> For the complete CircleCI developer hub index, see [llms.txt](https://circleci.com/developer/llms.txt)

# fossa/cli

This orb integrates open source licensing compliance and vulnerability checks into your CI/CD workflow.
Source - https://github.com/fossas/fossa-cli-orb
Docs - https://github.com/fossas/fossa-cli/blob/master/docs/user-guide.md/#cli-reference


## Commands

### setup

Executes all the commands necessary to integrate fossa-cli into your CI/CD workflow.
Note that the fossa-cli will check for the existence of a FOSSA_API_KEY environment variable.
Please refer to https://docs.fossa.com/docs/api-reference for more details regarding the
FOSSA_API_KEY.


## Jobs

### analyze

Analyze a project


| Parameter | Type | Default | Description |
|---|---|---|---|
| `fossa-api-key` | env_var_name | FOSSA_API_KEY | The fossa-cli will check for the existence of a FOSSA_API_KEY environment variable.
Users will need to obtain a FOSSA_API_KEY prior to running a FOSSA analysis.
Please refer to https://docs.fossa.com/docs/api-reference for more details.
 |
| `save_artifact` | boolean | true | Saves an artifact with the results of the analysis. |
| `debug` | boolean | false | Include the boolean flag. |

## Executors

### default

A basic linux environment. Override with your own Docker image if needed.


| Parameter | Type | Default | Description |
|---|---|---|---|
| `image` | string | cimg/base@2019.08-node | Select a custom Docker image. https://hub.docker.com/r/circleci/
 |

## Examples

### analyze_job

Analyze a project from within your workflow automatically.


```yaml
version: 2.1
orbs:
  fossa-cli: fossa/cli@0.0.3
workflows:
  fossa-integration:
    jobs:
      - fossa-cli/analyze:
          post-steps:
            - run: null
```

### custom_commands

Install and configure the Fossa CLI in your custom jobs.

```yaml
version: 2.1
orbs:
  fossa-cli: fossa/cli@0.0.3
jobs:
  my-job:
    executor: fossa-cli/default
    steps:
      - checkout
      - fossa-cli/setup
      - run: echo "Run more commands here"
```