Online / 6 & 7 February 2021


FOSSology SCA integration

FOSSology focusses on license compliance analyses. Recently, a number of new features have been published by the community to integrate better with software composition analysis. The presentation shows an introduction of the main and relevant development here.

FOSSology is considered as one of the leading Open Source tools when it comes to license compliance. There are various ways with which someone can analyze a package in FOSSology. One can either do it manually or can do it programmatically. As the industry is heading towards automation, programmatic approach based on software composition analysis is more preferred and becomes more advantageous. Currently, FOSSology provides 3 different ways to integration with software composition approaches: utilizing FOSSology CLI tools, use one of the client libraries and from the REST API.

The presentation will help by providing different strategies which can be used to automate analysis of software components in an automated environment. We will see how one can use the CLI tools of FOSSology or other FOSS projects built on FOSSology's REST API to push packages for analysis. We will also see how the enhanced API can provide much more information about a package and how analysis can be triggered on-demand. Finally, we will touch upon how one can gather the package information in a neat report for auditing.


Anupam Ghosh
Photo of Gaurav Mishra Gaurav Mishra