Deep code scanning
Surface raw licenses hidden inside deep dependencies; correctly-identified even if edited and placed within code.
Why do I need full license scanning?
- Detects embedded GPL, even when not reported by developers
- Additional parsing for metadata, notice files and webpages
referenced in code
- Differentiates between declared, nested & included licenses
(from i.e. copy-pasted modules/files)
- Fully configurable detail & depth
- Intelligently handles dual/multi-licensed code
FOSSA runs your code through a battery of license tests on each commit and can block violations through CI and code review.
- Ensures all dependencies are properly licensed
- Flags libraries with problematic licensing terms based off your app type, or conflict with company policies
- Default, customizable policy templates drafted by top lawyers are shipped with FOSSA for all common types of apps.
- Provides license request templates & standard propritary license grants
Automated attribution & reports
Attribution notices, component reports and compliance documentation are handled automatically at release - no manual work.
- Includes raw license files/headers pulled directly from code, even if edited by developer
- Customizable detail and depth of reports
- Exports to PDF, Markdown, HTML, JSON and more...
- Downloadable or hosted option to link to
Smart review workflow
Intelligent tools to review and fix issues, integrated into your favorite tools like JIRA and Slack.
- Module relationship, issue metadata and code browsing embedded inline for easy review
- Smart remediation suggestions and update strategies to fix multiple issues
- Automatically export & sync with JIRA/issue trackers
- Full audit logs as issues progress and are resolved
- Track notes, add licenses and persist/rollback fixes within issue UI
Integrations & realtime alerts
Proactively address license issues with alerts routed to the stakeholders or embedded in your workflow.
- Route realtime alerts through Email, Slack, JIRA and more...
- Code review & pull request integrations to prevent bad code from landing into master
- Native support for multiple branches, tags and release channels
- Fully customizable notification policies
Effortlessly manage your licenses and dependencies across releases
- Fully searchable and filterable list of all dependencies/licenses
- Plain-english checklists of license obligations across hundreds of license files included in your app
- Explore relationships between modules and if/how dependencies are included in your build
- Compare changes in your dependency tree across releases