Now, it’s even easier to automate your open source compliance!
Ensuring OSS license compliance can cause everything to come to a halt, breaking CI/CD pipelines. We’re excited to release FOSSA’s CircleCI orb to make sure that you can use open-source responsibly, without blocking your engineering team.
Using the FOSSA CLI tool, you can easily catch issues with licensing early by integrating directly into your build process, shifting your open source management process left. FOSSA’s tool accurately maps your dependencies, ensuring that all deep dependencies are found. When an issue does come up (like a restrictive GPL license in one of your deep dependencies), it is easy to remediate in FOSSA’s workflow and prebuilt open source policies. An otherwise tricky process is made much easier for the engineering, legal and security teams involved!
But now with the orb on CircleCI’s orb registry, it’s even easier! The orb allows teams using CircleCI to easily add FOSSA’s checks, driving even more efficiency for engineering teams.
Check out the orb here, and our documentation for integration here.