fossa-cli uses the path provided in the following environment variable to infer root certificate store:
SSL_CERT_FILESSL_CERT_DIRSYSTEM_CERTIFICATE_PATH(only for linux)
If none of these environment variables are provided, fossa-cli uses a system store to retrieve signed certificates.
fossa-cli looks for certificate store in the following paths:
/etc/ssl/certs//system/etc/security/cacerts//usr/local/share/certs//etc/ssl/cert.pem
fossa-cli creates a certificate store by finding all signed certificates.
We use following command to retrieve all signed certificates: security find-certificate -pa /System/Library/Keychains/SystemRootCertificates.keychain /Library/Keychains/System.keychain
fossa-cli retrieves certificates store by performing,
From which, CertEnumCertificatesInStore perform until exhaustion to retrieve all signed certificates.
We recommended that you leverage the operating system's certificate store instead of using environment variables.
In Windows:
$Env:SSL_CERT_FILE = "\path\to\rootCa"
fossa analyze
In Linux:
SSL_CERT_FILE=path/to/rootCa fossa analyze
In Osx:
SSL_CERT_FILE=path/to/rootCa fossa analyze