Skip to main content

Does the FOSSA CLI send my code to the the FOSSA server?

Updated

The FOSSA CLI leverages the built/installed project and it's package manager and queries these tools for the installed dependencies and then FOSSA will in turn analyze these packages for their dependency information.   Our list of supported languages and package managers is useful for seeing what the CLI will support.

If you want to see an example of what we send, you can run the fossa analyze command with the -o or --output flag (e.g. fossa analyze -o ) and it will output the JSON that we send to the server.  Below is an example of the output of a small FOSS project called Gist (run through jq for nicer formatting) but you can test this on your own projects if you have further questions about what will be sent from your projects.


michael@smolbook:~/tmp/repos/gist (master)$ FOSSA_API_KEY= XXXX fossa analyze -o |jq '.'
⢿ Analyzing module (1/1): Gemfile WARNING Could not resolve Bundler
[
  {
    "Name": "Gemfile",
    "Type": "gem",
    "Manifest": ".",
    "Build": {
      "Artifact": "default",
      "Context": null,
      "Succeeded": true,
      "Imports": [
        "gem+gist$5.0.0",
        "gem+rake$13.0.1",
        "gem+ronn$0.7.3",
        "gem+rspec$3.9.0",
        "gem+webmock$3.7.6"
      ],
      "Dependencies": [
        {
          "locator": "gem+rspec-support$3.9.2"
        },
        {
          "locator": "gem+gist$5.0.0"
        },
        {
          "locator": "gem+diff-lcs$1.3"
        },
        {
          "locator": "gem+hashdiff$1.0.0"
        },
        {
          "locator": "gem+rdiscount$2.2.0.1"
        },
        {
          "locator": "gem+ronn$0.7.3",
          "imports": [
            "gem+hpricot$0.8.6",
            "gem+mustache$1.1.1",
            "gem+rdiscount$2.2.0.1"
          ]
        },
        {
          "locator": "gem+addressable$2.7.0",
          "imports": [
            "gem+public_suffix$4.0.3"
          ]
        },
        {
          "locator": "gem+mustache$1.1.1"
        },
        {
          "locator": "gem+rspec$3.9.0",
          "imports": [
            "gem+rspec-core$3.9.1",
            "gem+rspec-expectations$3.9.0",
            "gem+rspec-mocks$3.9.1"
          ]
        },
        {
          "locator": "gem+rspec-core$3.9.1",
          "imports": [
            "gem+rspec-support$3.9.2"
          ]
        },
        {
          "locator": "gem+rspec-mocks$3.9.1",
          "imports": [
            "gem+diff-lcs$1.3",
            "gem+rspec-support$3.9.2"
          ]
        },
        {
          "locator": "gem+crack$0.4.3",
          "imports": [
            "gem+safe_yaml$1.0.5"
          ]
        },
        {
          "locator": "gem+hpricot$0.8.6"
        },
        {
          "locator": "gem+public_suffix$4.0.3"
        },
        {
          "locator": "gem+rake$13.0.1"
        },
        {
          "locator": "gem+webmock$3.7.6",
          "imports": [
            "gem+addressable$2.7.0",
            "gem+crack$0.4.3",
            "gem+hashdiff$1.0.0"
          ]
        },
        {
          "locator": "gem+rspec-expectations$3.9.0",
          "imports": [
            "gem+diff-lcs$1.3",
            "gem+rspec-support$3.9.2"
          ]
        },
        {
          "locator": "gem+safe_yaml$1.0.5"
        }
      ]
    }
  }
]

Related articles

Comments

0 comments

Please sign in to leave a comment.