The action sets up and caches the latest release of fossa-cli, infer the correct configuration from the current system state, analyze the project for a list of its dependencies, and upload the results to FOSSA.
Why do you think that https://github.com/jeremylong/DependencyCheck is a good alternative to fossa-action