diff --git a/.fossa.yml b/.fossa.yml
new file mode 100644
index 00000000..b7fd9156
--- /dev/null
+++ b/.fossa.yml
@@ -0,0 +1,5 @@
+version: 3
+server: https://app.fossa.com
+project:
+  id: "kafka-connect-splunk"
+  team: "TA-Automation"
\ No newline at end of file
diff --git a/.github/workflows/ci_build_test.yaml b/.github/workflows/ci_build_test.yaml
index 6d457220..be62b063 100644
--- a/.github/workflows/ci_build_test.yaml
+++ b/.github/workflows/ci_build_test.yaml
@@ -5,12 +5,41 @@ on:
     branches-ignore:
       - /^release\/.*/
       - master
+  workflow_call:
+    secrets:
+      FOSSA_API_KEY:
+        description: API token for FOSSA app
+        required: true
 
 jobs:
+  fossa-scan:
+    continue-on-error: true
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: run fossa anlyze and create report
+        run: |
+          curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
+          fossa analyze --debug
+          fossa report attribution --format text > /tmp/THIRDPARTY
+        env:
+          FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
+      - name: upload THIRDPARTY file
+        uses: actions/upload-artifact@v2
+        with:
+          name: THIRDPARTY
+          path: /tmp/THIRDPARTY
+      - name: run fossa test
+        run: |
+          fossa test --debug
+        env:
+          FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
 
   build-unit-test:
     name: build and run unit test
     runs-on: ubuntu-20.04
+    needs:
+      - fossa-scan
     steps:
       - name: Checkout
         uses: actions/checkout@v2