Scan software with FOSSA
Scan your software with FOSSA by providing the file path to the files you want to scan.
To scan software with FOSSA, use the command:
smctl scan fossa-scan --input <source code directory> --project <project alias> --scan-alias <scan alias>
Alternatively, use the abbreviated version of the command:
smctl sc fossa-scan --input <source code directory> --project <project alias> --scan-alias <scan alias>
Prerequisites
Your account must be enabled for Software composition analysis (SCA).
Flags
Threat detection scan commands with FOSSA support these flags:
Shortcut | Flag | Description |
|---|---|---|
| --input string | Provide the source code directory to scan. |
--scan-alias string | Provide a name for this Threat detection scan to identify it in Software Trust Manager. | |
--always-pass | Always terminate the threat detection scan with exit code 0. | |
--project string | Provide the alias of the Software Trust Manager project you want this scan to be associated with. | |
--debug | Enable FOSSA debug logging. | |
--scan-alias string | Provide a identifiable alias for this scan. | |
--fossa-executable string | Provide the absolute path of fossa executable. | |
--host string | Provide the FOSSA API server base URL. (default "https://app.fossa.com") | |
--verbose | Enable FOSSA standard logging. | |
--version string | Provide the repository's current version/revision hash. (default: VCS hash HEAD) | |
-h | --help | Help for the ReversingLab scan. |
Example
Description: To scan your source code with FOSSA, provide your source code directory, project alias, scan alias, and version.
Command:
smctl scan fossa-scan --input <source code directory> --project <project alias> --scan-alias <scan alias>
Command sample:
smctl scan fossa-scan --input /app/SB-Setup/test-project --version HEAD --project xyz --scan-alias scan1
Troubleshooting
For help with the list scans command, use:
smctl scan fossa-scan --help
Alternatively, use the abbreviated version of the command:
smctl scan fossa-scan -h