- Unknown means that FOSSA was not able to locate the dependency based on the locator information.
- The reasons we would list a dependency as unknown include:
- The locator is pointing to a private registry (e.g. Artifactory, Nexus, etc.) where we don’t have access to the dependency.
- The locator is pointing to an unknown/unavailable package repository.
- It could be a parsing error in FOSSA where we’re identifying invalid locator.
- Configure authentication in FOSSA for the private registries the customer is trying to access
- In most scenarios you can ignore the dependencies that are not valid.
- FOSSA will report a dependency as incomplete if something failed while analyzing it
- The reasons we would list a dependency as incomplete include:
- The dependency may be incompatible with the environment that our agent is running in (e.g. python dependency incompatible with the current pip version)
- FOSSA timed out while downloading and analyzing the dependency
- FOSSA cannot find the version of the dependency that is being used.
- Verify that the version of the particular dependency is available either in public or private repository