Linux command
fossa 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Analyze dependencies
fossa analyze
Test for license issues
fossa test
Report on a project
fossa report attribution
Initialize configuration
fossa init
List analyzed projects
fossa list-targets
说明
fossa is a dependency analysis tool that scans projects for license compliance and security vulnerabilities. It supports multiple languages and package managers, automatically detecting dependencies and analyzing their licenses against organizational policies. The tool integrates into CI/CD pipelines to enforce license policies and block builds with compliance issues. It generates attribution reports for open source compliance and tracks security vulnerabilities in dependencies. Fossa maintains a database of license metadata and vulnerability information, providing detailed reports on project dependencies. It can detect direct and transitive dependencies across complex build systems.
参数
- --project _name_
- Project name.
- --revision _rev_
- Project revision.
- --config _file_
- Config file path.
FAQ
What is the fossa command used for?
fossa is a dependency analysis tool that scans projects for license compliance and security vulnerabilities. It supports multiple languages and package managers, automatically detecting dependencies and analyzing their licenses against organizational policies. The tool integrates into CI/CD pipelines to enforce license policies and block builds with compliance issues. It generates attribution reports for open source compliance and tracks security vulnerabilities in dependencies. Fossa maintains a database of license metadata and vulnerability information, providing detailed reports on project dependencies. It can detect direct and transitive dependencies across complex build systems.
How do I run a basic fossa example?
Run `fossa analyze` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does --project _name_ do in fossa?
Project name.