The FOSSID Web Application

The FOSSID web application provides a graphical user interface for individuals or teams to conduct their open source software compliance activities, including audits.

The web application can essentially be deployed in different ways, giving the customer the flexibility and security it needs for its compliance effort: “Regular deployment”, and “Offline deployment”. For prospective customers there is also an “Evaluation deployment” option.

The web application relies on the FOSSID knowledge base, which, thanks to a patented technology allows vast amounts of reference source code data from all the world’s open source repositories to be automatically crawled and stored in a very efficient way. This allows a scan engine to find the appropriate matches both on component, file and even snippet level – including known security vulnerabilities – extremely fast. The knowledge base is updated on a frequent basis to ensure that it is always in sync with the latest versions of all open source projects.

Regular Deployment

In “Regular Deployment”, the web application, together with a small reference repository, are installed at the customer premises. The repository keeps track of the various license types known in the FOSSID knowledge base, and stores information about the scanned software components and files. The web app scans the code and converts it into a corresponding digital signature, which is sent through the cloud to the knowledge base for matching. The repository stores the digital signatures, or “hashes”, together with the found matches. No actual code is ever sent or transmitted outside of the customer premises; only its signatures, which is not only more secure, but also much more efficient and much less resource heavy.

Offline Deployment

In “Offline Deployment”, both the web application and the knowledge database is installed at the customer premises. This is for customers requiring a completely sealed environment and absolute control of their software and process.

For evaluation purposes, the FOSSID scanning can also be accessed in a configuration where the web app and the knowledge database both are located at the FOSSID server.

Features of the FOSSID Web Application

The Web app provides advanced scanning functionality across several projects or products, access and team management, and powerful report generation. It enables a RESTful API for seamless CI-CD integration, and can be deployed natively or as a Docker container. A WebApp instance can be shared globally within a company, or deployed per team.

See the clip below of how you can detect and identify open source components, files, and snippets in your code base (and their corresponding licenses) with the FOSSID web application.