SBOM Starter Kit: Get Your Copy

Start for Free.
Scale as you go.

Free

license compliance
Scan and automatically identify, manage, and address open source licensing issues
$0/month
Features
Up to 100 developers
Limited to 5 projects
1 user
5 dependency depth levels

Business

license compliance
Scan and automatically identify, manage, and address open source licensing issues
Prevent vulnerabilities from entering your codebase with curated vulnerability data
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
$104/month
Features
Up to 100 developers
Unlimited projects
Users + Teams
All dependency depth levels
Container scanning
Dedicated Slack channel
C/C++ Security and License Scanning

Enterprise

license compliance
Scan and automatically identify, manage, and address open source licensing issues
Vulnerability Managment
Scan and automatically identify, manage, and address open source licensing issues
100+ developers
Custom Pricing
Features
100+ users
Unlimited projects
Users + Teams w/RBAC
All dependency depth levels
Container scanning
Premium dedicated Slack channel
Custom policy templates
On-premises deployment
C/C++ Security and License Scanning

Compare Plans

Main Features

Projects
5
Unlimited
Unlimited
Continuous Monitoring
Integrates into your CI/CD pipeline for analysis and scans of your builds
API Support
Access FOSSA data via the public API
3rd-Party Attribution Report
Audit-ready attributions that include raw copyright notices that you can distribute to users
SBOM Report w / SPDX, CycloneDX (with VEX)
Human and machine readable formats in SPDX or CycloneDX (with VEX). Export or have FOSSA host
Issue Dashboard
Organization-wide dashboard to triage issues across projects and teams
Global Component Bundle
Inventory of all packages across your organization
Default Policies
Preset rules to identify common issues in your code
On-Prem
Optionally deploy FOSSA on to your own infrastructure
Release Groups
Bundle multiple projects to track as a group
Customizable Policies
Customizable rules to identify issues in your code based on your organizational needs
SBOM Import
Import third-party SBOMs including Cyclone DX

Code Scanning

Source Code Scanning
Scan and detect direct and indirect dependencies in your code
Transitive Dependency Discovery
Identification of dependencies transitively introduced by direct dependencies
Branch/Tag Scanning
Ability to scan branches or tags in your repositories
Container Scanning
Scan base container images for vulnerabilities (included with Security)
Included with Security
Included with Security
Scan Depth Levels
Depth level of your constructed dependency graph
5
Unlimited
Unlimited

Compliance

Compliance Identification
Policy scans to identify compliance issues in your open source dependencies
Compliance Management
Workflow to understand and remediate compliance issues
Project Compliance Report
Customizable license reports with unlimited detail and depth
Organization License & Package Report
Organization-wide report on licenses and packages
Direct Dependencies Only
Audit/Due Diligence Report
Organization-wide report on issues and project changes

Security

Vulnerability Identification
Issue scans to identify security issues in your open source dependencies
Included with Security
Included with Security
Vulnerability Management
Workflow to understand and remediate security issues
Included with Security
Included with Security
Vulnerability Report
Generate a project report of vulnerabilities found and remediated
Included with Security
Included with Security
Organization Vulnerability Report
Generate an organization report of vulnerabilities found and remediated
Included with Security
Included with Security

Admin Controls

Audit Logs
Audited log of actions taken by users
Single-Sign On (SSO)
Access to SSO services such as Google, GitHub, etc.
Role-Based Access Control (RBAC)
Control over roles and permissions for all organizational users

Support

Priority Email
Quick replies to your emails
Onboarding And Support
White glove support, onboarding, feature roadmap priority and training services bundled into your FOSSA subscription
Technical Service Level Agreements (SLAs)
SLAs for support and escalation response times
Dedicated Slack Channel
Communicate directly with our team via a private Slack channel
Basic
Basic
Basic

Frequently Asked Questions

How does per-developer pricing work?

We track unique committers to private repos that are actively running in FOSSA with no limit on repo count. You can start off with fewer active repos/teams and easily scale across your org.

Why per-developer pricing?

Our pricing scales directly with the number of developers on your team. Developers are counted as unique active contributors. Contact us about cases of contributors outside your staff.

Do you discount non-commercial projects?

We offer special plans for non-profit, educational institution, and open source project budgets.

Do you offer annual plans?

Yes, we do! Contact us for details. On-prem deployments are priced annually by default.