and code review.

  • Ensures all dependencies are properly licensed
  • Flags libraries with problematic licensing terms based off your app type, or conflict with company policies
  • Default, customizable policy templates drafted by top lawyers are shipped with FOSSA for all common types of apps.
  • Provides license request templates & standard propritary license grants

Automated attribution & reports Premium

Attribution notices, component reports and compliance documentation are handled automatically at release - no manual work.

  • Includes raw license files/headers pulled directly from code, even if edited by developer
  • Customizable detail and depth of reports
  • Exports to PDF, Markdown, HTML, JSON and more...
  • Downloadable or hosted option to link to

Smart review workflow

Intelligent tools to review and fix issues, integrated into your favorite tools like JIRA and Slack.

  • Module relationship, issue metadata and code browsing embedded inline for easy review
  • Smart remediation suggestions and update strategies to fix multiple issues
  • Automatically export & sync with JIRA/issue trackers
  • Full audit logs as issues progress and are resolved
  • Track notes, add licenses and persist/rollback fixes within issue UI

Integrations & realtime alerts

Proactively address license issues with alerts routed to the stakeholders or embedded in your workflow.

  • Route realtime alerts through Email, Slack, JIRA and more...
  • Code review & pull request integrations to prevent bad code from landing into master
  • Native support for multiple branches, tags and release channels
  • Fully customizable notification policies

Release management/flexibility Premium

Effortlessly manage your licenses and dependencies across releases

  • Fully searchable and filterable list of all dependencies/licenses
  • Plain-english checklists of license obligations across hundreds of license files included in your app
  • Explore relationships between modules and if/how dependencies are included in your build
  • Compare changes in your dependency tree across releases

Integrate compliance with one click


Dozens of language and tooling integrations ready out of the box.


View Integration Docs

Gain flexibility and cost savings in large teams





Legal

Disclosures, attribution & compliance status always available within one click.



DevOps

Ship anytime with a clean bill of health. Easily track changes across releases.



Developer

Freely use libraries, letting your tools catch issues before integration.




Ready to get started?

Get an integrated and trusted process
running in the next 2 minutes.

Sign up with Github Schedule a demo