FossID-DA configuration options are available directly in fossid.conf and also via fossid-settings.toml files (See more info in FossID-DA-Settings-File section).
Config options:
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Dependency analysis tool settings ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[DEPENDENCY_ANALYSIS]
; FossID-DA Download Settings
da_download_path="/tmp/fossid-da"
; FossID-DA Operating System Settings
; win32, win64, darwin, debian, unix
da_os_type="linux"
; FossID-DA Python Settings
da_python_version="3.11.4"
; FossID-DA NPM Options
da_npm_version="7.24.2"
da_node_version="14.21.3"
; FossID-DA Ruby Settings
da_ruby_version="3.2.2"
da_gem_version="3.0.3"
; FossID-DA .NET Options
da_dotnet_framework=".NETFramework4.5"
da_dotnet_standard=".NETStandard1.3"
; FossID-DA Maven Settings
da_maven_version="3.9.2"
da_scala_version="2.11"
; FossID-DA CocoaPod Options
da_cocoapod_version="1.15.2"
da_swift_version="5.10"
; FossID-DA Scan Settings
; The shinobi path is not recommended to be changed
; It can be changed if the containg directory has the correct permissions
da_shinobi_path="/fossid/bin/shinobi.jar"
; The fossid-cli path is not recommended to be changed
; It can be changed if the containg directory has the correct permissions
da_cli_path="/fossid/bin/fossid-cli"
; Use fossid-cli scanning when getting dependency license informations
da_cli_scan=1
; fossid-shinobi.service Settings
; The fossid-shinobi.service settings are not recommended to be changed
; unless the service is started on another IP
da_shinobi_service="127.0.0.1:9900"
da_local_service="127.0.0.1:9900"
; If lock file is detected (package-lock.json, composer.lock, etc.) ignore it and generate new dependency lock content
da_ignore_lock_manifests=0
; Use single dependency version in dependency tree
da_single_dependency_versions=0
; Log additional info in specific logs
da_additional_debug_info=0
; Get dependency info from C/C++ source files [.cpp, .h, .hh, .hpp]
da_cpp_import_search=0
; Get dependency info from Python source files [.py, .pyi]
da_py_import_search=0
; Get dependency info from Go source files [.go]
da_go_import_search=0
; Get vulnarability information (CPE) for detected dependencies
da_vuln_info=0
; Generate SPDX_LICENSES list from github SPDX link and not from local file
; If value is 0 it will use fossid-da internal SPDX license list
da_dynamically_get_spdx_licenses=0
; Process only unmanaged dependencies.
; This is available only for: C/C++ import statements, Python import statements and Go import statements
da_only_unmanaged=0
; Allow dynamic scopes to be processed. This mostly applies to Maven/Scala/Gradle/Kotlin projects
da_allow_dynamic_scopes=0
; Perform deep scan
; This scan will download, extract and scan all files from dependencies
; More info in FossID-DA-Deep-Scan section
da_deep_scan=0
; Allow processing of manifests from node_modules folders
da_allow_node_modules_processing=0
; Ignore hidden files from being processed
da_ignore_hidden_files=1
; Enable using yarn repository instead of npm repository when resolving dependencies. Used for Yarn projects
da_use_yarn=0
; FossID-DA Logs Settings
da_logs_path="/fossid/logs/fossid-da"
; FossID-DA Scan Sources
; When getting compliance info for dependencies, Fossi-DA will query this source for additional info.
da_libraries_io=1
; FossID-DA Git Settings
; These are used for faster processing of github related components, such as CocoaPod dependencies
da_git_user=""
da_git_token=""
; FossID-DA Dependency Scopes
; Process test scopes. Different project types.
da_ds_test_dependencies=0
; Process development scopes. Different project types.
da_ds_dev_dependencies=0
; Process peer dependencies scopes. Generally NPM projects
da_ds_peer_dependencies=0
; Process plugin dependencies scopes. Generally Maven projects
da_ds_plugin_dependencies=1
; Process extensions dependencies scopes. Generally Maven projects
da_ds_extensions_dependencies=0
; Process provided dependencies scopes. Generally Maven projects
da_ds_provided_dependencies=0
; Process runtime dependencies scopes. Generally Maven projects
da_ds_runtime_dependencies=1
; Process library dependencies scopes. Generally Maven projects
da_ds_library_dependencies=0
; Process optional dependencies scopes. Different project types.
da_ds_optional_dependencies=0
; Process dependency_overrides dependencies scopes. Generally Dart/Pub projects.
da_ds_dependency_overrides=0
; Process framework dependencies scopes. Generally Maven/Scala projects.
da_ds_framework=0
; Process classpath dependencies scopes. Generally Maven/Scala projects.
da_ds_classpath_dependencies=0
; Process ext scopes. Generally PHP/Composer projects
da_ds_ext_dependencies=0
; Process indirect/transitive scopes. Generally Go projects
da_ds_indirect_dependencies=0
; Process hatch evns. Generally Hatch projects
; Comma separated evns. Ex: "default,lint"
da_ds_hatch_envs=""
; FossID-DA Graph Depth
; If the value for any graph depth (gd) options is 0, then it will only process direct dependencies
; and it will skip transitive dependencies
; The default values for the graph depth is set to better match the dependencies from the package manager
da_gd_npm=10
da_gd_maven=5
da_gd_gem=7
da_gd_cocoapod=4
da_gd_cargo=4
da_gd_general=4
da_gd_pypi=3
da_gd_go=2
; Dependency Analysis Proxy Settings
; Activate proxy usage
da_use_proxy=0
;Your proxy hostname or IP
;da_proxy_host=""
;Your proxy port (i.e. 8080)
;da_proxy_port=""
;Your proxy username
;da_proxy_user=""
;Your proxy password (plain text), or
;da_proxy_pass=""
;Your SSL proxy client certificate
;da_proxy_cert=""
;Your private key for SSL and TLS proxy client certificate
;da_proxy_key=""
; FossID-DA Ignore Folders
; Ignore folders when runnig dependency analysis
;da_ignore_folders = ''