Skip to content
Toolradar
FOSSA logo

FOSSA

Unclaimed

Control your software supply chain with automated open source security, compliance, and quality management.

Vulnerability ScanningCompliance Management
Visit Website

TL;DR - FOSSA

  • Automates open source security, license compliance, and quality management.
  • Scans all third-party code, including packages, containers, SBOMs, binaries, and snippets.
  • Includes an AI agent (fossabot) for intelligent dependency update review and remediation.
Pricing: Free plan available
Best for: Growing teams
4.3/5 across review platforms

Pros & Cons

Pros

  • Comprehensive scanning capabilities (packages, containers, binaries, snippets)
  • Automated compliance and security features save time and reduce risk
  • AI agent (fossabot) intelligently reviews dependency updates, reducing manual effort
  • Supports all major languages, frameworks, and CI/CD runtimes
  • Offers a free plan for individuals and small teams

Cons

  • Pricing for advanced features can scale with contributing developers, potentially increasing cost for larger teams
  • Specific details on integration with various CI/CD tools are not explicitly detailed on the main page

Ratings Across the Web

4.3(15 reviews)
PeerSpot15 reviews
4.3/5

Ratings aggregated from independent review platforms. Learn more

Preview

Key Features

Scan dependencies across the entire SDLC (packages, containers, SBOMs, binaries, snippets)Automated license and vulnerability scanningGenerate and manage SBOMs for regulatory complianceConsolidate vulnerability management across the SDLCManage outdated dependencies and proactively maintain themAutomated policy enforcement to prevent issuesAI-powered dependency update review (fossabot)Identify AI-generated snippets and other code fragments

Pricing Plans

Free Trial

Free

Free

  • 5 projects
  • 10 contributing developers
  • 1 release group
  • 5 dependency levels for scans
  • 1 quality check (outdated packages)
  • 5 imported SBOMs
  • Container scanning
  • Identify dependencies at any depth
  • Basic email support
  • API access
  • SaaS (multi-tenant cloud)
  • Limited Filters
  • Export SBOMs

Business

$20/project per month

  • Everything in Free, plus:
  • 10 Projects / SBOM Imports
  • 10 contributing developers
  • 1 release groups
  • Unlimited dependency levels for scans
  • Full suite of quality checks
  • Unlimited imported SBOMs
  • Automated license and vulnerability scanning
  • Multi-project reporting
  • Priority support

Enterprise

Custom

  • Everything in Business, plus:
  • Unlimited projects
  • Custom developer count
  • Unlimited release groups
  • Unlimited dependency levels for scans
  • Full suite of quality checks
  • Unlimited imported SBOMs
  • Enterprise-grade APIs
  • Custom deployment options
  • Advanced compliance reporting
  • SSO
  • Rules based access controls (RBAC)
Calculate your costView full pricing

What is FOSSA?

Editorial review
FOSSA is a comprehensive open source management platform designed to help organizations maintain security, license compliance, and quality standards across all third-party code. It automates the scanning and analysis of codebases to identify open source dependencies, providing tools to ensure compliance and security throughout the Software Development Life Cycle (SDLC). The platform caters to a range of users, from individuals and small teams to large enterprises, offering features like vulnerability management, regulatory reporting (SBOMs), and proactive dependency maintenance. FOSSA supports all major languages, frameworks, and CI/CD runtimes, making it a versatile solution for engineering teams looking to manage their open source effectively. Its AI-powered agent, fossabot, further enhances this by automatically reviewing dependency updates for breaking changes and code impact, streamlining the update process and reducing technical debt.
how we evaluateSourcefossa.com

Reviews

Be the first to review FOSSA

Your take helps the next buyer. Verified LinkedIn reviewers get a badge.

Write a review

Best FOSSA Alternatives

Top alternatives based on features, pricing, and user needs.

Veracode logo
VeracodePaid

Application security testing platform

Checkmarx logo
CheckmarxPaid

Application security testing platform

See all Vulnerability Scanning tools →

Explore More

Best Vulnerability Scanning ToolsBest Compliance Management ToolsBest Free Vulnerability ScanningBest Free Compliance Management

FOSSA FAQ

What is FOSSA?

FOSSA is a modern open source management platform that helps teams manage software licenses, security vulnerabilities, and code quality. It automatically scans and analyzes your codebase to identify open source dependencies and provides tools to ensure compliance and security.

How much does FOSSA cost?

FOSSA offers a Free plan for individuals and small teams. The Business plan costs $20 per project per month (billed annually) for growing teams. The Enterprise plan requires custom pricing and features, and you need to contact sales for a quote. Add-ons like Snippet Scanning and Binary Scanning are also custom priced.

Is FOSSA free?

Yes, FOSSA offers a Free plan that includes 5 projects, 10 contributing developers, 1 release group, 5 dependency levels for scans, 1 quality check, and 5 imported SBOMs, along with basic email support and API access.

Who is FOSSA for?

FOSSA is for individuals, small teams, growing teams, and large enterprises that need to manage open source licenses, security vulnerabilities, and code quality across their software supply chain. It's particularly useful for engineering teams focused on compliance, security, and maintaining up-to-date dependencies.

Source: fossa.com