Announcing Support for CycloneDX and SBOM Import - Learn More

Start for Free.
Scale as you go.

Free

license compliance
Scan and automatically identify, manage, and address open source licensing issues
$0/month
Features
Up to 100 developers
Limited to 5 projects
Individual users
5 dependency depth levels

Business

license compliance
Scan and automatically identify, manage, and address open source licensing issues
Prevent vulnerabilities from entering your codebase with curated vulnerability data
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
$104/month
Features
Up to 100 developers
Unlimited projects
Users + Teams
All dependency depth levels
Container scanning (*)
Dedicated Slack channel
C/C++ Security and License Scanning

Enterprise

license compliance
Scan and automatically identify, manage, and address open source licensing issues
Vulnerability Managment
Scan and automatically identify, manage, and address open source licensing issues
100+ developers
Custom Pricing
Features
100+ users
Unlimited projects
Users + Teams w/RBAC
All dependency depth levels
All dependency depth levels
Container scanning (*)
Premium dedicated Slack channel
Custom policy templates
On-prem
C/C++ Security and License Scanning

(*) Container Scanning is available only to Vulnerability Management customers.

Compare Plans

Main Features

Projects
5
Unlimited
Unlimited
Continuous Monitoring
Integrates into your CI/CD pipeline for analysis and scans of your builds
API Support
Access FOSSA data via the public API
SBOM/Attribution W SPDX Support
Export projects as SBOMs in .spdx format, based on current formatting standards and ready for public consumption
Webhooks
Event-driven callbacks to other applications
Issue Dashboard
Organization-wide dashboard to triage issues across projects and teams
Global Component Bundle
Inventory of all packages across your organization
Default Policies
Preset rules to identify common issues in your code
On-Prem
Optionally deploy FOSSA on to your own infrastructure
Release Groups
Bundle multiple projects to track as a group
Customizable Policies
Customizable rules to identify issues in your code based on your organizational needs

Code Scanning

Source Code Scanning
Scan and detect direct and indirect dependencies in your code
Transitive Dependency Discovery
Identification of dependencies transitively introduced by direct dependencies
Branch/Tag Scanning
Ability to scan branches or tags in your repositories
Container Scanning
Scan base container images for vulnerabilities (included with Security)
Included with Security
Included with Security
Scan Depth Levels
Depth level of your constructed dependency graph
5
Unlimited
Unlimited

Compliance

Compliance Identification
Policy scans to identify compliance issues in your open source dependencies
Compliance Management
Workflow to understand and remediate compliance issues
Project Compliance Report
Customizable license reports with unlimited detail and depth
Organization License & Package Report
Organization-wide report on licenses and packages
Direct Dependencies Only
Audit/Due Diligence Report
Organization-wide report on issues and project changes

Security

Vulnerability Identification
Issue scans to identify security issues in your open source dependencies
Included with Security
Included with Security
Vulnerability Management
Workflow to understand and remediate security issues
Included with Security
Included with Security
Vulnerability Report
Generate a project report of vulnerabilities found and remediated
Included with Security
Included with Security
Organization Vulnerability Report
Generate an organization report of vulnerabilities found and remediated
Included with Security
Included with Security

Admin Controls

Audit Logs
Audited log of actions taken by users
Single-Sign On (SSO)
Access to SSO services such as Google, GitHub, etc.
Role-Based Access Control (RBAC)
Control over roles and permissions for all organizational users

Support

Priority Email
Quick replies to your emails
Onboarding And Support
White glove support, onboarding, feature roadmap priority and training services bundled into your FOSSA subscription
Technical Service Level Agreements (SLAs)
SLAs for support and escalation response times
Dedicated Slack Channel
Communicate directly with our team via a private Slack channel
Basic
Basic
Basic

Frequently Asked Questions

How does per-developer pricing work?

We track unique committers to private repos that are actively running in FOSSA with no limit on repo count. You can start off with fewer active repos/teams and easily scale across your org.

Why per-developer pricing?

Our pricing scales directly with the number of developers on your team. Developers are counted as unique active contributors. Contact us about cases of contributors outside your staff.

Do you discount non-commercial projects?

We offer special plans for non-profit, educational institution, and open source project budgets.

Do you offer annual plans?

Yes, we do! Contact us for details. On-prem deployments are priced annually by default.