Fossa's fossa-deps file

FOSSA CLI's fossa-deps file

Type object
File match fossa-deps.yml fossa-deps.yaml fossa-deps.json
Schema URL https://catalog.lintel.tools/schemas/schemastore/fossa-s-fossa-deps-file/latest.json
Source https://raw.githubusercontent.com/fossas/fossa-cli/master/docs/references/files/fossa-deps.schema.json

Validate with Lintel

npx @lintel/lintel check
Type: object

fossa-deps for dependency specification for FOSSA CLI

Properties

version integer
referenced-dependencies referenced-dependency[]

Reference dependency to locate from registry and include it project's dependency and license scanning.

custom-dependencies custom-dependency[]

Custom dependency and their license for project

vendored-dependencies vendored-dependency[]

Local dependencies upload to server for license scanning

remote-dependencies remote-dependency[]

Remote dependencies to license scanning

fork-aliases fork-alias[]

Fork aliases to map your fork dependencies to their base dependencies. Matching: if fork version is specified, only that exact version matches; if not specified, any version matches. Translation: if base version is specified, always use that version; if not specified, preserve the original version.

Definitions

label object
label string required

The label to be added to the dependency.

minLength=1maxLength=255
scope string required

The scope of the label.

Values: "org" "revision" "project"
os enum

Name of the distribution OS.

dependency-type enum

Type of the dependency. It informs FOSSA which relevant registries to search for dependency's distribution.

referenced-app-dependency object
name string required

Name of the dependency. This name will be used to search for dependency in relevant registries.

minLength=1
type enum required

Type of the dependency. It informs FOSSA which relevant registries to search for dependency's distribution.

Values: "bower" "cargo" "carthage" "composer" "cpan" "renv" "gem" "git" "go" "hackage" "hex" "maven" "npm" "nuget" "paket" "pub" "pypi" "cocoapods" "swift" "url"
version string

Version of the dependency. It informs FOSSA which version of the dependency to scan. If not provided, latest version will be used.

labels label[]
referenced-apk-deb-dependency object
name string required

Name of the dependency. This name will be used to search for dependency in relevant registries.

minLength=1
type enum required

Type of the dependency. It informs FOSSA which relevant registries to search for dependency's distribution.

Values: "apk" "deb"
arch string required

Architecture associated with this package

minLength=1
os enum required

Name of the distribution OS.

Values: "alpine" "centos" "debian" "redhat" "ubuntu" "oraclelinux" "busybox" "sles" "fedora" "rocky"
osVersion string required

Version of the distribution OS.

minLength=1
version string

Version of the dependency. It informs FOSSA which version of the dependency to scan. If not provided, latest version will be used.

labels label[]
referenced-rpm-dependency object
name string required

Name of the dependency. This name will be used to search for dependency in relevant registries.

minLength=1
type enum required

Type of the dependency. It informs FOSSA which relevant registries to search for dependency's distribution.

Values: "rpm-generic"
arch string required

Architecture associated with this package

minLength=1
os enum required

Name of the distribution OS.

Values: "alpine" "centos" "debian" "redhat" "ubuntu" "oraclelinux" "busybox" "sles" "fedora" "rocky"
osVersion string required

Version of the distribution OS.

minLength=1
version string

Version of the dependency. It informs FOSSA which version of the dependency to scan. If not provided, latest version will be used.

epoch string

Epoch associated with version (if any).

minLength=1
labels label[]
referenced-dependency referenced-app-dependency | referenced-apk-deb-dependency | referenced-rpm-dependency
custom-dependency object
name string required

Name of the dependency. This will be the name used in FOSSA's dashboard.

minLength=1
version string required

Version of the dependency. This will be the version used in FOSSA's dashboard.

minLength=1
license string required

License of the dependency. This string will be used to infer license type.

minLength=1
metadata object
2 nested properties
description string

Description of the dependency (if any)

homepage string

Homepage of the dependency. This should be web address.

labels label[]
vendored-dependency object
name string required

Name of the dependency. This will be the name associated with this vendored dependency in FOSSA's dashboard

minLength=1
path string required

Path to directory, which will be archived and upload to provided endpoint for license scanning.

minLength=1
version string

Version of the dependency. This will be the version associated with this vendored dependency in FOSSA's dashboard

metadata object
2 nested properties
description string

Description of the dependency (if any)

homepage string

Homepage of the dependency. This should be web address.

labels label[]
remote-dependency object
name string required

Name of the dependency. This will be the version used in FOSSA's dashboard.

minLength=1
url string required

Url of the dependency's source code. This will be the downloaded by FOSSA for scanning with the analysis.

minLength=1
version string required

Version of the dependency.

metadata object
2 nested properties
description string

Description of the dependency (if any)

homepage string

Homepage of the dependency. This should be web address.

labels label[]
fork-alias-entry object
type enum required

Type of the dependency. It informs FOSSA which relevant registries to search for dependency's distribution.

Values: "bower" "cargo" "carthage" "composer" "cpan" "renv" "gem" "git" "go" "hackage" "hex" "maven" "npm" "nuget" "paket" "pub" "pypi" "cocoapods" "swift" "url"
name string required

Name of the dependency. This name will be used to search for dependency in relevant registries.

minLength=1
version string

Version of the dependency. It informs FOSSA which version of the dependency to scan. Optional. See fork aliases documentation for more information.

fork-alias object
fork object required
3 nested properties
type enum required

Type of the dependency. It informs FOSSA which relevant registries to search for dependency's distribution.

Values: "bower" "cargo" "carthage" "composer" "cpan" "renv" "gem" "git" "go" "hackage" "hex" "maven" "npm" "nuget" "paket" "pub" "pypi" "cocoapods" "swift" "url"
name string required

Name of the dependency. This name will be used to search for dependency in relevant registries.

minLength=1
version string

Version of the dependency. It informs FOSSA which version of the dependency to scan. Optional. See fork aliases documentation for more information.

base object required
3 nested properties
type enum required

Type of the dependency. It informs FOSSA which relevant registries to search for dependency's distribution.

Values: "bower" "cargo" "carthage" "composer" "cpan" "renv" "gem" "git" "go" "hackage" "hex" "maven" "npm" "nuget" "paket" "pub" "pypi" "cocoapods" "swift" "url"
name string required

Name of the dependency. This name will be used to search for dependency in relevant registries.

minLength=1
version string

Version of the dependency. It informs FOSSA which version of the dependency to scan. Optional. See fork aliases documentation for more information.

labels label[]

Optional labels to be applied to the fork alias.