{"id":44034927,"url":"https://github.com/levz0r/fossa-license-scanner","last_synced_at":"2026-02-07T19:40:37.702Z","repository":{"id":310029966,"uuid":"1038453052","full_name":"levz0r/fossa-license-scanner","owner":"levz0r","description":"GitHub Action for FOSSA license scanning with detailed PR comments and policy violation reporting. Automates license compliance checks with intelligent violation analysis and actionable feedback.","archived":false,"fork":false,"pushed_at":"2025-08-15T08:43:51.000Z","size":17,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-09-26T05:51:21.915Z","etag":null,"topics":["ci-cd","compliance","composite-action","dependency-scanning","fossa","license-compliance","license-policy","license-scanning"],"latest_commit_sha":null,"homepage":"https://github.com/levz0r/fossa-license-scanner","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/levz0r.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-08-15T08:17:19.000Z","updated_at":"2025-08-15T08:39:39.000Z","dependencies_parsed_at":"2025-08-15T09:29:38.073Z","dependency_job_id":"aaa92c6b-2c77-413c-9457-4f7543c8984b","html_url":"https://github.com/levz0r/fossa-license-scanner","commit_stats":null,"previous_names":["levz0r/fossa-license-scanner"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/levz0r/fossa-license-scanner","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/levz0r%2Ffossa-license-scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/levz0r%2Ffossa-license-scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/levz0r%2Ffossa-license-scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/levz0r%2Ffossa-license-scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/levz0r","download_url":"https://codeload.github.com/levz0r/fossa-license-scanner/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/levz0r%2Ffossa-license-scanner/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29205604,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-07T17:44:10.191Z","status":"ssl_error","status_checked_at":"2026-02-07T17:44:07.936Z","response_time":63,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ci-cd","compliance","composite-action","dependency-scanning","fossa","license-compliance","license-policy","license-scanning"],"created_at":"2026-02-07T19:40:37.022Z","updated_at":"2026-02-07T19:40:37.677Z","avatar_url":"https://github.com/levz0r.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# FOSSA License Scanner\n\n[![FOSSA Status](https://app.fossa.com/api/projects/custom%2B56511%2Ffossa-license-scanner-demo.svg?type=small)](https://app.fossa.com/projects/custom%2B56511%2Ffossa-license-scanner-demo?ref=badge_small)\n\nA comprehensive GitHub Action for FOSSA license scanning with detailed PR comments and policy violation reporting. This action combines FOSSA analysis with intelligent reporting to help maintain license compliance in your projects.\n\n## Features\n\n- 🔍 **Automated FOSSA scanning** - Runs FOSSA analyze and test commands\n- 💬 **Detailed PR comments** - Posts comprehensive violation details in pull requests\n- 🛡️ **Policy enforcement** - Configurable failure on license violations\n- 📊 **Rich reporting** - Detailed violation information with package names and licenses\n- 🔗 **Dashboard integration** - Direct links to FOSSA dashboard for detailed analysis\n- ⚡ **Easy setup** - Minimal configuration required\n\n## Quick Start\n\n```yaml\nname: License Scan\non: [pull_request]\n\njobs:\n  fossa-scan:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - name: FOSSA License Scan\n        uses: levz0r/fossa-license-scanner@v1\n        with:\n          api-key: ${{ secrets.FOSSA_API_KEY }}\n          project: \"my-project\"\n```\n\n\u003e 💡 **Want to see it in action?** Check out our [comprehensive demo workflow](.github/workflows/demo.yml) that showcases all features with real examples you can test immediately!\n\n## Usage\n\n### Basic Configuration\n\n```yaml\n- name: FOSSA License Scan\n  uses: levz0r/fossa-license-scanner@v1\n  with:\n    api-key: ${{ secrets.FOSSA_API_KEY }}\n    project: \"my-project\"\n```\n\n### Advanced Configuration\n\n```yaml\n- name: FOSSA License Scan\n  uses: levz0r/fossa-license-scanner@v1\n  with:\n    api-key: ${{ secrets.FOSSA_API_KEY }}\n    project: \"my-project\"\n    branch: ${{ github.head_ref }}\n    fail-on-violations: true\n    github-token: ${{ secrets.GITHUB_TOKEN }}\n```\n\n### Complete Workflow Example\n\n```yaml\nname: License Compliance\n\non:\n  pull_request:\n  push:\n    branches: [main, develop]\n\npermissions:\n  contents: read\n  pull-requests: write\n\njobs:\n  fossa-scan:\n    name: FOSSA License Scan\n    runs-on: ubuntu-latest\n\n    steps:\n      - name: Checkout code\n        uses: actions/checkout@v4\n\n      - name: Run FOSSA License Scan\n        uses: levz0r/fossa-license-scanner@v1\n        with:\n          api-key: ${{ secrets.FOSSA_API_KEY }}\n          project: \"my-awesome-project\"\n          fail-on-violations: true\n\n      - name: Handle scan results\n        if: always()\n        run: |\n          echo \"Violations found: ${{ steps.fossa-scan.outputs.violations-found }}\"\n          echo \"Violations count: ${{ steps.fossa-scan.outputs.violations-count }}\"\n          echo \"Dashboard: ${{ steps.fossa-scan.outputs.dashboard-url }}\"\n```\n\n## Inputs\n\n| Input                | Description                                                         | Required | Default        |\n| -------------------- | ------------------------------------------------------------------- | -------- | -------------- |\n| `api-key`            | FOSSA API key for authentication                                    | Yes      | -              |\n| `project`            | Project name in FOSSA (must match your FOSSA project configuration) | Yes      | -              |\n| `branch`             | Branch name to scan                                                 | No       | Current branch |\n| `fail-on-violations` | Whether to fail the action when license policy violations are found | No       | `true`         |\n| `github-token`       | GitHub token for posting PR comments                                | No       | `github.token` |\n\n## Outputs\n\n| Output             | Description                                                        |\n| ------------------ | ------------------------------------------------------------------ |\n| `violations-found` | Boolean indicating whether license policy violations were detected |\n| `violations-count` | Number of license policy violations found                          |\n| `dashboard-url`    | URL to the FOSSA dashboard for this project                        |\n\n## PR Comments\n\nThe action automatically posts detailed comments on pull requests with:\n\n### ✅ Clean Scan Results\n\n- Clear indication when no violations are found\n- Summary of scan status\n- Links to FOSSA dashboard\n\n### ⚠️ Violation Reports\n\n- Detailed list of each license violation\n- Package names and versions\n- License types causing violations\n- Policy rules that were triggered\n- Direct links to FOSSA dashboard for each issue\n- Actionable next steps\n\n### ❌ Error Handling\n\n- Clear error messages when scans fail\n- Guidance on troubleshooting steps\n- Links to logs and documentation\n\n## Setup Guide\n\n### 1. FOSSA Account Setup\n\n1. Create a [FOSSA account](https://fossa.com)\n2. Set up your project in FOSSA\n3. Generate an API key from your FOSSA settings\n\n### 2. GitHub Secrets Configuration\n\nAdd your FOSSA API key as a repository secret:\n\n1. Go to your repository settings\n2. Navigate to \"Secrets and variables\" → \"Actions\"\n3. Add a new secret named `FOSSA_API_KEY`\n4. Paste your FOSSA API key as the value\n\n### 3. Permissions Setup\n\nEnsure your workflow has the necessary permissions:\n\n```yaml\npermissions:\n  contents: read # Required for checkout\n  pull-requests: write # Required for PR comments\n```\n\n### 4. Project Name Configuration\n\nThe `project` input must exactly match your project name in FOSSA. You can find this in:\n\n- Your FOSSA dashboard URL\n- FOSSA project settings\n- Previous FOSSA configuration files\n\n## Troubleshooting\n\n### Common Issues\n\n**\"Project not found\" error:**\n\n- Verify the `project` input matches your FOSSA project name exactly\n- Check that your API key has access to the project\n- Ensure the project exists in your FOSSA account\n\n**\"API key invalid\" error:**\n\n- Verify your `FOSSA_API_KEY` secret is set correctly\n- Check that the API key hasn't expired\n- Ensure the API key has the necessary permissions\n\n**No PR comments appearing:**\n\n- Verify the `github-token` has `pull-requests: write` permission\n- Check that the action is running on `pull_request` events\n- Ensure the workflow has `permissions.pull-requests: write`\n\n**Scan failing on valid licenses:**\n\n- Review your FOSSA project's license policy settings\n- Check if new dependencies have been added\n- Verify license compatibility with your project's requirements\n\n### Debug Mode\n\nEnable debug logging by setting the `ACTIONS_STEP_DEBUG` secret to `true` in your repository settings.\n\n## Integration Examples\n\n### With Different Package Managers\n\nThe action works with any project that FOSSA supports:\n\n```yaml\n# Node.js project\n- name: Install dependencies\n  run: npm install\n- name: FOSSA Scan\n  uses: levz0r/fossa-license-scanner@v1\n  with:\n    api-key: ${{ secrets.FOSSA_API_KEY }}\n    project: \"my-node-app\"\n```\n\n```yaml\n# Python project\n- name: Install dependencies\n  run: pip install -r requirements.txt\n- name: FOSSA Scan\n  uses: levz0r/fossa-license-scanner@v1\n  with:\n    api-key: ${{ secrets.FOSSA_API_KEY }}\n    project: \"my-python-app\"\n```\n\n### With Build Matrices\n\n```yaml\nstrategy:\n  matrix:\n    project: [\"frontend\", \"backend\", \"mobile\"]\n\nsteps:\n  - uses: actions/checkout@v4\n  - name: FOSSA Scan\n    uses: levz0r/fossa-license-scanner@v1\n    with:\n      api-key: ${{ secrets.FOSSA_API_KEY }}\n      project: ${{ matrix.project }}\n```\n\n### Conditional Execution\n\n```yaml\n- name: FOSSA Scan\n  if: github.event_name == 'pull_request'\n  uses: levz0r/fossa-license-scanner@v1\n  with:\n    api-key: ${{ secrets.FOSSA_API_KEY }}\n    project: \"my-project\"\n    fail-on-violations: ${{ github.base_ref == 'main' }}\n```\n\n## Contributing\n\nContributions are welcome! Please feel free to submit a Pull Request.\n\n### Development Setup\n\n1. Fork this repository\n2. Create a feature branch\n3. Make your changes\n4. Test with a real FOSSA project\n5. Submit a pull request\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## Support\n\n- 📧 Email: [hi@lev.engineer](mailto:hi@lev.engineer)\n- 🐛 Issues: [GitHub Issues](https://github.com/levz0r/fossa-license-scanner/issues)\n- 📖 FOSSA Documentation: [FOSSA Docs](https://docs.fossa.com)\n\n## Related\n\n- [FOSSA CLI](https://github.com/fossas/fossa-cli) - Official FOSSA command line tool\n- [FOSSA Action](https://github.com/marketplace/actions/fossa-action) - Official FOSSA GitHub Action\n- [License Compliance Guide](https://fossa.com/blog/open-source-software-licenses-compliance-guide/)\n\n---\n\n_Made with ❤️ by [Lev Gelfenbuim](https://github.com/levz0r)_\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flevz0r%2Ffossa-license-scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flevz0r%2Ffossa-license-scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flevz0r%2Ffossa-license-scanner/lists"}