Integrate FOSSA with Vulnetix. Use the FOSSA CLI to analyse dependencies, then export CycloneDX or SPDX SBOMs from the FOSSA dashboard for upload to Vulnetix.

SaaS platformCycloneDXSPDX

Run FOSSA in CI

Scan on every push and upload the results to Vulnetix:

- name: Install FOSSA CLI
  run: |
    curl -H 'Cache-Control: no-cache'       https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash

- name: Run FOSSA analysis
  run: fossa analyze
  env:
    FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}

- name: Check for licence violations
  run: fossa test
  env:
    FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}

Centralise FOSSA results in Vulnetix

Upload FOSSA CycloneDX, SPDX output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.

FOSSA documentation ↗

Wire FOSSA into your CI/CD pipeline →

FOSSA Integration Guide

Run FOSSA in CI

Centralise FOSSA results in Vulnetix