From 9bb97d4310f6c6618d1440123f1338720d3f4a13 Mon Sep 17 00:00:00 2001
From: Daniil Fedotov <daniil.fedotov@kasten.io>
Date: Wed, 30 Oct 2024 17:15:49 -0400
Subject: [PATCH] WIP: fossa scanning

---
 .github/workflows/main.yaml | 13 +++++++++++++
 README.md                   |  2 ++
 2 files changed, 15 insertions(+)

diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
index e5eae51aa3..90ddc365b1 100644
--- a/.github/workflows/main.yaml
+++ b/.github/workflows/main.yaml
@@ -46,6 +46,14 @@ jobs:
       run: echo "${{needs.gomod.outputs.gosum}}" > go.sum
     - run: make golint
 
+  fossa_scan:
+    runs-on: ubuntu-20.04
+    steps:
+    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: fossas/fossa-action@main # Use a specific version if locking is preferred
+      with:
+        api-key: ${{secrets.FOSSA_API_KEY}}
+
   reno_lint:
     runs-on: ubuntu-20.04
     needs: gomod
@@ -88,6 +96,7 @@ jobs:
         make install-minio
       if: matrix.testSuite == 'test'
     - run: make ${{ matrix.testSuite }}
+
   build:
     runs-on: ubuntu-20.04
     needs: gomod
@@ -102,11 +111,13 @@ jobs:
     - name: restore_gosum
       run: echo "${{needs.gomod.outputs.gosum}}" > go.sum
     - run: make build BIN=${{ matrix.bin }} GOBORING=true
+
   docs:
     runs-on: ubuntu-20.04
     steps:
     - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
     - run: make docs
+
   release:
     runs-on: ubuntu-20.04
     needs: [lint, test, build, docs]
@@ -127,6 +138,7 @@ jobs:
     - run: docker builder prune -af
     - run: make release-snapshot
     - run: COMMIT_SHA=${{ github.sha }} ./build/push_images.sh
+
   image_tags:
     runs-on: ubuntu-latest
     outputs:
@@ -139,6 +151,7 @@ jobs:
       run: |
         echo "tag_short=short-commit-${COMMIT_SHA::12}" >> $GITHUB_OUTPUT
         echo "tag_long=commit-${COMMIT_SHA}" >> $GITHUB_OUTPUT
+
   release_example_docker_images:
     needs: [release, image_tags]
     permissions:
diff --git a/README.md b/README.md
index 0afd9af37c..3f1c5035bb 100644
--- a/README.md
+++ b/README.md
@@ -8,6 +8,8 @@
 [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/8699/badge)](https://www.bestpractices.dev/projects/8699)
 [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/kanisterio/kanister/badge)](https://securityscorecards.dev/viewer/?uri=github.com/kanisterio/kanister)
 
+[![FOSSA Status](https://app.fossa.com/api/projects/custom%2B48163%2Fgithub.com%2Fkanisterio%2Fkanister.svg?type=shield&issueType=license)](https://app.fossa.com/projects/custom%2B48163%2Fgithub.com%2Fkanisterio%2Fkanister?ref=badge_shield&issueType=license)
+
 Kanister is a data protection workflow management tool. It provides a set of
 cohesive APIs for defining and curating data operations by abstracting away
 tedious details around executing data operations on Kubernetes. It's extensible