Feature Tour

4 steps to compliance in your organization




2

Compliance at every commit

Add deep license scanning, dependency analysis & intelligent complianceinto your realtime development workflow.



Deep code scanning Premium

Full code scans run across all your deep dependencies, picking up raw license headers or files inline.

  • Detects embedded GPL, even when not reported by developers
  • Additional parsing for metadata, notice files and webpages
    referenced in code
  • Differentiates between declared, nested & included licenses
    (from i.e. copy-pasted modules/files)
  • Fully configurable detail & depth
  • Intelligently handles dual/multi-licensed code
Why do I need full license scanning?

Detecting license/policy violations

On each commit, FOSSA runs your code through a battery of licensing tests.

  • Ensures all dependencies are properly licensed
  • Flags libraries with problematic licensing terms based off your app type, or conflict with company policies
  • Default policy templates drafted by top lawyers are shipped with FOSSA for all common types of apps.
  • Provides license request templates & standard propritary license grants

Smart review workflow

Intelligent and dead-simple issue review that plugs into your favorite tools.

  • Module relationship, issue metadata and code browsing embedded inline for easy review
  • Smart remediation suggestions and update strategies to fix multiple issues
  • Automatically export & sync with JIRA/issue trackers
  • Full audit logs as issues progress and are resolved
  • Track notes, add licenses and persist/rollback fixes within issue UI

Integrations & realtime alerts

Proactively address license issues with alerts routed to the stakeholders or embedded in your workflow.

  • Route realtime alerts through Email, Slack, JIRA and more...
  • Code review & pull request integrations to prevent bad code from landing into master
  • Native support for multiple branches, tags and release channels
  • Fully customizable notification policies

Automated attribution & reports

Fully satisfy attribution requirements in one click -- no more manual audits.

  • Includes raw license headers directly from code, even if edited by developer
  • Customizable detail and depth of reports
  • Exports to PDF, Markdown, HTML, JSON and more...
  • Downloadable or hosted option to link to

Dependency & license management Premium

Effortlessly manage your licenses and dependencies across releases

  • Fully searchable and filterable list of all dependencies/licenses
  • Plain-english checklists of license obligations across hundreds of license files included in your app
  • Explore relationships between modules and if/how dependencies are included in your build
  • Compare changes in your dependency tree across releases

Notifications & Workflow Integrations

Deeply integrate compliance into your team, becoming as proactive and quickly reactive as possible.




GitHub

CI/CD

Atlassian Tools

Slack Notifications

In Code

Email Reports/Alerts
View full integration directory


3

Effortless reports and releases

With continuous compliance, you can release anytime with a clean bill of health. It takes only one click to generate attributions, BOMs, reports and audit results.





FOSSA automatically generates disclosures and reports for you at every commit, collected from raw license data across your deep dependencies.

Let FOSSA update and host these for you, or export and distribute them yourself to your users, customers, investors, etc...

FOSSA natively supports complicated workflows including multiple branches, tags and release channels.

This allows you to compare releases, see what changed and integrate with code review to preview patches before they bring in issues.

Premium Feature

Raw License Data

Raw license headers and texts are used, so even the small modifications are preserved

Instant, Multi-Format Export

Export to HTML, Markdown or PDF with one click. Host your attributions and disclosures online, on GitHub, or inside your application.

Always Updated Attribution

Attribution is versioned and you will be alerted when files are out-of-date

All-inclusive Customizations

These files contain all direct and deeper dependencies, with full license texts included at the bottom

Comparing versions

Compare branches, tags, versions, etc...

Generating diff reports

Generate reports on what changed inbetween versions

Integrated with code review

Preview patches and changes before they enter your codebase