The web application can essentially be deployed in different ways, giving the customer the flexibility and security it needs for its compliance effort: “Regular deployment”, and “Offline deployment”. For prospective customers there is also an “Evaluation deployment” option.
In “Regular Deployment”, the web application, together with a small reference repository, are installed at the customer premises. The repository keeps track of the various license types known in the FOSSID knowledge base, and stores information about the scanned software components and files. The web app scans the code and converts it into a corresponding digital signature, which is sent through the cloud to the knowledge base for matching. The repository stores the digital signatures, or “hashes”, together with the found matches. No actual code is ever sent or transmitted outside of the customer premises; only its signatures, which is not only more secure, but also much more efficient and much less resource heavy.
In “Offline Deployment”, both the web application and the knowledge database is installed at the customer premises. This is for customers requiring a completely sealed environment and absolute control of their software and process.
For evaluation purposes, the FOSSID scanning can also be accessed in a configuration where the web app and the knowledge database both are located at the FOSSID server.
Features of the FOSSID Web Application
The Web app provides advanced scanning functionality across several projects or products, access and team management, and powerful report generation. It enables a RESTful API for seamless CI-CD integration, and can be deployed natively or as a Docker container. A WebApp instance can be shared globally within a company, or deployed per team.