SBOM Starter Kit: Get Your Copy

Start for Free.
Scale as you go.

Free

license compliance
Scan and automatically identify, manage, and address open source licensing issues
$0/month
Features
Up to 100 code contributors
Limited to 5 projects
1 user
5 dependency depth levels

Business

license compliance
Scan and automatically identify, manage, and address open source licensing issues
Find and fix open source vulnerabilities with smart remediation guidance
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
$104/month
Features
Up to 100 code contributors
Unlimited projects
Users + Teams
All dependency depth levels
Container scanning
C/C++ Security and License Scanning

Enterprise

license compliance
Scan and automatically identify, manage, and address open source licensing issues
Vulnerability Management
Find and fix open source vulnerabilities with smart remediation guidance
Release Management
Manage and ship your releases faster, automate SBOM compliance
100+ Code Contributors
Custom Pricing
Features
100+ code contributors
Unlimited projects
Users + Teams w/RBAC
All dependency depth levels
Container scanning
C/C++ Security and License Scanning
SBOM Regulatory Compliance (FDA, PCI)
Dedicated Slack channel
On-premises deployment

Compare Plans

Main Features

Projects
5
Unlimited
Unlimited
Continuous Monitoring
Integrates into your CI/CD pipeline for analysis and scans of your builds
API Support
Access FOSSA data via the public API
3rd-Party Attribution Report
Audit-ready attributions that include raw copyright notices that you can distribute to users
SBOM Report w / SPDX, CycloneDX (with VEX)
Human and machine readable formats in SPDX or CycloneDX (with VEX). Export or have FOSSA host
Issue Dashboard
Organization-wide dashboard to triage issues across projects and teams
Global Component Bundle
Inventory of all packages across your organization
Default Policies
Preset rules to identify common issues in your code
On-Prem
Optionally deploy FOSSA on to your own infrastructure
Release Groups
Bundle multiple projects to track as a group
Customizable Policies
Customizable rules to identify issues in your code based on your organizational needs
SBOM Import
Import third-party SBOMs including Cyclone DX

Code Scanning

Source Code Scanning
Scan and detect direct and indirect dependencies in your code
Transitive Dependency Discovery
Identification of dependencies transitively introduced by direct dependencies
Branch/Tag Scanning
Ability to scan branches or tags in your repositories
Container Scanning
Scan base container images for vulnerabilities (included with Security)
Included with Security
Included with Security
Scan Depth Levels
Depth level of your constructed dependency graph
5
Unlimited
Unlimited

Compliance

Compliance Identification
Policy scans to identify compliance issues in your open source dependencies
Compliance Management
Workflow to understand and remediate compliance issues
Project Compliance Report
Customizable license reports with unlimited detail and depth
Organization License & Package Report
Organization-wide report on licenses and packages
Direct Dependencies Only
Audit/Due Diligence Report
Organization-wide report on issues and project changes

Security

Vulnerability Identification
Issue scans to identify security issues in your open source dependencies
Included with Security
Included with Security
Vulnerability Management
Workflow to understand and remediate security issues
Included with Security
Included with Security
Vulnerability Report
Generate a project report of vulnerabilities found and remediated
Included with Security
Included with Security
Organization Vulnerability Report
Generate an organization report of vulnerabilities found and remediated
Included with Security
Included with Security

Admin Controls

Audit Logs
Audited log of actions taken by users
Single-Sign On (SSO)
Access to SSO services such as Google, GitHub, etc.
Role-Based Access Control (RBAC)
Control over roles and permissions for all organizational users

Customer Success & Technical Support

Basic Email Support
Round-robin support via support@fossa.com
Priority Email Support
Dedicated support engineer*  and priority handling. *Dedicated support engineer provided at FOSSA's discretion
Customer Success Manager & Engineer
Includes guided onboarding, continuous enablement & ongoing goals, success mapping, and dedicated slack channel
Service Level Agreements (SLAs)
SLAs for support and escalation response times

Frequently Asked Questions

How does code contributor pricing work?

We track unique committers to private repos that are actively running in FOSSA with no limit on repo count. You can start off with fewer active repos/teams and easily scale across your org.

Why code contributor pricing?

Our pricing scales directly with the number of developers on your team who contribute code to private repos that are actively running in FOSSA. Contact us about cases of contributors outside your staff.

Do you discount non-commercial projects?

We offer special plans for non-profit, educational institution, and open source project budgets.

Do you offer annual plans?

Yes, we do! Contact us for details. On-prem deployments are priced annually by default.