FOSSA Primary Use Case

Brett Fattori
Manager of Open Source Program Office at a financial services firm with 5,001-10,000 employees
We use it to scan for all licenses, to identify the open source licenses that are found, to identify licenses that are unknown or unrecognized so that we can deal with those, and we use it to make sure that our client-facing apps are compliant with open source licensing requirements. View full review »
Patrick Lonergan
Associate General Counsel at Circleci
Our primary use case was for the license compliance. We were doing all the open-source scanning in our CI build using FOSSA. So we would use it, have a step where FOSSA would be installed, and it would scan all the open-source libraries that were being used and then report back on what those licenses were. Then that would match up with policies that we had preset in the FOSSA UI and let us know if there are any license violations with our use of open-source. View full review »
Justin Giannone
Sr. Security Architect at a computer software company with 1,001-5,000 employees
FOSSA provides a command line interface tool, and we always use the latest version of that. It gets pulled down automatically by some scripts that I've written, so we will always pull down its latest version. We're using it primarily for the free, open source license compliance portion of it. Those scripts that I've built have the ability to be able to fail builds on pull request checks, though we haven't started enforcing that yet. Therefore, we're really primarily using FOSSA as a dependency inventory tool, then our legal team can also review and give feedback to the teams about the licenses that they're using. In the future though, we are planning on leveraging FOSSA for that policy enforcement piece as well. View full review »
Learn what your peers think about FOSSA. Get advice and tips from experienced pros sharing their opinions. Updated: August 2020.
443,152 professionals have used our research since 2012.
Sr. Director of Open Source at a comms service provider with 10,001+ employees
The primary use case for FOSSA is that when we build mobile applications — we have a few dozen mobile applications that we build — the build script calls FOSSA automatically and determines through the FOSSA scan what licenses are being used in the dependencies, and it determines if they comply with our policies. If they don't, it notifies that there's a problem. If they do, it generates information that we turn into a report that we then use to disclose what licenses we're using in our product. There's a secondary use case, which isn't about mobile apps but about looking at code in general and running it through FOSSA to see what it can find, but that's a very rare occurrence. Most of the time we're just automatically scanning mobile apps View full review »
Attorney at a legal firm with 11-50 employees
Our use cases are for handling incoming open-source software for high speed or agile development that our teams are doing. We also use it for looking at security vulnerabilities in real-time as they're doing their daily builds. It helps to compile distribution acknowledgments or the open-source acknowledgments that need to go out with any distributions. View full review »
Eric Griswold
Principal Release Engineer at Puppet
Our major use case is to do open source license compliance. Puppet Enterprise consists of about 90 open source packages under constant development. And it also has some components which are not open source. When we release Puppet Enterprise, we have to make sure that anything that we're relying on is something that we are allowed to use, in an open source sense. It does do security scanning, which is something that we're interested in and want to do, but we've only been using FOSSA casually for that. I am the only person really running the FOSSA jobs. I have a FOSSA job that runs daily, that scans all of our important repositories and reports back to me and the release engineering team about what it found. When we go to do a release, we run a report from FOSSA which contains all of the open source licenses in our product and we do a rescan of that to make sure that there aren't any flagged licenses inside of our product. That's our use case. None of the actual engineers are worried about it. Only when something gets flagged do I contact them and say, "Hey, this license isn't working for us, so we need to find something else." FOSSA is a cloud project and it contains a CLI component that's open source. View full review »
Christina Luu
Program Manager at a consumer goods company with 10,001+ employees
We use it to scan all of our open source projects, including all of our internal projects that people use. We are about to roll it out to the whole company. Currently, we're only using it for open source projects, making sure people are scanning before they get the project approved. View full review »
Learn what your peers think about FOSSA. Get advice and tips from experienced pros sharing their opinions. Updated: August 2020.
443,152 professionals have used our research since 2012.