A CLI and MCP server for querying the FOSSA API.
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/fossas/fossapi/releases/latest/download/fossapi-installer.sh | shpowershell -ExecutionPolicy ByPass -c "irm https://github.com/fossas/fossapi/releases/latest/download/fossapi-installer.ps1 | iex"cargo install --git https://github.com/fossas/fossapiSet your FOSSA API key:
export FOSSA_API_KEY=your_api_key_here# List all projects
fossapi list projects
# Get a specific project
fossapi get project "custom+1/my-project"
# Update project metadata
fossapi update project "custom+1/my-project" --title "New Title"# List revisions for a project
fossapi list revisions "custom+1/my-project"
# Get a specific revision
fossapi get revision "custom+1/my-project\$abc123"# List dependencies for a revision
fossapi list dependencies "custom+1/my-project\$abc123"Issues come in three categories: vulnerability, licensing, and quality.
# List vulnerabilities
fossapi list issues --category vulnerability
# List licensing issues
fossapi list issues --category licensing
# Get a specific issue
fossapi get issue 12345# Pretty tables (default)
fossapi list projects
# JSON output
fossapi list projects --jsonRun as an MCP server for use with Claude Code or other AI tools:
fossapi mcpAdd to your MCP config:
{
"mcpServers": {
"fossa": {
"type": "stdio",
"command": "fossapi",
"args": ["mcp"],
"env": {
"FOSSA_API_KEY": "your_key"
}
}
}
}Note: If
fossapiisn't in your PATH, use the full path:~/.cargo/bin/fossapi
| Tool | Description |
|---|---|
get |
Fetch a single project, revision, or issue by ID |
list |
List projects, revisions, dependencies, or issues |
update |
Update project metadata (title, description, url, public) |
FOSSA uses locators to identify entities:
- Project:
custom+{org_id}/{project_name} - Revision:
custom+{org_id}/{project_name}${revision_ref} - Dependency:
{fetcher}+{package}${version}(e.g.,npm+lodash$4.17.21)