Versions:
FOSSA CLI is a fast, portable and reliable command-line utility whose sole purpose is to deliver exhaustive dependency analysis for any codebase, enabling development, security and compliance teams to discover, track and report every open-source component embedded in their projects. Written in Go and distributed as a single self-contained binary, the tool integrates transparently into CI pipelines, container builds and local development workflows, scanning package manifests, lock files and installed artifacts across more than 120 language ecosystems—including npm, Maven, Gradle, Go modules, Cargo, NuGet, Pip and RubyGems—without requiring source-code upload or network access to external services. Once dependencies are identified, the CLI emits machine-readable JSON, SPDX, CycloneDX or custom reports that can be consumed by license-policy engines, vulnerability scanners and SBOM generators, supporting use cases such as license compliance audits, software-supply-chain security reviews, M&A due-diligence checks and regulatory submissions. Version 3.16.7, the 63rd public release since the project’s inception, continues the tool’s tradition of zero-dependency distribution, sub-second scan times and deterministic output hashes, making it suitable for reproducible builds and containerized environments. The executable runs natively on Windows, macOS and Linux, accepts path filters and ignore rules to reduce noise in monorepos, and respects proxy settings for enterprises operating behind restrictive firewalls. As an essential component of the broader FOSSA platform, the CLI can also be used in standalone mode when air-gapped or offline operation is mandated. The software is available for free on get.nero.com, with downloads provided via trusted Windows package sources (e.g. winget), always delivering the latest version, and supporting batch installation of multiple applications.
Tags: