When FOSSA is installed behind your firewall, it will run an environment that's fully sealed within your organization.
Key Factors
For security info about our hosted version or development process, please visit https://fossa.io/security
By default, FOSSA works best with rich service brokers (like Github, Bitbucket, Gitlab). However if you have code living in a custom code or artifact host, FOSSA's on-prem version can import from a raw URL:
FOSSA supports any URL from supported VCS, artifact hosts/registries and tools that live inside your intranet. After importing custom code, FOSSA will scan it for all branches/tags and set up automatic updates/tracking for the default branch:
By default, FOSSA will enable daily or hourly scans on your default branch. If FOSSA finds any issues, it will notifying you with email reports that will link back to your dashboard where you can analyze and fix the issue:
Congrats! Now you have compliance running internally at your company in the background of your workflow.
If you'd like to surface/enforce its checks deeper within your organization, you can easily configure it to add more feedback to your internal tools.
Importing through Github, Gitlab or Bitbucket will immediately prepare deeper integrations that you can toggle including:
FOSSA also comes with a full suite of plugins and integrations into other tools that will work all on-premises:
See our full integration directly at https://fossa.io#integrations or docs on how to set these up.