Skip to main content

Scan software with FOSSA

Scan your software with FOSSA by providing the file path to the files you want to scan.

 

To scan software with FOSSA, use the command:

smctl scan fossa-scan --input <source code directory> --project <project alias> --scan-alias <scan alias>

Alternatively, use the abbreviated version of the command:

smctl sc fossa-scan --input <source code directory> --project <project alias> --scan-alias <scan alias>

Prerequisites

Your account must be enabled for Software composition analysis (SCA).

Flags

Threat detection scan commands with FOSSA support these flags:

Table 1. Flags for Threat detection scans with FOSSA

Shortcut

Flag

Description

 

--input string

Provide the source code directory to scan.

--scan-alias string

Provide a name for this Threat detection scan to identify it in Software Trust Manager.

--always-pass

Always terminate the threat detection scan with exit code 0.

--project string

Provide the alias of the Software Trust Manager project you want this scan to be associated with.

--debug

Enable FOSSA debug logging.

--scan-alias string

Provide a identifiable alias for this scan.

--fossa-executable string

Provide the absolute path of fossa executable.

--host string

Provide the FOSSA API server base URL. (default "https://app.fossa.com")

--verbose

Enable FOSSA standard logging.

--version string

Provide the repository's current version/revision hash. (default: VCS hash HEAD)

-h

--help

Help for the ReversingLab scan.


Example

Description: To scan your source code with FOSSA, provide your source code directory, project alias, scan alias, and version.

Command:

smctl scan fossa-scan --input <source code directory> --project <project alias> --scan-alias <scan alias>

Command sample:

smctl scan fossa-scan --input /app/SB-Setup/test-project --version HEAD --project xyz --scan-alias scan1

Troubleshooting

For help with the list scans command, use:

smctl scan fossa-scan --help

Alternatively, use the abbreviated version of the command:

smctl scan fossa-scan -h