We are using Fossa for spring boot applications and for angular UI applications. We are using maven dependencies for the spring boot applications , Fossa scans our spring boot application after running through the pipeline since we have integrated security tools in our tekton pipeline. Fossa identifies all the libraries and dependencies from our gardle and maven. It will show issues, security , quality of the libraries along with the severity and also recommends the fixes for the vulnerabilities. But sometimes fix won't show immediately. Review collected by and hosted on G2.com.

The main thing I like about the fossa is environment specific and alerts if any dependency have security vulnerabilities fossa will send a alert so that we can easily notice vulnerabilities in the project. Review collected by and hosted on G2.com.

The product is effective and efficient and it has aspects that enable automated scans of emails and licenses which are quite amazing.

The product is also easy and simple to use and also integrates quite easily with other applications which awesome. Review collected by and hosted on G2.com.

The performance of the product is amazing except that sometimes the system is sluggish though not often.

Amazing product. Review collected by and hosted on G2.com.

This product is easy and simple to use and integrates very well with other applications like Gitlab. I like how effective and efficient with multiple build systems and its vulnerability. Another aspect is the automated scans of emails and licences which are quite amazing. Review collected by and hosted on G2.com.

The system is sometimes slow though not quite often. This can be improved. Review collected by and hosted on G2.com.

Using Fossa I was able to import my project from GitHub, run a scan and immediately it pointed out all the licensing problems in my code. It discovered several dependencies that I was not legally allowed to use without a license! Review collected by and hosted on G2.com.

While Fossa discovered 3 major problems and suggested a way to resolve them, it also found 8 problems with unclear resolution that need a manual review. Since I am not a legal expert, the vague error is hard to understand and resolve. Review collected by and hosted on G2.com.

Fossa made it easy to import a project, automatically scan all dependencies and generate a report of any compliance issues. It automatically figured out the language and dependency management tools. Fossa has a clean user interface that makes it very easy to see all the different dependencies, their licenses and what actions need to be taken to ensure that my code complies with the licensing requirements of its dependencies. Review collected by and hosted on G2.com.

Many issues flagged by Fossa are shown as flagged and need to be verified manually with messages like "These dependencies can be problematic if used in the wrong ways". It doesn't explain what the wrong way is. Since Fossa has access to my code and its open source dependencies, it should be able to go deeper and find real problems. Review collected by and hosted on G2.com.

the best thing about FOSSA is it is very easy to use and is easily integrated with various CI/CD platforms like Jenkins, Gitlab, Bamboo, Github, etc.. plus we can check vulnerabilities in dependencies on every build and their UI is very user friendly Review collected by and hosted on G2.com.

FOSSA is not performing well when there is no package manager used to manage dependencies like maven, pip, Gradle, etc.. in that case, FOSSA is unable to recognize the libraries and does not report any vulnerability, plus the FOSSA database is not very updated for C/C++, rpm based libraries Review collected by and hosted on G2.com.

It reduces the time needed to identify open-source licensing issues. It is easy to use and it is user-friendly. It allows you to know the licenses of the libraries etc. It offers its service at an affordable price. Review collected by and hosted on G2.com.

There is not much to dislike about the product. There will be difficulty in understanding all the things that it can do. Sometimes the web app is too slow. All other stuff seems good for me. Review collected by and hosted on G2.com.

FOSSA stands for Free and Open Source Software Analysis which automates the management of open source compliance and security. Up to 90% of the code in software development is subject to open-source licensing, and it is susceptible to plenty of security and legal issues. FOSSA takes care of this issue with its security management toolkit that alerts enterprises if they are at risk by looking into the known vulnerabilities and license management in the open-source code. Review collected by and hosted on G2.com.

The UI of FOSSA loads slowly, and even though it is claimed that FOSSA scans in real-time, the speed with which the scan is done can be drastically improved for an overall better user experience. Review collected by and hosted on G2.com.

Their evaluations are highly comprehensive and detailed, and they provide information promptly as required. Review collected by and hosted on G2.com.

The performance of the application's interface is sluggish and the scan speeds are also slow and in need of improvement. Besides these issues, the rest of the features function excellently. Review collected by and hosted on G2.com.

They are very comprehensive and thorough in their evaluations and send info when needed. Review collected by and hosted on G2.com.

While I am no engineer, I d have some background, but these guys and girls are brilliant, sometimes too brilliant for me and I need to dumb it down. But, no complaints as of now. Review collected by and hosted on G2.com.